[bitcoin-dev] BIP 151 use of HMAC_SHA512
Jonas Schnelli
dev at jonasschnelli.ch
Wed Jun 29 18:34:06 UTC 2016
> Based on previous crypto analysis result, the actual security of SHA512
> is not significantly higher than SHA256.
> maybe we should consider SHA3?
As far as I know the security of the symmetric cipher key mainly depends
on the PRNG and the ECDH scheme.
The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secret.
HMAC_SHA256 would be sufficient but I have specified SHA512 to allow to
directly derive 512bits which allows to have two 256bit keys with one
HMAC operation (same pattern is used in BIP for the key/chaincode
derivation).
Keccak would be an alternative but we probably don't want to introduce
another new hash type just for the encryption.
</jonas>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160629/3c5c25c5/attachment.sig>
More information about the bitcoin-dev
mailing list