[noise] hkdf branch with arbitrary-length keyed hashing functions

Jason A. Donenfeld Jason at zx2c4.com
Tue Oct 13 03:30:05 PDT 2015


On Tue, Oct 13, 2015 at 5:51 AM, Trevor Perrin <trevp at trevp.net> wrote:
> The HKDF paper analyzes HKDF as an entropy extractor (and also a PRF).
> The Blake2 paper only claims the keyed version is a PRF.

That's a bummer. Oh well.

I wrote the designer of BLAKE2 an email (and CC'd the noise list)
asking if there were any recent papers or arguments or whatnot that
might indicate it can be used as an entropy extractor. I might be too
wishful though.


More information about the Noise mailing list