diff options
author | Matt David <matt@netki.com> | 2016-05-11 11:19:30 -0700 |
---|---|---|
committer | Matt David <matt@netki.com> | 2016-05-11 11:19:30 -0700 |
commit | e1d74be3b664798ce869bf4a9b565f96abd5c1ea (patch) | |
tree | ba11ca1fca06e7ed05287c019b0ae59333d00165 /bip-0075.mediawiki | |
parent | 3cf25a759463281a670374f1d398d58d94856c86 (diff) | |
download | bips-e1d74be3b664798ce869bf4a9b565f96abd5c1ea.tar.xz |
- Update ECDH output to use SHA512 instead of SHA256
- Specify HMAC_DRBG security strength
Diffstat (limited to 'bip-0075.mediawiki')
-rw-r--r-- | bip-0075.mediawiki | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/bip-0075.mediawiki b/bip-0075.mediawiki index b62c753..0552758 100644 --- a/bip-0075.mediawiki +++ b/bip-0075.mediawiki @@ -308,13 +308,14 @@ For the following we assume the Sender already knows the Receiver's public key, ===ECDH Point Generation and AES-256 (GCM Mode) Setup=== '''NOTE''': AES-256-GCM is used because it provides authenticated encryption facilities, thus negating the need for a separate message hash for authentication. -* Generate the '''secret point''' using [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman ECDH] using the local entity's private key and the remote entity's public key as inputs. -* Initialize [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf HMAC_DRBG] -** Use '''SHA256(secret point's X value)''' for Entropy +* Generate the '''secret point''' using [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman ECDH] using the local entity's private key and the remote entity's public key as inputs +* Initialize [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf HMAC_DRBG] +** Use '''SHA512(secret point's X value in Big-Endian bytes)''' for Entropy ** Use the given message's '''nonce''' field for Nonce * Initialize AES-256 in GCM Mode +** Initialize HMAC_DRBG with Security Strength of 256 bits ** Use HMAC_DRBG.GENERATE(32) as the Encryption Key (256 bits) ** Use HMAC_DRBG.GENERATE(12) as the Initialization Vector (IV) (96 bits) @@ -380,3 +381,4 @@ The following diagram shows a sample flow in which one mobile client is sending * [https://tools.ietf.org/html/rfc6979 RFC6979] * [https://en.bitcoin.it/wiki/Address_reuse Address Reuse] * [http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf FIPS 180-4 (Secure Hash Standard)] +* [https://github.com/bitcoin-core/secp256k1/blob/master/src/modules/ecdh/main_impl.h libsecp256k1 ECDH Implementation] |