Generating quasi-random sequences from semi-random sources
Journal of Computer and System Sciences
Pseudo-random generation from one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
An FFT extension of the elliptic curve method of factorization
An FFT extension of the elliptic curve method of factorization
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Elliptic Curve Based Password Authenticated Key Exchange Protocols
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
On Perfect and Adaptive Security in Exposure-Resilient Cryptography
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Extracting randomness from samplable distributions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Exposure-resilient cryptography
Exposure-resilient cryptography
Deterministic Extractors for Bit-Fixing Sources and Exposure-Resilient Cryptography
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
A model and architecture for pseudo-random generation with applications to /dev/random
Proceedings of the 12th ACM conference on Computer and communications security
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Exposure-resilient functions and all-or-nothing transforms
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
HMAC is a randomness extractor and applications to TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Extractors for binary elliptic curves
Designs, Codes and Cryptography
The Quadratic Extension Extractor for (Hyper)Elliptic Curves in Odd Characteristic
WAIFI '07 Proceedings of the 1st international workshop on Arithmetic of Finite Fields
Extractors for Jacobians of Binary Genus-2 Hyperelliptic Curves
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
How to Extract and Expand Randomness: A Summary and Explanation of Existing Results
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Elliptic Twin Prime Conjecture
IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
Efficient pseudorandom generators based on the DDH assumption
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Extractors for Jacobian of hyperelliptic curves of genus 2 in odd characteristic
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Space-efficient kleptography without random oracles
IH'07 Proceedings of the 9th international conference on Information hiding
Cryptographic extraction and key derivation: the HKDF scheme
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Kleptography from standard assumptions and applications
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
On e-vote integrity in the case of malicious voter computers
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Encoding-Free elgamal encryption without random oracles
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Towards a DL-based additively homomorphic encryption scheme
ISC'07 Proceedings of the 10th international conference on Information Security
Decentralized dynamic broadcast encryption
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Pseudorandom generators based on subcovers for finite groups
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called 'Twist-AUgmented' technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.