[noise] Analysis of Noise KDF

Jason A. Donenfeld Jason at zx2c4.com
Fri Apr 29 13:47:27 PDT 2016

On Fri, Apr 29, 2016 at 2:29 AM, Trevor Perrin <trevp at trevp.net> wrote:
> Your proposal reduces the amount of hashing applied to inputs.  So the
> current design has more security margin, if the hash turns out to be
> bad.

This isn't super compelling. It's like saying -- let's apply AES four
times, in case it turns out to be bad. The primitive designers have
hopefully already left a reasonable margin in case a few rounds are broken.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160429/04e92b2e/attachment.html>

More information about the Noise mailing list