ECIES updated interface?

Jean-Pierre Münch Thu, 30 Jul 2015 14:06:06 -0700

Right now the ECIES definition looks as follows:

template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool 
DHAES_MODE = false>
struct ECIES
        : public DL_ES<
                DL_Keys_EC<EC>,
                DL_KeyAgreementAlgorithm_DH<typename EC::Point, 
COFACTOR_OPTION>,
                DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, 
P1363_KDF2<SHA1> >,
                DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, DHAES_MODE>,
                ECIES<EC> >
{
        static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} 
// TODO: fix this after name is standardized
};


Now this means the user is stuck with using HMAC<SHA-1> (for AE) and
P1363_KDF2<SHA1> (for KDF).
This bothers me, because the general consensus is to avoid SHA-1
whenever possible, although it may be still safe in these two applications.

Therefore I'd like to propose the following "new" definition of ECIES,
enabling the user to easily replace SHA-1 with an algorithm of their choice:

template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication, bool 
DHAES_MODE = false, class H = SHA1>
struct ECIES
        : public DL_ES<
                DL_Keys_EC<EC>,
                DL_KeyAgreementAlgorithm_DH<typename EC::Point, 
COFACTOR_OPTION>,
                DL_KeyDerivationAlgorithm_P1363<typename EC::Point, DHAES_MODE, 
P1363_KDF2<H> >,
                DL_EncryptionAlgorithm_Xor<HMAC<H>, DHAES_MODE>,
                ECIES<EC> >
{
        static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} 
// TODO: fix this after name is standardized
};

Now my questions concerning this:

 1. Should we do it?
 2. Why wasn't it done when the class was introduced into Crypto++?
 3. Should we also allow people to switch away from HMAC?
 4. Should we also allow people to switch away from P1363_KDF2 in favor
    of HKDF as soon as we have finalized the
    KeyBasedKeyDerivationFunction interface?

BR

JPM


-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

smime.p7s
Description: S/MIME Cryptographic Signature

ECIES updated interface?

Reply via email to