A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
On the Security of RSA Encryption in TLS
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
The Twist-AUgmented technique for key exchange
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Optimal Randomness Extraction from a Diffie-Hellman Element
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
How to Extract and Expand Randomness: A Summary and Explanation of Existing Results
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Verified Cryptographic Implementations for TLS
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Authenticated key exchange under bad randomness
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
In this paper, we study the security of a practical randomness extractor and its application in the TLS standard. Randomness extraction is the first stage of key derivation functions since the secret shared between the entities does not always come from a uniformly distributed source. More precisely, we wonder if the Hmac function, used in many standards, can be considered as a randomness extractor? We show that when the shared secret is put in the key space of the Hmac function, there are two cases to consider depending on whether the key is larger than the block-length of the hash function or not. In both cases, we provide a formal proof that the output is pseudo-random, but under different assumptions. Nevertheless, all the assumptions are related to the fact that the compression function of the underlying hash function behaves like a pseudo-random function. This analysis allows us to prove the TLS randomness extractor for Diffie-Hellman and RSA key exchange. Of independent interest, we study a computational analog to the leftover hash lemma for computational almost universal hash function families: any pseudo-random function family matches the latter definition.