Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)

[Hugo Krawczyk <hugo at ee.technion.ac.il>]

A couple of days ago I sent a message to this list with a link to my
SIGMA paper (see below). Some people pointed out to me that they had
trouble accessing the link so I have posted the paper also under
http://www.research.ibm.com/security/sigma.ps

Also, if you have a copy of the CRYPTO'03 proceedings where this
paper appeared, note that the Appendix to which I am referring is
not part of that (shorter) version of the paper.


Hugo

>Those interested may want to take a look at the design of the KDF function
>in the IKE protocols (the description is cleaner in IKEv2) which has tried
>to apply the existing randomness-extraction theory in an engineering-friendly
>way, and which could be applicable to other KDF scenarios. I have
>written briefly about this IKE's KDF design (in simple plain English) in
>appendix C of my SIGMA paper http://www.ee.technion.ac.il/sigma.ps, and
>have provided more theoretical backing in a paper with Gennaro and Rabin
>from Eurocrypt 2004 (on the subject of computational entropy in DH values),
>and in another paper with Dodis, Gennaro, Hastad and Rabin from Crypto04
>(which tries to bridge between the theory of randomness extractors and
>practical PRF schemes). These apers touch in many of the issues
>raised during this discussion.



_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg