Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use HKDF-Expand instead of PRG and PRF? #96

Closed
blipp opened this issue Apr 9, 2020 · 2 comments
Closed

Use HKDF-Expand instead of PRG and PRF? #96

blipp opened this issue Apr 9, 2020 · 2 comments
Labels
protocol Questions about the protocol/cryptography

Comments

@blipp
Copy link

blipp commented Apr 9, 2020

Could PRG(PRF(SK_t, "broad…")) also be HKDF-Expand(SK_t, "broad…", n*16)? Might be simpler than PRG+PRF with AES. With SHA-256 as underlying hash functions, HKDF-Expand still gives enough output to provide 512 16-byte chunks per day, i.e. a new EphID every 2.8 min.

(this is just for completeness a copy-paste of my tweet about this)

Related issues #57, #62, #72.
@lbarman lbarman added the protocol Questions about the protocol/cryptography label Apr 9, 2020
@nadimkobeissi
Copy link

+1, I'm just using HKDF when modeling this in Verifpal/ProVerif.

@kennypaterson
Copy link
Collaborator

We considered replacing the current construction with HKDF, but did not do so for the latest version of the whitepaper because of the relative costs of running AES and HMAC-SHA-256 inside HKDF-Expand. We plan to do further benchmarking, but note also that this issue is relevant only for the first option in the whitepaper, so is not high priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
protocol Questions about the protocol/cryptography
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nadimkobeissi @blipp @lbarman @kennypaterson