mirror of https://github.com/zcash/zips.git
Add note about the 256-bit key for AEAD_CHACHA20_POLY1305.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
1e69529de3
commit
f1e7a06818
|
@ -3370,6 +3370,16 @@ KDF to a given recipient key and seed. It is necessary to adapt the
|
|||
``HDH independence'' assumptions and the proof slightly to take into account
|
||||
that the ephemeral key is reused for two encryptions.
|
||||
|
||||
Note that the 256-bit key for $\SymSpecific$ maintains a high concrete security
|
||||
level even under attacks using parallel hardware \cite{Bern2005} in the multi-user
|
||||
setting \cite{Zave2012}. This is especially necessary because the privacy of
|
||||
\Zcash transactions may need to be maintained far into the future, and upgrading
|
||||
the encryption algorithm would not prevent a future adversary from attempting
|
||||
to decrypt ciphertexts encrypted before the upgrade. Other cryptovalues that
|
||||
could be attacked to break the privacy of transactions are also sufficiently long
|
||||
to resist parallel brute force in the multi-user setting: $\AuthPrivate$ is 252 bits,
|
||||
and $\TransmitPrivate$ is no shorter than $\AuthPrivate$.
|
||||
|
||||
|
||||
\nsubsection{Omission in \Zerocash security proof} \label{crprf}
|
||||
|
||||
|
@ -3468,6 +3478,12 @@ The errors in the proof of Ledger Indistinguishability mentioned in
|
|||
|
||||
\nsection{Change history}
|
||||
|
||||
\subparagraph{2016.0-beta-1.6}
|
||||
|
||||
\begin{itemize}
|
||||
\item Add a paragraph about key length in \crossref{inbandrationale}.
|
||||
\end{itemize}
|
||||
|
||||
\subparagraph{2016.0-beta-1.5}
|
||||
|
||||
\begin{itemize}
|
||||
|
|
|
@ -101,6 +101,25 @@ Lecture Notes in Computer Science; Springer, 2013.},
|
|||
addendum={Document ID: a1a62a2f76d23f65d622484ddd09caf8.}
|
||||
}
|
||||
|
||||
@misc{Zave2012,
|
||||
author={Gregory M. Zaverucha},
|
||||
title={Hybrid {E}ncryption in the {M}ulti-{U}ser {S}etting},
|
||||
url={https://eprint.iacr.org/2012/159},
|
||||
urldate={2016-09-24},
|
||||
howpublished={Cryptology ePrint Archive: Report 2012/159.
|
||||
Received \mbox{March 20,} 2012.}
|
||||
}
|
||||
|
||||
@inproceedings{Bern2005,
|
||||
author={Daniel Bernstein},
|
||||
title={Understanding brute force},
|
||||
date={2005-04-25},
|
||||
booktitle={ECRYPT STVL Workshop on Symmetric Key Encryption, eSTREAM report 2005/036},
|
||||
url={https://cr.yp.to/papers.html#bruteforce},
|
||||
urldate={2016-09-24},
|
||||
addendum={Document ID: 73e92f5b71793b498288efe81fe55dee.}
|
||||
}
|
||||
|
||||
@book{Unicode,
|
||||
author={The Unicode Consortium},
|
||||
publisher={The Unicode Consortium},
|
||||
|
|
Loading…
Reference in New Issue