On Recent Advances in Key Derivation via the Leftover Hash Lemma

Barak et al. showed how to significantly reduce the entropy loss, which is necessary in general, in the use of the Leftover Hash Lemma (LHL) to derive a secure key for many important cryptographic applications. If one wants this key to be secure against any additional short leakage, then the min-entropy of the source used with the LHL must be appropriately bigger (roughly by the length of the supposed leakage). Recently, Berens came up with a notion of collision entropy that is much weaker than min-entropy and allows proving a version of the LHL with leakage robustness but without any entropy saving. We combine both approaches and extend the results of Barak et. al to Beren’s collision entropy. Summarizing, we obtain a version of the LHL with optimized entropy loss, leakage robustness and weak entropy requirements. 1998 ACM Subject Classification F.1.3 Complexity Measures and Classes, K.6.5 Security and Protection