Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id F209D305 for ; Tue, 28 Jun 2016 07:19:10 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 1F8A7116 for ; Tue, 28 Jun 2016 07:19:10 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id 0C67D2E604A5; Tue, 28 Jun 2016 09:19:08 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch [87.102.140.182]) by server3 (Postfix) with ESMTPSA id 48DC32D001D2; Tue, 28 Jun 2016 09:19:08 +0200 (CEST) To: Rusty Russell References: <87h9cecad5.fsf@rustcorp.com.au> From: Jonas Schnelli Message-ID: <577224E8.6070307@jonasschnelli.ch> Date: Tue, 28 Jun 2016 09:19:04 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <87h9cecad5.fsf@rustcorp.com.au> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8" Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 07:19:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8 Content-Type: multipart/mixed; boundary="C840gQ8BSQ30Wi571SquJdWFHbWuameQp" From: Jonas Schnelli To: Rusty Russell Cc: bitcoin-dev@lists.linuxfoundation.org Message-ID: <577224E8.6070307@jonasschnelli.ch> Subject: Re: BIP 151 use of HMAC_SHA512 References: <87h9cecad5.fsf@rustcorp.com.au> In-Reply-To: <87h9cecad5.fsf@rustcorp.com.au> --C840gQ8BSQ30Wi571SquJdWFHbWuameQp Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable > To quote: >=20 >> HMAC_SHA512(key=3Decdh_secret|cipher-type,msg=3D"encryption key"). >> >> K_1 must be the left 32bytes of the HMAC_SHA512 hash. >> K_2 must be the right 32bytes of the HMAC_SHA512 hash. >=20 > This seems a weak reason to introduce SHA512 to the mix. Can we just > make: >=20 > K_1 =3D HMAC_SHA256(key=3Decdh_secret|cipher-type,msg=3D"header encrypt= ion key") > K_2 =3D HMAC_SHA256(key=3Decdh_secret|cipher-type,msg=3D"body encryptio= n key") SHA512_HMAC is used by BIP32 [1] and I guess most clients will somehow make use of bip32 features. I though a single SHA512_HMAC operation is cheaper and simpler then two SHA256_HMAC. AFAIK, sha256_hmac is also not used by the current p2p & consensus layer.= Bitcoin-Core uses it for HTTP RPC auth and Tor control. I don't see big pros/cons for SHA512_HMAC over SHA256_HMAC. [1] https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-= derivation-ckd-functions --C840gQ8BSQ30Wi571SquJdWFHbWuameQp-- --afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXciToAAoJECnUvLZBb1Ps+MUP/0oh1pAotMh+sP6d19yD2XRO 9NWDWOpJ01k++JI3D0FhIVYAXaUFJxuvstbOCgZaGihAs5kKTRY4Ua9HhjEafcC+ MrtuHetConzTldpVidoGmPNC9ccIe66Y0W0n+LfYPBqkEG/Tk8UdePraohNqC3oj VbCLD4POwtwtlpFM40kI0q8N9rE0flHAb3QRmFwQc4AOLHsQqvjnIQCNS8ppPAE4 cSbrLbHV14f3GFtoPR8Iu2RthEjz6qxU0ZuJ2kQ8W2LZqlFiPW7z/PgsOjB8km1F YWfcXJbadj24fUhwLq1fWTdUXqD+Dt4/gB5E9kzgvn2gqsiKGRL63lgr/FjIBz+s BTYg2HAf3KScytUdCqNL45frePyEG4VCPO7VJ7KT2Bdyts3q0FrLm9Dfp/1KAD/R SLmmHub39TnKQ4rARHZYiZRKNUgNSJL0ze/msgtXyIzWLwZScWbiojK03NP8IsVt goHRd3gQtEwBWdOND9djMJ0lb18CBlgRkGFkuYug8ndw+naEy5fWRh3a8cCAIsip /R++iyy5iG0H86Oj6mFdjCvBZMym/fZJotKKb1ASdNMX8TPttGDyhN3faNOlWv8u a+5hJypG53NBG81YabdeKY9SLIxnQ4vAXMwIcHJyPIkrbeEqc1Lw/kbB7MDqxzyU g0BxB6SB/YXQq5Tmt8zY =exZI -----END PGP SIGNATURE----- --afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8--