summaryrefslogtreecommitdiff
path: root/6e/a2967c4b34b3195709fc50f67a7fe5f919dd3e
blob: 6a4a61fc16287334297685b4c02cdd1751bc495e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id E1B8071
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 29 Jun 2016 18:34:13 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 5D4DD248
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 29 Jun 2016 18:34:13 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
	id 2CDD42E60569; Wed, 29 Jun 2016 20:34:12 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
	autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch
	[87.102.140.182]) by server3 (Postfix) with ESMTPSA id DCA352D0028C;
	Wed, 29 Jun 2016 20:34:10 +0200 (CEST)
To: Arthur Chen <arthur.chen@btcc.com>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
	<577224E8.6070307@jonasschnelli.ch>
	<CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <5774149E.1010105@jonasschnelli.ch>
Date: Wed, 29 Jun 2016 20:34:06 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
	Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS"
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 18:34:14 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS
Content-Type: multipart/mixed; boundary="vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Arthur Chen <arthur.chen@btcc.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <5774149E.1010105@jonasschnelli.ch>
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
References: <87h9cecad5.fsf@rustcorp.com.au>
 <577224E8.6070307@jonasschnelli.ch>
 <CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>
In-Reply-To: <CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>

--vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

> Based on previous crypto analysis result, the actual security of SHA512=

> is not significantly higher than SHA256.
> maybe we should consider SHA3?

As far as I know the security of the symmetric cipher key mainly depends
on the PRNG and the ECDH scheme.

The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secret.=

HMAC_SHA256 would be sufficient but I have specified SHA512 to allow to
directly derive 512bits which allows to have two 256bit keys with one
HMAC operation (same pattern is used in BIP for the key/chaincode
derivation).

Keccak would be an alternative but we probably don't want to introduce
another new hash type just for the encryption.

</jonas>


--vjH9fKh9MPgk1HRa5udCh3dTVE1cRwCsl--

--a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXdBSfAAoJECnUvLZBb1PsAGMP/04UlSZ5gXNzTYNAy4B5WDcw
W1mnlg5PTn+B+vQVcpVj67kwyPfQnMueSp/SqB//8wpRPFE74AL/F4OdZiWfjUc+
a/omUIA/B82JGq+a7yiZVidlEGnS1Tf6eRNaOI00rEykDH0oShUEBbJh+wv8Z1AJ
zfE1Bubcfzr+8eK4GkUAlExqdQXuoQ851E19z/EP1icZXrt7ykcaCmdQQdEIE//+
YRb7AAofcI/Ux6xaubNtMbzoBIt+z0TMvqn4PPBmrb1bHDTozxqd/ufeRAG+W0i/
6BDRJ9kq6fz4DWK3Zf88jyCq4NALy7Nmalh0Cyzb+fNK8KHm8H/c6S8xjtGMf8kb
kAIfYTgqISKjs6D8PN4FWGk8W1NxgILayfaBGTUORKd5B0PagQfuKP8tZe/MOOG7
3LBoSUVTzoduztSjKnnkrnhlpaUcFJMhKjWRYw3lgscs9SolajeJ2l3JYyhBbHOg
eb+q5RPdT4+fCCobdWyLqLGVJE/sVICmAne0ULsU/cXz0KPA+xc9qiUtU/O0W/r4
qmXdAoK1ftIlWV7W0BAu6sEQREqnt8qevflLv0QL9d1fXldIef7uuCcIVQTvtTzz
bXcvfAaeiSTJievxqBfrlwd7UdDM/mmLZqHFtbVmJfd6JdSUR4ZGKafwha662fkM
VeE76DV0tHpcC/iGNZ9N
=KIie
-----END PGP SIGNATURE-----

--a6squ2q0XH40soRAvOWm1k3bRQ6OpASAS--