Published on: 2016-07-04T06:47:05+00:00
Zooko Wilcox, in a discussion on the bitcoin-dev mailing list, suggests using the well-studied open standard of HKDF (HMAC-based Extract-and-Expand Key Derivation Function) instead of re-inventing it. He emphasizes the importance of using open standards in cryptography to reduce the risk of errors. Arthur Chen agrees with this recommendation and highlights the significance of following well-studied open standards in the realm of cryptocurrency.The discussion also touches upon the use of HMAC vs SHA256 for a Message Authentication Code (MAC). It is explained that SHA256 is insecure for a MAC due to its length extension property. Even though SHA256 appends the bitlength, making it more difficult to generate a new value, it is not being used as a MAC in BIP151. Arthur Chen explains the proven security properties of HMAC, even when the underlying crypto hashing function has weaknesses. He emphasizes the importance of using HMAC for MACs rather than custom constructions.There is a debate about using SHA512_HMAC instead of SHA256_HMAC for key derivation. Jonas Schnelli suggests using SHA512_HMAC, citing its usage in BIP32 and its cost-effectiveness compared to two SHA256_HMAC operations. However, Rusty Russell argues that introducing another hash algorithm would be unnecessarily painful and questions the use of HMAC over just SHA256. The discussion concludes without clear pros and cons identified for using SHA512_HMAC over SHA256_HMAC.In another discussion, the importance of including the cipher-type in the symmetric cipher key is emphasized to avoid weak-cipher attacks. It is noted that although BIP151 currently specifies chacha20-poly1305 at openssh.com, it is possible for someone to add another symmetric cipher type after deployment which may have weaker security properties. Therefore, the inclusion of the ciphersuite-type in the key derivation HMAC is crucial to prevent potential attacks.Based on previous crypto analysis, it is stated that the security of SHA512 is not significantly higher than SHA256. There have been discussions about considering SHA3 as a potential alternative. However, there are no clear pros and cons identified for using SHA512_HMAC over SHA256_HMAC.In summary, the context revolves around the importance of using well-studied open standards in cryptography. It emphasizes the use of HKDF instead of reinventing it and the utilization of HMAC for MACs to ensure security. There are debates regarding the use of SHA512_HMAC vs SHA256_HMAC for key derivation, with different perspectives provided. The inclusion of the cipher-type in the symmetric cipher key is highlighted to avoid weak-cipher attacks. Overall, the discussions aim to enhance the security and reliability of cryptographic systems in the realm of cryptocurrency.
Updated on: 2023-08-01T18:30:51.865845+00:00