Abstract
Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–.
In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of \(\mathbb{Z}^{*}_{p}\) where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)
Barak, B., Halevi, S.: An architecture for robust pseudo-random generation and applications to /dev/random. In: Proc. of ACM CCS. ACM, New York (2005)
Barak, B., Shaltiel, R., Tromer, E.: True Random Number Generators Secure in a Changing Environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In: Proc. of the Symposium on Security and Privacy, pp. 72–84. IEEE, Los Alamitos (1992)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Rogaway, P.: Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS, pp. 62–73. ACM Press, New York (1993)
Möller, B.: A Public-Key Encryption Scheme with Pseudo-Random Ciphertexts. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 335–351. Springer, Heidelberg (2004)
Boyd, C., Montague, P., Nguyen, K.: Elliptic Curve Based Password Authenticated Key Exchange Protocols. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 487–501. Springer, Heidelberg (2001)
Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-Resilient Functions and All-Or-Nothing Transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)
Chevassut, O., Fouque, P.A., Gaudry, P., Pointcheval, D.: Key Derivation and Randomness Extraction. ePrint Report 2005/061, Available at: http://eprint.iacr.org/
Chevassut, O., Fouque, P.A., Gaudry, P., Pointcheval, D.: The Twist- Augmented Technique for Key Exchange. Full version available at http://, http://www.di.ens.fr/users/pointche/pub.php
Dang, Q., Polk, T.: Hash-Based Key Derivation. draft-dang-nistkdf-00.txt., Available at http://www.ietf.org/internet-drafts/
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory, IT- 22(6), 644–654 (1976)
Dodis, Y.: Exposure-Resilient Cryptography. PhD Thesis, MIT (August 2000)
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)
Dodis, Y., Sahai, A., Smith, A.: On perfect and adaptive security in exposure-resilient cryptography. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 301–324. Springer, Heidelberg (2001)
Gennaro, R., Krawczyk, H., Rabin, T.: Secure Hashed Diffie-Hellman over Non- DDH Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409 (1998)
Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom Generator from any One-Way Function. SIAM Journal of Computing 28(4), 1364–1396 (1999)
Impagliazzo, I., Levin, L., Luby, M.: Pseudo-Random Generation from One-Way Functions. In: Proc. of the 21st STOC, pp. 12–24. ACM Press, New York (1989)
Impagliazzo, I., Zuckerman, D.: How to Recycle Random Bits. In: Proc. of the 30th Annual IEEE FOCS, pp. 248–253 (1989)
Kaliski, B.: One-Way Permutations on Elliptic Curves. Journal of Cryptology 3(3), 187–199 (1991)
Kamp, J., Zuckerman, D.: Deterministic Extractors for Bit-Fixing Sources and Exposure-Resilient Cryptography. In: Proc. of the 44th Annual IEEE Symposium on Foundations of Computer Science (2003)
Kaufman, C.: The Internet Key Exchange (IKEv2) Protocol. INTERNET DRAFT draft-ietf-ipsec-ikev2-17.txt, September 23 (2004), Available at http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-17.txt
Montgomery, P.L.: An FFT Extension of the Elliptic Curve Method of Factorization. PhD thesis, University of California – Los Angeles (1992)
Santha, M., Vazirani, U.V.: Generating quasi-random sequences from semirandom sources. J. of Computer and System Sciences 63, 612–626 (1986)
Schoof, R.: Counting Points on Elliptic Curves over Finite Fields. J. Théor. Nombres Bordeaux 7, 219–254 (1995)
Shaltiel, R.: Recent developments in Extractors. Bulletin of the European Association for Theoretical Computer Science 77, 67–95 (2002), Available at: http://www.wisdom.weizmann.ac.il/~ronens/papers/survey.ps
Shoup, V.: A Proposal for an ISO Standard for Public-Key Encryption, ISO/IEC JTC 1/SC27 (December 2001)
Shoup, V.: OAEP Reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)
Shoup, V.: A Computational Introduction to Number Theory Algebra. Cambridge University Press, Cambridge (2005), Freely available at: http://www.shoup.net/ntb/
Shoup, V.: Sequences of Games: A Tool for Taming Complexity in Security Proofs (2004), Available at: http://www.shoup.net/papers/
Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106. Springer, Heidelberg (1986)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246, OpenSSL. version 0.9.7e (January 1999)
Trevisan, L., Vadhan, S.: Extracting Randomness from Samplable Distributions. In: Proc. of the 41st Annual IEEE FOCS (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chevassut, O., Fouque, PA., Gaudry, P., Pointcheval, D. (2006). The Twist-AUgmented Technique for Key Exchange. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11745853_27
Download citation
DOI: https://doi.org/10.1007/11745853_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33851-2
Online ISBN: 978-3-540-33852-9
eBook Packages: Computer ScienceComputer Science (R0)