HMAC is a Randomness Extractor and Applications to TLS

Pierre-Alain Fouque 1, 2 David Pointcheval 1, 2 Sébastien Zimmer 1, 2
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : In this paper, we study the security of a practical randomness extractor and its application in the tls standard. Randomness extraction is the first stage of key derivation functions since the secret shared between the entities does not always come from a uniformly distributed source. More precisely, we wonder if the Hmac function, used in many standards, can be considered as a randomness extractor? We show that when the shared secret is put in the key space of the Hmac function, there are two cases to consider depending on whether the key is larger than the block-length of the hash function or not. In both cases, we provide a formal proof that the output is pseudo- random, but under different assumptions. Nevertheless, all the assumptions are related to the fact that the compression function of the underlying hash function behaves like a pseudo-random function. This analysis allows us to prove the tls randomness extractor for Diffie-Hellman and RSA key exchange. Of independent interest, we study a computational analog to the leftover hash lemma for computational almost universal hash function families: any pseudo-random function family matches the latter definition.
Type de document :
Communication dans un congrès
M. Abe and V. Gligor. Proceedings of the 3rd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS '08), 2008, Tokyo, Japon, Japan. ACM Press, pp.21--32, 2008
Liste complète des métadonnées

https://hal.inria.fr/inria-00419158
Contributeur : David Pointcheval <>
Soumis le : mardi 22 septembre 2009 - 16:22:18
Dernière modification le : vendredi 25 mai 2018 - 12:02:05
Document(s) archivé(s) le : mercredi 16 juin 2010 - 00:00:14

Fichier

2008_asiaccs.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00419158, version 1

Collections

Citation

Pierre-Alain Fouque, David Pointcheval, Sébastien Zimmer. HMAC is a Randomness Extractor and Applications to TLS. M. Abe and V. Gligor. Proceedings of the 3rd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS '08), 2008, Tokyo, Japon, Japan. ACM Press, pp.21--32, 2008. 〈inria-00419158〉

Partager

Métriques

Consultations de la notice

275

Téléchargements de fichiers

193