DOI QR코드

DOI QR Code

Provable Security of Key Derivation Functions Based on the Block Ciphers

블록암호 기반 키유도함수의 증명가능 안전성

  • Received : 2009.12.23
  • Accepted : 2010.04.30
  • Published : 2010.08.31

Abstract

Key derivation functions are used within many cryptographic systems in order to generate various keys from a fixed short key string. In this paper we survey a state-of-the-art in the key derivation functions and wish to examine the soundness of the functions on the view point of provable security. Especially we focus on the key derivation functions using pseudorandom functions which are recommended by NISI recently, and show that the variant of Double-Pipeline Iteration mode using pseudorandom permutations is a pseudorandom function. Block ciphers can be regarded as practical primitives of pseudorandom permutations.

키유도함수는 고정된 길이의 키로부터 정보보호 알고리즘 수행을 위하여 필요로 하는 다양한 키들을 유도해내는 메커니즘으로 암호시스템의 필수적인 구성요소이다. 본 논문에서는 키유도함수에 대한 최신 연구 동향을 조사 분석하고 증명가능 안전성 관점에서 키유도함수 구조의 견고성에 대하여 논한다. 특히 NIST가 최근 제안한 의사난수함수(PRF) 기반 키유도함수 모드를 블록암호로 대표되는 의사단수치환 (PRP) 기반 키유도함수로 변형 할 경우의 증명 가능 안전성에 초점을 맞추어 Double-Pipeline Iteration 모드의 의사난수성을 규명한다.

Keywords

Acknowledgement

Supported by : 국민대학교

References

  1. ISO/IEC 18033-2 : 2006, Information technology - Security techniques - Encryption algorithms - Part 2: Asymmetric ciphers. Ed. Victor Shoup, 2006. The final committee draft version FCD 18033-2, Dec. 2004.
  2. IEEE P1363 Standard Specifications for Public Key Cryptography, IEEE, Nov. 1993.
  3. RSA Laboratories. PKCS #1 v2.1: RSA Encryption Standard. Jun. 2002, .
  4. ANSI X9.42-2003 Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute, 19 Nov. 2003.
  5. NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, National Institute of Standards and Technology, Mar. 2007.
  6. IEEE 802.11i : "IEEE Standard for Information technology-Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements," Jul. 2004.
  7. RSA Laboratories. PKCS #5 v2.1: Password-Based Cryptography Standard, 5 Oct, 2006.
  8. Bruce Schneier, Applied Cryptography - Protocols, Algorithms and Source Code in C, second edition, John Wiley, Nov. 1995.
  9. 3GPP TR 35.909 v8.0.0 : "3rd Generation Partnership Project: Technical Specification Group Services and System Aspects: 3G Security: Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, $f1^{\ast}$, f2, f'3, f4, f5 and $f5^{\ast}$: Document 5: Summary and results of design and evaluation," Dec. 2008.
  10. IEEE 802.15.1TM : "IEEE Standard for Information technology-Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements Part 15.1: Wireless medium access control (MAC) and physical layer (PHY) specifications for wireless personal area networks (WPANs)," Jun, 2002,
  11. NIST Special Publication 800-108, "Recommendation for Key Derivation Using Pseudorandom Functions (Revised) ," SP 800-108, Oct. 2009.
  12. C. Adams, G. Kramer, S. Mister, and R. Zuccherato, "On the security of key derivation functions," LNCS 3225, Springer- Verlag, pp 134-145, 2004.
  13. H. Gilbert, "The security of One-Block-to- Many modes of operation," FSE 2003, LNCS 2887, pp. 376-395, 2003.
  14. H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," RFC2104, Feb. 1997.
  15. Federal Information Processing Standards Publication 197, "Specification for the ADVANCED ENCRYPTION STANDARD (AES)," Non. 2001.
  16. J. Massey, G. Khachatrian, and M. Kuregian, "Nomination of SAFER+ as Candidate Algorithm for the Advanced Encryption Standard (AES)," NIST AES Proposal, 1998,
  17. J. Patarin, "New results on pseudorandom permutation generators based on the DES scheme," Advances in Cryptology - CRYPTO'91, LNCS 576, pp. 301-316, 1992.
  18. S. Vaudenay, "On Provable Security for Conventional Cryptography," Proc. ICISC '99, invited lecture, LNCS 1787, pp. 1-16, 2000.