1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id F209D305
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 07:19:10 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 1F8A7116
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 28 Jun 2016 07:19:10 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
id 0C67D2E604A5; Tue, 28 Jun 2016 09:19:08 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch
[87.102.140.182]) by server3 (Postfix) with ESMTPSA id 48DC32D001D2;
Tue, 28 Jun 2016 09:19:08 +0200 (CEST)
To: Rusty Russell <rusty@rustcorp.com.au>
References: <87h9cecad5.fsf@rustcorp.com.au>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <577224E8.6070307@jonasschnelli.ch>
Date: Tue, 28 Jun 2016 09:19:04 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <87h9cecad5.fsf@rustcorp.com.au>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8"
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 07:19:11 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8
Content-Type: multipart/mixed; boundary="C840gQ8BSQ30Wi571SquJdWFHbWuameQp"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: bitcoin-dev@lists.linuxfoundation.org
Message-ID: <577224E8.6070307@jonasschnelli.ch>
Subject: Re: BIP 151 use of HMAC_SHA512
References: <87h9cecad5.fsf@rustcorp.com.au>
In-Reply-To: <87h9cecad5.fsf@rustcorp.com.au>
--C840gQ8BSQ30Wi571SquJdWFHbWuameQp
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: quoted-printable
> To quote:
>=20
>> HMAC_SHA512(key=3Decdh_secret|cipher-type,msg=3D"encryption key").
>>
>> K_1 must be the left 32bytes of the HMAC_SHA512 hash.
>> K_2 must be the right 32bytes of the HMAC_SHA512 hash.
>=20
> This seems a weak reason to introduce SHA512 to the mix. Can we just
> make:
>=20
> K_1 =3D HMAC_SHA256(key=3Decdh_secret|cipher-type,msg=3D"header encrypt=
ion key")
> K_2 =3D HMAC_SHA256(key=3Decdh_secret|cipher-type,msg=3D"body encryptio=
n key")
SHA512_HMAC is used by BIP32 [1] and I guess most clients will somehow
make use of bip32 features. I though a single SHA512_HMAC operation is
cheaper and simpler then two SHA256_HMAC.
AFAIK, sha256_hmac is also not used by the current p2p & consensus layer.=
Bitcoin-Core uses it for HTTP RPC auth and Tor control.
I don't see big pros/cons for SHA512_HMAC over SHA256_HMAC.
</jonas>
[1]
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-=
derivation-ckd-functions
--C840gQ8BSQ30Wi571SquJdWFHbWuameQp--
--afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXciToAAoJECnUvLZBb1Ps+MUP/0oh1pAotMh+sP6d19yD2XRO
9NWDWOpJ01k++JI3D0FhIVYAXaUFJxuvstbOCgZaGihAs5kKTRY4Ua9HhjEafcC+
MrtuHetConzTldpVidoGmPNC9ccIe66Y0W0n+LfYPBqkEG/Tk8UdePraohNqC3oj
VbCLD4POwtwtlpFM40kI0q8N9rE0flHAb3QRmFwQc4AOLHsQqvjnIQCNS8ppPAE4
cSbrLbHV14f3GFtoPR8Iu2RthEjz6qxU0ZuJ2kQ8W2LZqlFiPW7z/PgsOjB8km1F
YWfcXJbadj24fUhwLq1fWTdUXqD+Dt4/gB5E9kzgvn2gqsiKGRL63lgr/FjIBz+s
BTYg2HAf3KScytUdCqNL45frePyEG4VCPO7VJ7KT2Bdyts3q0FrLm9Dfp/1KAD/R
SLmmHub39TnKQ4rARHZYiZRKNUgNSJL0ze/msgtXyIzWLwZScWbiojK03NP8IsVt
goHRd3gQtEwBWdOND9djMJ0lb18CBlgRkGFkuYug8ndw+naEy5fWRh3a8cCAIsip
/R++iyy5iG0H86Oj6mFdjCvBZMym/fZJotKKb1ASdNMX8TPttGDyhN3faNOlWv8u
a+5hJypG53NBG81YabdeKY9SLIxnQ4vAXMwIcHJyPIkrbeEqc1Lw/kbB7MDqxzyU
g0BxB6SB/YXQq5Tmt8zY
=exZI
-----END PGP SIGNATURE-----
--afCFP9MPD2TJpw7HwONwhjbUC4IEiNma8--
|
