[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)

To: cfrg at ietf.org
Subject: Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
From: Jack Lloyd <lloyd at randombit.net>
Date: Sat, 29 Oct 2005 10:06:49 -0400
In-reply-to: <FD2E8098-F7BA-4DEA-9A8D-192D3BA1293D@gmail.com>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: cfrg at ietf.org
References: <200510281711.j9SHBI9f005644@taverner.CS.Berkeley.EDU> <20051028221539.15039.qmail@cr.yp.to> <FD2E8098-F7BA-4DEA-9A8D-192D3BA1293D@gmail.com>
Sender: cfrg-bounces at ietf.org

On Sat, Oct 29, 2005 at 09:08:42AM -0400, John Wilkinson wrote:
> 
> On Oct 28, 2005, at 6:15 PM, D. J. Bernstein wrote:
> >You can turn AES into a hash function by applying, e.g., Luby-Rackoff
> >plus Miyaguchi-Preneel. Using this hash function to derive keys is  
> >then
> >identical to using AES to derive keys.
> 
> Dr. Bernstein, could you please describe (or give reference to) a way  
> to produce a hash function H from AES, such that HMAC-H is a provably  
> secure PRF, based only on the assumption that AES is a secure PRP?  
> Thanks. -John

The paper "Black-Box Anylsis of the Block-Cipher-Based Hash-Function
Constructions from PGV" from Crypto '02 (by Black, Rogaway, Shrimpton)
would seem to get us there. If AES is an ideal cipher, then we know
the collision and inversion resistance properties of various AES-based
hashing schemes thanks to that paper. At that point we can say how
strong an NMAC scheme instantiated with such a hash would be, and by
making the usual NMAC->HMAC leap of faith, we have a proof (of sorts).

Jack

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
  - From: John Wilkinson

References:
- [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
  - From: David Wagner
- Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
  - From: D. J. Bernstein
- Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
  - From: John Wilkinson

Prev by Date: Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
Next by Date: [Cfrg] Re: Cfrg Digest, Vol 16, Issue 43
Previous by thread: Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
Next by thread: Re: [Cfrg] Fwd: Hash-Based Key Derivation (fwd)
Index(es):
- Date
- Thread