Randomness extraction and key derivation using the CBC, Cascade and HMAC Modes
2004 (English)In: ADVANCES IN CRYPTOLOGY - CRYPTO 2004, PROCEEDINGS / [ed] Franklin, M, 2004, 494-510 p.Conference paper (Refereed)
We study the suitability of common pseudorandomness modes associated with cryptographic hash functions and block ciphers (CBC-MAC, Cascade and HMAC) for the task of "randomness extraction", namely, the derivation of keying material from semi-secret and/or semi-random sources. Important applications for such extractors include the derivation of strong cryptographic keys from non-uniform sources of randomness (for example, to extract a seed for a pseudorandom generator from a weak source of physical or digital noise), and the derivation of pseudorandom keys from a Diffie-Hellman value. Extractors are closely related in their applications to pseudorandom functions and thus it is attractive to (re)use the common pseudorandom modes as randomness extractors. Yet, the crucial difference between pseudorandom generation and randomness extraction is that the former uses random secret keys while the latter uses random but known keys. We show that under a variety of assumptions on the underlying primitives (block ciphers and compression functions), ranging from ideal randomness assumptions to realistic universal-hashing properties, these modes induce good extractors. Hence, these schemes represent a more practical alternative to combinatorial extractors (that are seldom used in practice), and a better-analyzed alternative to the common practice of using SHA-1 or MD5 (as a single un-keyed function) for randomness extraction. In particular, our results serve to validate the method of key extraction and key derivation from Diffie-Hellman values used in the IKE (IPsec's Key Exchange) protocol.
Place, publisher, year, edition, pages
2004. 494-510 p.
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 3152
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-62997ISI: 000223568800030ScopusID: 2-s2.0-35048839833OAI: oai:DiVA.org:kth-62997DiVA: diva2:481477
24th Annual International Cryptology Conference. Santa Barbara, CA. AUG 15-19, 2004
QC 201201252012-01-212012-01-212012-01-25Bibliographically approved