📅 Original date posted:2016-07-01
📝 Original message:I haven't been able to find the beginning of this thread, so apologies
if I've misunderstood what this is for, but it _sounds_ like we're
re-inventing HKDF.
I'd recommend reading the paper about HKDF. It stands out among crypto
papers for having a nice clear justification for each of its design
decisions, so you can see why they did it (very slightly) differently
than the various constructions proposed up-thread.
https://eprint.iacr.org/2010/264
Also, of course, it is a great idea to re-use a standard
(https://tools.ietf.org/html/rfc5869) and widely-understood crypto
algorithm to reduce risk of both cryptographer errors and implementor
errors.
Of course, the cost of that is the you sometimes end up computing
something that is a tiny bit more complicated or inefficient than a
custom algorithm for our current use case. IMHO that's a cheap price
to pay.
Regards,
Zooko
Zooko Wilcox [ARCHIVE] /
npub1dq…acgwk
2023-06-07 17:51:51
in reply to nevent1q…k79s
Author Public Key
npub1dqgfv2sy9yfxp5s20h5uvw7f9gdm8lgtr8payuey4qxxn4hjsv7q5acgwkPublished at
2023-06-07 17:51:51Event JSON
{
"id": "f67aa4f18bbb3ff15ab1d3f63c7a390b555d73c02bf5560bf9478ac39e83caa4",
"pubkey": "6810962a04291260d20a7de9c63bc92a1bb3fd0b19c3d27324a80c69d6f2833c",
"created_at": 1686160311,
"kind": 1,
"tags": [
[
"e",
"5411372fddc2b2fd8c71c0e9a789082671451a41708cb3a5a829137d1dd19754",
"",
"root"
],
[
"e",
"1849cda7f53e729491a1bdac8f24072d89014d281827bc72b531ca66f16d0676",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "📅 Original date posted:2016-07-01\n📝 Original message:I haven't been able to find the beginning of this thread, so apologies\nif I've misunderstood what this is for, but it _sounds_ like we're\nre-inventing HKDF.\n\nI'd recommend reading the paper about HKDF. It stands out among crypto\npapers for having a nice clear justification for each of its design\ndecisions, so you can see why they did it (very slightly) differently\nthan the various constructions proposed up-thread.\n\nhttps://eprint.iacr.org/2010/264\n\nAlso, of course, it is a great idea to re-use a standard\n(https://tools.ietf.org/html/rfc5869) and widely-understood crypto\nalgorithm to reduce risk of both cryptographer errors and implementor\nerrors.\n\nOf course, the cost of that is the you sometimes end up computing\nsomething that is a tiny bit more complicated or inefficient than a\ncustom algorithm for our current use case. IMHO that's a cheap price\nto pay.\n\nRegards,\n\nZooko",
"sig": "ca0b342a154a132e118362b1bd7122bd539ebcd604d1b475a4eb1c6bcbe7e310e53770ee145a2eccc7a7be4ee58dc27329fb47a4c6b22d434fda1e2b684981f3"
}