Combining multiple cryptographic keys, some potentially compromised, into a single pseudorandom key is a fundamental task in modern cryptographic protocols, notably employed in TLS 1.3, Signal, and IKEv2. While Key Derivation Functions (KDFs) like HKDF are well-studied, the distinct problem of key combination, which ensures security as long as at least one input key is secure, has received less formal attention. Current practices often heuristically employ HKDF ’s extract step, implicitly relying on the dual-PRF property of its underlying primitive HMAC, a property whose formal justification is recent and conditional. Furthermore, existing methods primarily address combining only two keys and lack formal security definitions, especially for scenarios involving multiple keys. In this paper, we introduce the first formal definitions for key combiners and their security guarantees. Building on this framework, we propose two efficient HMAC-based key combiner schemes based on the extract-then-expand paradigm: HKCv1, designed for simultaneously available inputs using concatenation, and HKCv2, tailored for scenarios where keys arrive incrementally, using an iterative HMAC structure. We also provide rigorous security proofs for both schemes.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

New Key Combiner Schemes for Multiple Keys

  • Haoyang Wang,
  • Tianning Wang,
  • Guilin Wang

摘要

Combining multiple cryptographic keys, some potentially compromised, into a single pseudorandom key is a fundamental task in modern cryptographic protocols, notably employed in TLS 1.3, Signal, and IKEv2. While Key Derivation Functions (KDFs) like HKDF are well-studied, the distinct problem of key combination, which ensures security as long as at least one input key is secure, has received less formal attention. Current practices often heuristically employ HKDF ’s extract step, implicitly relying on the dual-PRF property of its underlying primitive HMAC, a property whose formal justification is recent and conditional. Furthermore, existing methods primarily address combining only two keys and lack formal security definitions, especially for scenarios involving multiple keys. In this paper, we introduce the first formal definitions for key combiners and their security guarantees. Building on this framework, we propose two efficient HMAC-based key combiner schemes based on the extract-then-expand paradigm: HKCv1, designed for simultaneously available inputs using concatenation, and HKCv2, tailored for scenarios where keys arrive incrementally, using an iterative HMAC structure. We also provide rigorous security proofs for both schemes.