Change search
ReferencesLink to record
Permanent link

Direct link
Randomness extraction and key derivation using the CBC, Cascade and HMAC Modes
KTH, Superseded Departments, Numerical Analysis and Computer Science, NADA.ORCID iD: 0000-0002-5379-345X
Show others and affiliations
2004 (English)In: ADVANCES IN CRYPTOLOGY - CRYPTO 2004, PROCEEDINGS / [ed] Franklin, M, 2004, 494-510 p.Conference paper (Refereed)
Abstract [en]

We study the suitability of common pseudorandomness modes associated with cryptographic hash functions and block ciphers (CBC-MAC, Cascade and HMAC) for the task of "randomness extraction", namely, the derivation of keying material from semi-secret and/or semi-random sources. Important applications for such extractors include the derivation of strong cryptographic keys from non-uniform sources of randomness (for example, to extract a seed for a pseudorandom generator from a weak source of physical or digital noise), and the derivation of pseudorandom keys from a Diffie-Hellman value. Extractors are closely related in their applications to pseudorandom functions and thus it is attractive to (re)use the common pseudorandom modes as randomness extractors. Yet, the crucial difference between pseudorandom generation and randomness extraction is that the former uses random secret keys while the latter uses random but known keys. We show that under a variety of assumptions on the underlying primitives (block ciphers and compression functions), ranging from ideal randomness assumptions to realistic universal-hashing properties, these modes induce good extractors. Hence, these schemes represent a more practical alternative to combinatorial extractors (that are seldom used in practice), and a better-analyzed alternative to the common practice of using SHA-1 or MD5 (as a single un-keyed function) for randomness extraction. In particular, our results serve to validate the method of key extraction and key derivation from Diffie-Hellman values used in the IKE (IPsec's Key Exchange) protocol.

Place, publisher, year, edition, pages
2004. 494-510 p.
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 3152
National Category
Computer and Information Science
URN: urn:nbn:se:kth:diva-62997ISI: 000223568800030ScopusID: 2-s2.0-35048839833OAI: diva2:481477
24th Annual International Cryptology Conference. Santa Barbara, CA. AUG 15-19, 2004
QC 20120125Available from: 2012-01-21 Created: 2012-01-21 Last updated: 2012-01-25Bibliographically approved

Open Access in DiVA

No full text


Search in DiVA

By author/editor
Håstad, Johan
By organisation
Numerical Analysis and Computer Science, NADA
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 40 hits
ReferencesLink to record
Permanent link

Direct link