RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
Computerized patient information system in a psychiatric unit: five-year experience
Journal of Medical Systems
Universal hashing and authentication codes
Designs, Codes and Cryptography
Journal of Computer and System Sciences
Extracting randomness: a survey and new constructions
Journal of Computer and System Sciences
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators
SIAM Journal on Discrete Mathematics
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Discrete Log Pseudo Random Generator
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom functions revisited: the cascade construction and its concrete security
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
A model and architecture for pseudo-random generation with applications to /dev/random
Proceedings of the 12th ACM conference on Computer and communications security
Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Stronger security proofs for RSA and rabin bits
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Simple and tight bounds for information reconciliation and privacy amplification
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Design and analysis of password-based key derivation functions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
New proofs for NMAC and HMAC: security without collision-resistance
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
The Twist-AUgmented technique for key exchange
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Leftover Hash Lemma, revisited
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
SP 800-56C. Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-56C. Recommendation for Key Derivation through Extraction-then-Expansion
Computational extractors and pseudorandomness
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
A framework for security analysis of key derivation functions
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
Lightweight user access control in energy-constrained wireless network services
UCAmI'12 Proceedings of the 6th international conference on Ubiquitous Computing and Ambient Intelligence
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Confused Johnny: when automatic encryption leads to confusion and mistakes
Proceedings of the Ninth Symposium on Usable Privacy and Security
OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
More efficient oblivious transfer and extensions for faster secure computation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Efficient and secure storage of private keys for pseudonymous vehicular communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
Authenticated key agreement in wireless networks with automated key management
Proceedings of the 6th International Conference on Security of Information and Networks
| Hi-index | 0.00 |
In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extract-then-expand approach; we present the first general and rigorous definition of KDFs and their security that we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario. Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function. (The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.)