[noise] BLAKE2X as KDF
Jason A. Donenfeld
Jason at zx2c4.com
Mon Dec 26 09:25:12 PST 2016
On Mon, Dec 26, 2016 at 5:52 PM, Trevor Perrin <trevp at trevp.net> wrote:
> This isn't Noise-related, but I see elsewhere in WireGuard you're
> considering replacing ChaCha20/Poly1305 with XChaCha20/Poly1305 [1].
> I think the previous bullet point also applies here: It seems easier
> to just use HMAC(key, random_nonce) to produce a fresh random key,
> instead of modifying the internals of ChaCha20/Poly1305.
In the case of XChaCha20, it's really super easy to implement. You do
a chacha round, take the first bytes and last bytes, and that's your
new key. And performance _is_ really important for my particular
use-case; the benchmarks alone justified the change.
More information about the Noise
mailing list