> Based on previous crypto analysis result, the actual security of SHA512 > is not significantly higher than SHA256. > maybe we should consider SHA3?
As far as I know the security of the symmetric cipher key mainly depends on the PRNG and the ECDH scheme. The HMAC_SHA512 will be used to "drive" keys from the ECDH shared secret. HMAC_SHA256 would be sufficient but I have specified SHA512 to allow to directly derive 512bits which allows to have two 256bit keys with one HMAC operation (same pattern is used in BIP for the key/chaincode derivation). Keccak would be an alternative but we probably don't want to introduce another new hash type just for the encryption. </jonas>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
