Key Derivation without entropy loss
نویسنده
چکیده
In reality, perfect source of randomness is hard to find. So, for real life applications, an imperfect source X of min-entropy k is converted into usable m-bit cryptographic key for some underlying application P . If P has security δ (against some class of attackes) with uniform random m-bit key, our goal is to design a key derivation function (KDF) h that allows us to use R = h(x) as the key for P and results in comparable δ′ ≈ δ. This lower bound is known to be tight in general. In todays class we explore new areas to design KDFs with less waste for important special classes of sources of X and applications P .
منابع مشابه
On Recent Advances in Key Derivation via the Leftover Hash Lemma
Barak et al. showed how to significantly reduce the entropy loss, which is necessary in general, in the use of the Leftover Hash Lemma (LHL) to derive a secure key for many important cryptographic applications. If one wants this key to be secure against any additional short leakage, then the min-entropy of the source used with the LHL must be appropriately bigger (roughly by the length of the s...
متن کاملSecuring Systems with Scarce Entropy: LWE-Based Lossless Computational Fuzzy Extractor for the IoT
With the advent of the Internet of Things, lightweight devices necessitate secure and cost-efficient key storage. Since traditional secure storage is expensive, the valuable entropy could originate from noisy sources, for which fuzzy extractors allow strong key derivation. While providing information-theoretic security, fuzzy extractors require large amount of input entropy to account for entro...
متن کاملLeftover Hash Lemma, Revisited
The famous Leftover Hash Lemma (LHL) states that (almost) universal hash functions are good randomness extractors. Despite its numerous applications, LHL-based extractors suffer from the following two limitations: – Large Entropy Loss: to extract v bits from distribution X of minentropy m which are ε-close to uniform, one must set v ≤ m − 2 log (1/ε), meaning that the entropy loss L def = m − v...
متن کاملKey Derivation without Entropy Waste
We revisit the classical question of converting an imperfect source X of min-entropy k into a usable m-bit cryptographic key for some underlying application P . If P has security δ (against some class of attackers) with a uniformly random m-bit key, we seek to design a key derivation function (KDF) h that allows us to use R = h(X) as the key for P and results in comparable security δ′ ≈ δ. Seed...
متن کاملProjective Power Entropy and Maximum Tsallis Entropy Distributions
We discuss a one-parameter family of generalized cross entropy between two distributions with the power index, called the projective power entropy. The cross entropy is essentially reduced to the Tsallis entropy if two distributions are taken to be equal. Statistical and probabilistic properties associated with the projective power entropy are extensively investigated including a characterizati...
متن کامل