Author: Peter Todd 2016-06-29 20:13:17
Published on: 2016-06-29T20:13:17+00:00
In a mailing list for Bitcoin developers on June 29th, 2016, there was a discussion about using SHA512 instead of SHA256 as the HMAC (Hash-based Message Authentication Code) to "drive" keys from ECDH shared secret. The main reason for this was that using SHA512 allows for two 256-bit keys with one HMAC operation, which is used in BIP for key/chaincode derivation. However, someone asked why they couldn't just use two SHA256 operations instead and questioned reducing the number of basic cryptographic primitives needed to implement a standard.
Updated on: 2023-06-11T18:53:24.138003+00:00