Author: Jonas Schnelli 2016-06-29 20:31:50
Published on: 2016-06-29T20:31:50+00:00
In a Bitcoin development forum, a member suggested that SHA3 should be considered over SHA512 due to previous analysis suggesting that the security of SHA512 is not significantly higher than SHA256. Another member responded that the security of the symmetric cipher key mainly depends on the PRNG and the ECDH scheme. They explained that HMAC_SHA512 will be used to drive keys from the ECDH shared secret, and that using SHA512 allows for two 256 bit keys with one HMAC operation. The original poster questioned why SHA512 was being used instead of two SHA256 operations, to which the responder explained that they assumed a single SHA512_HMAC is less expensive than two SHA256_HMAC operations, and that using SHA512 slightly increases the brute-force security of the ECDH shared secret when knowing K_1 and K_2.
Updated on: 2023-06-11T18:53:49.842156+00:00