From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AA0C571 for ; Mon, 4 Jul 2016 01:23:18 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f65.google.com (mail-oi0-f65.google.com [209.85.218.65]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 087641A7 for ; Mon, 4 Jul 2016 01:23:15 +0000 (UTC) Received: by mail-oi0-f65.google.com with SMTP id w141so21132109oia.0 for ; Sun, 03 Jul 2016 18:23:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btcc-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kfLZKgU+ud7nYWm1oJmfkCekreeuBhNdyPFO7+xEn5Y=; b=xJl+SouXG8Ddtk+Qx+gaaoTKymC/CqnB4+G0t7ZoSGatIwSoZ0tRjz7uwDrOq2Nb+I bovzeXeT2+f3kw48qtOemW4O/V1UDOmpbM7KyTg3436Ouf1CqdLGX5zGtD1fK5t/EXYv aZ9V8IjU259GKGglXRhtW5wpnpBVTj9LUDcz+/Ur0lLq1D4YnGDDIC0P7jqm7wTDetcL 50odSe+A+R29JyodpTcFdF5S+GSrCmkOrX20je0LMsbUSPD09nnBYiPqAES4/r/PMfdm NABE+QqhGfJ+f3Ug36r/nismKT5CJWrIhCDzSW3bVdaWYu1pFIbYmJj0IiZUBbGL9r1z FV3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kfLZKgU+ud7nYWm1oJmfkCekreeuBhNdyPFO7+xEn5Y=; b=P5FVme9BKvWUcX2OplvYz6lh7Q76ga8iGM29KNasQEYrP9R6rsgVZN/9gjHldiMxgn U6eTqatbckCl4meA2cM3ztyzBTLnr5B5IjZiKK66vP815nxERh6JmPQWXcySTqgtxkDn d6N/UTWVJvc0KouiwFWLRGKP7rmNrbSK1XTrDQzddbTK7I0uZ+TEWePzzO0GPQYY7XCy qCaOBpg1FE8ig/vbH1mPw2ucE3NiPk4YZIp1Rb6QTbfobfb78FMAfZUVL23tvR84k04i dtLocsx5I3GZXogH4mg51WzTYFAlxlJrp6aUGV1bjYSERkPvGi1xkaWJMKmay+MQULhE sVrQ== X-Gm-Message-State: ALyK8tL7p8yM1ViXU72F/5IRghbBuSnXGH9bagagBJCgucrJE3O4SNsMDtweDN16q6rsHyccyj2IsJKD7zXA8ZnL X-Received: by 10.202.79.83 with SMTP id d80mr5418602oib.64.1467595395074; Sun, 03 Jul 2016 18:23:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.87.140 with HTTP; Sun, 3 Jul 2016 18:23:14 -0700 (PDT) In-Reply-To: References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au> <87oa6iavky.fsf@rustcorp.com.au> From: Arthur Chen Date: Mon, 4 Jul 2016 01:23:14 +0000 Message-ID: To: Zooko Wilcox , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=001a113d7f1432a0900536c52ecf X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2016 01:23:18 -0000 --001a113d7f1432a0900536c52ecf Content-Type: text/plain; charset=UTF-8 I strongly agree! In crypto we should always follow well-studied open standard rather than custom construction. On Fri, Jul 1, 2016 at 10:42 PM, Zooko Wilcox via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I haven't been able to find the beginning of this thread, so apologies > if I've misunderstood what this is for, but it _sounds_ like we're > re-inventing HKDF. > > I'd recommend reading the paper about HKDF. It stands out among crypto > papers for having a nice clear justification for each of its design > decisions, so you can see why they did it (very slightly) differently > than the various constructions proposed up-thread. > > https://eprint.iacr.org/2010/264 > > Also, of course, it is a great idea to re-use a standard > (https://tools.ietf.org/html/rfc5869) and widely-understood crypto > algorithm to reduce risk of both cryptographer errors and implementor > errors. > > Of course, the cost of that is the you sometimes end up computing > something that is a tiny bit more complicated or inefficient than a > custom algorithm for our current use case. IMHO that's a cheap price > to pay. > > Regards, > > Zooko > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > -- Xuesong (Arthur) Chen Senior Principle Engineer BlockChain Technologist BTCC --001a113d7f1432a0900536c52ecf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I strongly agree!
In crypto we should always= follow well-studied open standard rather than custom construction.

On Fri, Jul 1, = 2016 at 10:42 PM, Zooko Wilcox via bitcoin-dev <bitcoi= n-dev@lists.linuxfoundation.org> wrote:
I haven't been able to find the beginning of this thread,= so apologies
if I've misunderstood what this is for, but it _sounds_ like we're<= br> re-inventing HKDF.

I'd recommend reading the paper about HKDF. It stands out among crypto<= br> papers for having a nice clear justification for each of its design
decisions, so you can see why they did it (very slightly) differently
than the various constructions proposed up-thread.

https://eprint.iacr.org/2010/264

Also, of course, it is a great idea to re-use a standard
(https://tools.ietf.org/html/rfc5869) and widely-understood = crypto
algorithm to reduce risk of both cryptographer errors and implementor
errors.

Of course, the cost of that is the you sometimes end up computing
something that is a tiny bit more complicated or inefficient than a
custom algorithm for our current use case. IMHO that's a cheap price to pay.

Regards,

Zooko
___________________________________= ____________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev



--
Xu= esong (Arthur) Chen
Senior Principle Engineer
BlockChain Tech= nologist
BTCC
--001a113d7f1432a0900536c52ecf--