From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id C40839D for ; Fri, 1 Jul 2016 22:42:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f171.google.com (mail-qk0-f171.google.com [209.85.220.171]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 242E518B for ; Fri, 1 Jul 2016 22:42:20 +0000 (UTC) Received: by mail-qk0-f171.google.com with SMTP id a125so226656796qkc.2 for ; Fri, 01 Jul 2016 15:42:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z-cash.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KybQedfy2N4xaNeYaYHcEhyo+d1RNzBkeNJqIejUDxM=; b=WE8gC3h3hYwyWGNFaCNDGuIH+OFhKACxlG1XeGH5SLJy5P5fgfwGvxnAse0sLc7v3V MgAuS/lvWxFEsRPyXkKj0w74LcO8urhHV8lAMaNUQSDdXqOSjUcAkn5rfWQGe7H8S8dm qyxF5tysLhIdtD/yOj8hFgfumlnoAZ9rm57lBJBXJ8/mAvDiLJz/6gk2xoHHUAUftJeD fCgtHuaDTOVIggu91xwzEoltnMwmZhYx6UkhDRkZ19gvncsQnnEAFv0CYZvqsADnU6uc /rN0WyGT6fC4yFyXFdmtQWD7ZDqbMkgMBNnNzalVqR9QjbYtthWsx+o81kgBz5/ealQU 3fJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KybQedfy2N4xaNeYaYHcEhyo+d1RNzBkeNJqIejUDxM=; b=Hhp5B3NklKxT4ETefbfhGYFMwiDzq5GlH06DNkfhgPf7Qoo3dLDFyZNAZ8du5Z1fU0 Wavvk9rClLRV8N4vwipf1iVKaLRnjGr7hA/PYlExJIbCMW9tS/GYX32d/WG4vTF+JMzc xml16BY7iw7ZbvByHcu91v3Hcs4ertV9NnISo2QB2IM2asGH0GDeHf6Iu1D8rLdoqyb/ UrtZFc16Zv14WtTBfbeRmkj468vwh26CABYuLW13SHmObJ4MpP7aMAAmOnZuu7oHD0rU 748SDi1G4EqpegnNQcjBBjA1yUNWmeNH6eJSuQM267M1Y6izNc7RQ55kxpZWwczGhBKA oKlg== X-Gm-Message-State: ALyK8tIGc1H5Hjqcea5BRxJAo3R4X1XjzYVNWX2iFhQFF9VSqdcX4OIMVxcYZdqErITVifz66tTZbtjhT1r9HA== X-Received: by 10.55.104.70 with SMTP id d67mr906842qkc.60.1467412940247; Fri, 01 Jul 2016 15:42:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.45.156 with HTTP; Fri, 1 Jul 2016 15:42:19 -0700 (PDT) In-Reply-To: <87oa6iavky.fsf@rustcorp.com.au> References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au> <87oa6iavky.fsf@rustcorp.com.au> From: Zooko Wilcox Date: Fri, 1 Jul 2016 22:42:19 +0000 Message-ID: To: Rusty Russell , Bitcoin Protocol Discussion Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2016 22:42:21 -0000 I haven't been able to find the beginning of this thread, so apologies if I've misunderstood what this is for, but it _sounds_ like we're re-inventing HKDF. I'd recommend reading the paper about HKDF. It stands out among crypto papers for having a nice clear justification for each of its design decisions, so you can see why they did it (very slightly) differently than the various constructions proposed up-thread. https://eprint.iacr.org/2010/264 Also, of course, it is a great idea to re-use a standard (https://tools.ietf.org/html/rfc5869) and widely-understood crypto algorithm to reduce risk of both cryptographer errors and implementor errors. Of course, the cost of that is the you sometimes end up computing something that is a tiny bit more complicated or inefficient than a custom algorithm for our current use case. IMHO that's a cheap price to pay. Regards, Zooko