[noise] New draft: "916" branch
Jason A. Donenfeld
Jason at zx2c4.com
Mon Sep 21 10:09:18 PDT 2015
On Mon, Sep 21, 2015 at 9:32 AM, Trevor Perrin <trevp at trevp.net> wrote:
>
> * The first MixKey() step just does k = HASH(data), instead of k =
> KDF(GETKEY(k, n), data). That saves a KDF call and 3-4 SHA256
> compression functions in typical usage.
>
"data" here is a DH calculation I believe. Is it safe to pass this simply
to HASH()? I thought that Hugo's HKDF and related KDF functions were
specifically designed to "stretch" non-uniform DH outputs, and a simple
HASH is unsuitable for this. What's the idea here?
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150921/209ae446/attachment.html>
More information about the Noise
mailing list