IETF Logo Mail Archive

[Cfrg] Re: [saag] KDF: Randomness extraction vs. key expansion

Bill Sommerfeld <sommerfeld@sun.com> Fri, 28 October 2005 20:58 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EVbJI-0004qq-Cv; Fri, 28 Oct 2005 16:58:48 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EVbJF-0004qf-MD for cfrg@megatron.ietf.org; Fri, 28 Oct 2005 16:58:46 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA19320 for <cfrg@ietf.org>; Fri, 28 Oct 2005 16:58:29 -0400 (EDT)
Received: from brmea-mail-4.sun.com ([192.18.98.36]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EVbWq-0004wm-ER for cfrg@ietf.org; Fri, 28 Oct 2005 17:12:51 -0400
Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id j9SKwfD7003359; Fri, 28 Oct 2005 14:58:41 -0600 (MDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id j9SKwdWa000028; Fri, 28 Oct 2005 16:58:40 -0400 (EDT)
Received: from 127.0.0.1 (localhost [127.0.0.1]) by thunk.east.sun.com (8.13.4+Sun/8.13.4) with ESMTP id j9SKwdRo007967; Fri, 28 Oct 2005 16:58:39 -0400 (EDT)
From: Bill Sommerfeld <sommerfeld@sun.com>
To: canetti <canetti@watson.ibm.com>
In-Reply-To: <Pine.A41.4.58.0510281538050.38438@prf.watson.ibm.com>
References: <Pine.A41.4.58.0510281538050.38438@prf.watson.ibm.com>
Content-Type: text/plain
Message-Id: <1130533119.7684.133.camel@thunk>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6.323
Date: Fri, 28 Oct 2005 16:58:39 -0400
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Content-Transfer-Encoding: 7bit
Cc: saag@mit.edu, cfrg@ietf.org
Subject: [Cfrg] Re: [saag] KDF: Randomness extraction vs. key expansion
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Sender: cfrg-bounces@ietf.org
Errors-To: cfrg-bounces@ietf.org

On Fri, 2005-10-28 at 15:48, canetti wrote:
> * Randomness extraction: taking an input with "high computational entropy"
> and generating from it a pseudorandom value.
> 
> * Key expansion: taking a short pseudorandom value and extending it to a
> longer pseudorandom value, here the output length is variable anddepends
> on the application.

Some plumbing-level questions:

you suggested that random nonces should go into the first stage.  would
non-random context/identity inputs go there, too?

and: would it ever be appropriate to use multiple stages of key
expansion?

for instance:

[diffie-hellman] -> [randomness extraction] -> [key expansion] -> (A, B,
C)

A -> [key expansion] -> (A1, A2, A3)
B -> [key expansion] -> (B1, B2, B3)
C -> [key expansion] -> (C1, C2, C3)

					- Bill







_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email