On Thu, Feb 9, 2017 at 4:15 PM, Eric Rescorla wrote:
> I've just posted a pull request which slightly adjusts the structure of
> key derivation.
> PR#875 adds another Derive-Secret stage to the left side of the key ladder
> between each pair of HKDF-Extracts. There are two reasons for this:
>
> -
Martin Thomson wrote:
> This is a good idea.
+1
> Just to highlight this point: if we need to add a PQ key exchange,
> there is no guarantee that it will have exactly the same properties as
> the key exchange methods we have today. I expect that need to arise
> relatively soon, so that's an extr
This is a good idea.
On 10 February 2017 at 08:15, Eric Rescorla wrote:
> - Address a potential issue raised by Trevor Perrin where an attacker
> somehow forces the IKM value to match the label value for Derive-Secret,
> in which case the output of HKDF-Extract would match the derived secret.
I've just posted a pull request which slightly adjusts the structure of key
derivation.
PR#875 adds another Derive-Secret stage to the left side of the key ladder
between each pair of HKDF-Extracts. There are two reasons for this:
- Address a potential issue raised by Trevor Perrin where an attack