[noise] New draft: "916" branch

Jason A. Donenfeld Jason at zx2c4.com
Mon Sep 21 10:09:18 PDT 2015


On Mon, Sep 21, 2015 at 9:32 AM, Trevor Perrin <trevp at trevp.net> wrote:
>
>  * The first MixKey() step just does k = HASH(data), instead of k =
> KDF(GETKEY(k, n), data).  That saves a KDF call and 3-4 SHA256
> compression functions in typical usage.
>

 "data" here is a DH calculation I believe. Is it safe to pass this simply
to HASH()? I thought that Hugo's HKDF and related KDF functions were
specifically designed to "stretch" non-uniform DH outputs, and a simple
HASH is unsuitable for this. What's the idea here?

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150921/209ae446/attachment.html>


More information about the Noise mailing list