1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 0301D279
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jun 2016 20:31:57 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 57DD21C6
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jun 2016 20:31:56 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
id 7AF0A2E605D9; Wed, 29 Jun 2016 22:31:55 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch
[87.102.140.182]) by server3 (Postfix) with ESMTPSA id 28F8B2D000CB;
Wed, 29 Jun 2016 22:31:54 +0200 (CEST)
To: Peter Todd <pete@petertodd.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <87h9cecad5.fsf@rustcorp.com.au>
<577224E8.6070307@jonasschnelli.ch>
<CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>
<5774149E.1010105@jonasschnelli.ch>
<20160629201317.GA4855@fedora-21-dvm>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <57743036.5040304@jonasschnelli.ch>
Date: Wed, 29 Jun 2016 22:31:50 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <20160629201317.GA4855@fedora-21-dvm>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="4Ge7FsNuKwwxbsHsnVf2QcVuukDpGOsgI"
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 20:31:57 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4Ge7FsNuKwwxbsHsnVf2QcVuukDpGOsgI
Content-Type: multipart/mixed; boundary="LLVHJxermdiLgmLif0lm1KwfU2DChTtc0"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Peter Todd <pete@petertodd.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Cc: Arthur Chen <arthur.chen@btcc.com>
Message-ID: <57743036.5040304@jonasschnelli.ch>
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
References: <87h9cecad5.fsf@rustcorp.com.au>
<577224E8.6070307@jonasschnelli.ch>
<CAP+0UNKqDknS-w6QyCJ0_ra71YfsDDtSdSBYoguUicW2oNMLvQ@mail.gmail.com>
<5774149E.1010105@jonasschnelli.ch> <20160629201317.GA4855@fedora-21-dvm>
In-Reply-To: <20160629201317.GA4855@fedora-21-dvm>
--LLVHJxermdiLgmLif0lm1KwfU2DChTtc0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
> On Wed, Jun 29, 2016 at 08:34:06PM +0200, Jonas Schnelli via bitcoin-de=
v wrote:
>>> Based on previous crypto analysis result, the actual security of SHA5=
12
>>> is not significantly higher than SHA256.
>>> maybe we should consider SHA3?
>>
>> As far as I know the security of the symmetric cipher key mainly depen=
ds
>> on the PRNG and the ECDH scheme.
>>
>> The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secr=
et.
>> HMAC_SHA256 would be sufficient but I have specified SHA512 to allow t=
o
>> directly derive 512bits which allows to have two 256bit keys with one
>> HMAC operation (same pattern is used in BIP for the key/chaincode
>> derivation).
>=20
> What's the rational for doing that "directly" rather than with two SHA2=
56
> operations? (specifcially SHA256(0 . thing), SHA256(1 + thing) for the =
two
> parts we need to derive)
SHA256 and SHA512 are both from the SHA-2 family.
I have specified SHA512 to (slightly) increase the brute-force security
of the ecdh shared secret when knowing K_1 and K_2.
And I assumed (haven't measured the required cpu cycles) that a single
SHA512_HMAC is less expensive then two SHA256_HMAC.
</jonas>
--LLVHJxermdiLgmLif0lm1KwfU2DChTtc0--
--4Ge7FsNuKwwxbsHsnVf2QcVuukDpGOsgI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXdDA2AAoJECnUvLZBb1Psq4oQAKmYJzm342SAUxvSk9zVA2Ax
yl90AHoizzj2tvu3Msepnq0BxS8kLPQyESyR9FeAzxxi6toWiYFjcta/8orPCYIx
GLGkmuqMg9ceSmZxBO+sU/wOUT1mps/7xv0Vr+/zUn/s22SbkwCQRIpkECu/H8O9
Cr50TmuxRvmMIEd1chSa8GbTlU3NqcnPc4S7QhB6z2i+ttN7Vl/70BAvTz7EAgE6
WVZMZ0/D2c6UYhvv6sZtAGAVZ/A/SWZadFGOFx7Jc6D1QdGzNDNyadRUD4ffTy9E
MsKh6DHmiOdrJOuSmO+Bpe+VdxZ2FdezrGFvveX5AWbjVG7cbvUx2BxlZ30HbUSB
9/2GNZP2GcfKn6Idzh/omBLr3Z+IdB/H7EDDCbDVZRI2SHgHNULROO8ONdngLIoC
1E1/BKbpE7MwqUD3Jsj/Ao1jio8s3PIObkXzCbBwQ8AgozfOYizjXy3EeQpdXIF9
aARU7sM2TIGsutkAkpF4gxuDef7Y68mnmdsGGjViEMIHSLa0/NhsC/e9Zp7ZPRED
nwY0PrrXYdb2q9+N4kc8g58fdcGwMy5V7ohI4PCsouBO/2p3XzXzof00V8pyJ0U8
qvuOwKftLLbw5hejDZh4IWIIBandZBqXVSZBYdBdT0I5MZ0KtFb/GxYpDVgPY4vN
pOiqxmBLpZpuQ2kUehqH
=W+lE
-----END PGP SIGNATURE-----
--4Ge7FsNuKwwxbsHsnVf2QcVuukDpGOsgI--
|
