[noise] hkdf branch with arbitrary-length keyed hashing functions
Jason A. Donenfeld
Jason at zx2c4.com
Mon Oct 12 11:17:08 PDT 2015
Hi,
Here's a more general question about using blake2b with noise than my
previous email.
Functions like blake2b(key, data) can produce an arbitrary length
output: blake2b(key, data, size). So, I find it appealing to replace:
HKDF(chaining_key, data):
temp_key = HMAC-HASH(chaining_key, data)
output1 = HMAC-HASH(temp_key, 0x01)
output2 = HMAC-HASH(temp_key, output1 || 0x02)
return (output1, output2)
With:
Blake2b-KDF(chaining_key, data):
key_material = Blake2b(chaining_key, data, 64 bytes)
return (key_material[0:31], key_material[32:63])
Any objections or security considerations with regards to this?
Thanks,
Jason
More information about the Noise
mailing list