Add a separate MAC member for the KeyGenerator

nstilt1 / crypto-on-the-edge

A WIP Rust crate for generating private keys from IDs based on an HKDF, and eliminates the need to store private keys.

Apache License 2.0

0 stars 0 forks source link

Add a separate MAC member for the KeyGenerator #5

Closed nstilt1 closed 5 months ago

nstilt1 commented 5 months ago

The performance of ID generation and validation is significantly degraded due to the HKDF being used for the HMAC. When generating a fresh key and ID, it requires at least 2 HKDF extractions, and the HKDF's hash function is likely to be very slow... especially since this library truncates the MAC. So there is no need to have a MAC with 256 bits of security when we truncate it to a few bytes.

nstilt1 commented 5 months ago

It has been changed. Key generation could be almost twice as fast now using a CMAC.