I am working on a new set of crypto for HIP. This is to take advantage
of advancements and hopefully make things better in small things.
I have been looking at FIPS 202 and NIST 800-185 for the new hash and
MACing. In particular SHAKE and KMAC.
Right now, NIST only specifies b=1600 for the KECCAK function under
these, but b=800 is also possible and for SHAKE128 and KMAC128, b=400 is
also an option. I have informally heard that NIST is working on how
these smaller sponges can be used where appropriate (small things).
But let's ignore the sponge size for the moment.
In my reading of RFC 7343 and cSHAKE for 800-185, we could replace:
encode96(sha256(Context ID|Input)) where sha256 is from the OGA ID
with
cSHAKE128(Input,96,"",Context ID)
I invite others to look at 202 and 800-185 and see what I am talking
about here.
For Hierarchical HITs it changes to:
cSHAKE128(Input,64,"",Context ID)
Though where Input is only the 32 bytes of ed25519, I need to research
this more for overall strength, but 202 seems to say that it does work
well with very short inputs.
Looking for other's thoughts on this.
Bob
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec