[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] On using ROs for analyzing randomness extraction functions

To: cfrg at ietf.org
Subject: Re: [Cfrg] On using ROs for analyzing randomness extraction functions
From: "D. J. Bernstein" <djb at cr.yp.to>
Date: 31 Oct 2005 18:10:50 -0000
Automatic-legal-notices: See http://cr.yp.to/mailcopyright.html.
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <200510282114.j9SLEarq012372@taverner.CS.Berkeley.EDU> <Pine.A41.4.58.0510290053020.30282@prf.watson.ibm.com> <5719CDC5-3557-4E5F-9E82-9342BC8685ED@gmail.com> <20051031054127.21824.qmail@cr.yp.to> <E3D2B4ED-668C-4A71-97D6-BCD61F414920@gmail.com>
Sender: cfrg-bounces at ietf.org

John Wilkinson writes:
> 2.3) K_i = PRF( UH( R, SV ), i || context )
> 2.3 seems to be the only one that offers security in the standard model,

You've been misled. That construction does _not_ guarantee secure key
derivation under standard assumptions.

---D. J. Bernstein, Professor, Mathematics, Statistics,
and Computer Science, University of Illinois at Chicago

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: John Wilkinson

References:
- [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: David Wagner
- Re: [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: canetti
- Re: [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: John Wilkinson
- Re: [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: D. J. Bernstein
- Re: [Cfrg] On using ROs for analyzing randomness extraction functions
  - From: John Wilkinson

Prev by Date: Re: [Cfrg] On using ROs for analyzing randomness extraction functions
Next by Date: Re: [Cfrg] On using ROs for analyzing randomness extraction functions
Previous by thread: Re: [Cfrg] On using ROs for analyzing randomness extraction functions
Next by thread: Re: [Cfrg] On using ROs for analyzing randomness extraction functions
Index(es):
- Date
- Thread