<div dir="ltr"><div>I strongly agree!<br></div>In crypto we should always follow well-studied open standard rather than custom construction.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 1, 2016 at 10:42 PM, Zooko Wilcox via bitcoin-dev <span dir="ltr"><<a href="mailto:bitcoin-dev@lists.linuxfoundation.org" target="_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I haven't been able to find the beginning of this thread, so apologies<br>
if I've misunderstood what this is for, but it _sounds_ like we're<br>
re-inventing HKDF.<br>
<br>
I'd recommend reading the paper about HKDF. It stands out among crypto<br>
papers for having a nice clear justification for each of its design<br>
decisions, so you can see why they did it (very slightly) differently<br>
than the various constructions proposed up-thread.<br>
<br>
<a href="https://eprint.iacr.org/2010/264" rel="noreferrer" target="_blank">https://eprint.iacr.org/2010/264</a><br>
<br>
Also, of course, it is a great idea to re-use a standard<br>
(<a href="https://tools.ietf.org/html/rfc5869" rel="noreferrer" target="_blank">https://tools.ietf.org/html/rfc5869</a>) and widely-understood crypto<br>
algorithm to reduce risk of both cryptographer errors and implementor<br>
errors.<br>
<br>
Of course, the cost of that is the you sometimes end up computing<br>
something that is a tiny bit more complicated or inefficient than a<br>
custom algorithm for our current use case. IMHO that's a cheap price<br>
to pay.<br>
<br>
Regards,<br>
<br>
Zooko<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" rel="noreferrer" target="_blank">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Xuesong (Arthur) Chen<div>Senior Principle Engineer</div><div>BlockChain Technologist</div><div>BTCC</div></div></div>
</div>