[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cfrg] Re: [saag] KDF: Randomness extraction vs. key expansion

On Fri, 2005-10-28 at 15:48, canetti wrote:
> * Randomness extraction: taking an input with "high computational entropy"
> and generating from it a pseudorandom value.
> 
> * Key expansion: taking a short pseudorandom value and extending it to a
> longer pseudorandom value, here the output length is variable anddepends
> on the application.

Some plumbing-level questions:

you suggested that random nonces should go into the first stage.  would
non-random context/identity inputs go there, too?

and: would it ever be appropriate to use multiple stages of key
expansion?

for instance:

[diffie-hellman] -> [randomness extraction] -> [key expansion] -> (A, B,
C)

A -> [key expansion] -> (A1, A2, A3)
B -> [key expansion] -> (B1, B2, B3)
C -> [key expansion] -> (C1, C2, C3)

					- Bill







_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg