Jump to content

Extendable-output function: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m top: wl
Citation bot (talk | contribs)
Bots
5,689,691 edits
Add: s2cid, pages, volume, series, authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 339/895
Line 13: Line 13:


==Sources==
==Sources==
* {{cite book | last=Mittelbach | first=Arno | last2=Fischlin | first2=Marc | title=The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography | publisher=Springer International Publishing | series=Information Security and Cryptography | year=2021 | chapter = Extendable Output Functions (XOFs) | isbn=978-3-030-63287-8 | chapter-url=https://books.google.com/books?id=Ly8WEAAAQBAJ&pg=PA526 | access-date=2023-06-22}}
* {{cite book | last1=Mittelbach | first1=Arno | last2=Fischlin | first2=Marc | title=The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography | publisher=Springer International Publishing | series=Information Security and Cryptography | year=2021 | chapter = Extendable Output Functions (XOFs) | isbn=978-3-030-63287-8 | chapter-url=https://books.google.com/books?id=Ly8WEAAAQBAJ&pg=PA526 | access-date=2023-06-22}}
* {{cite book | last=Peyrin | first=Thomas | last2=Wang | first2=Haoyang | title=Advances in Cryptology – CRYPTO 2020 | chapter=The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers | publisher=Springer International Publishing | year=2020 | isbn=978-3-030-56876-4 | issn=0302-9743 | doi=10.1007/978-3-030-56877-1_9 | chapter-url=https://eprint.iacr.org/2020/986.pdf}}
* {{cite book | last1=Peyrin | first1=Thomas | last2=Wang | first2=Haoyang | series=Lecture Notes in Computer Science | volume=12172 | pages=249–278 | title=Advances in Cryptology – CRYPTO 2020 | chapter=The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers | publisher=Springer International Publishing | year=2020 | isbn=978-3-030-56876-4 | issn=0302-9743 | doi=10.1007/978-3-030-56877-1_9 | s2cid=221107066 | chapter-url=https://eprint.iacr.org/2020/986.pdf}}
* {{cite web |last1=Perlner |first1=Ray |title=Extendable-Output Functions (XOFs) |url=https://csrc.nist.gov/events/2014/sha-3-2014-workshop |website=csrc.nist.gov |publisher=[[NIST]] |access-date=22 June 2023 | date = August 22, 2014}}
* {{cite web |last1=Perlner |first1=Ray |title=Extendable-Output Functions (XOFs) |url=https://csrc.nist.gov/events/2014/sha-3-2014-workshop |website=csrc.nist.gov |publisher=[[NIST]] |access-date=22 June 2023 | date = August 22, 2014}}
* {{cite web |last1=Dworkin |first1=Morris |title=Domain Extensions |url=https://csrc.nist.gov/events/2014/sha-3-2014-workshop |website=csrc.nist.gov |publisher=[[NIST]] |access-date=22 June 2023 | date = August 22, 2014}}
* {{cite web |last1=Dworkin |first1=Morris |title=Domain Extensions |url=https://csrc.nist.gov/events/2014/sha-3-2014-workshop |website=csrc.nist.gov |publisher=[[NIST]] |access-date=22 June 2023 | date = August 22, 2014}}

Revision as of 17:47, 29 October 2023

Extendable-output function (XOF) is an extension[1] of the cryptographic hash that allows its output to be arbitrarily long. In particular, the sponge construction makes any sponge hash a natural XOF (the regular hash functions with a fixed-size result are obtained from a sponge mechanism by stopping the squeezing phase after obtaining the fixed number of bits).[2]

The genesis of a XOF makes it collision, preimage and second preimage resistant. Technically, any XOF can be turned into a cryptographic hash by truncating the result to a fixed length (in practice, hashes and XOFs are defined differently for domain separation[3]). The examples of XOF include the algorithms from the Keccak family: SHAKE128, SHAKE256, and a variant with higher efficiency, KangarooTwelve.[1]

XOFs are used as key derivation functions (KDFs), stream ciphers,[1] mask generation functions.[4]

By their nature, XOFs can produce related outputs (a longer result includes a shorter one as a prefix). The use of KDFs for key derivation can therefore cause related-output problems. As a "naïve" example, if the Triple DES keys are generated with a XOF, and there is a confusion in the implementation that causes some operations to be performed as 3TDEA (3x56 = 168-bit key), and some as 2TDEA (2x56 = 112 bit key), comparing the encryption results will lower the attack complexity to just 56 bits; similar problems can occur if hashes in the NIST SP 800-108 are naïvely replaced by the KDFs.[5]

References

  1. ^ a b c Peyrin & Wang 2020, p. 7.
  2. ^ Mittelbach & Fischlin 2021, p. 526.
  3. ^ Dworkin 2014, p. 3.
  4. ^ Perlner 2014, p. 4.
  5. ^ Perlner 2014, p. 5.

Sources

  • Mittelbach, Arno; Fischlin, Marc (2021). "Extendable Output Functions (XOFs)". The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography. Information Security and Cryptography. Springer International Publishing. ISBN 978-3-030-63287-8. Retrieved 2023-06-22.
  • Peyrin, Thomas; Wang, Haoyang (2020). "The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers" (PDF). Advances in Cryptology – CRYPTO 2020. Lecture Notes in Computer Science. Vol. 12172. Springer International Publishing. pp. 249–278. doi:10.1007/978-3-030-56877-1_9. ISBN 978-3-030-56876-4. ISSN 0302-9743. S2CID 221107066.
  • Perlner, Ray (August 22, 2014). "Extendable-Output Functions (XOFs)". csrc.nist.gov. NIST. Retrieved 22 June 2023.
  • Dworkin, Morris (August 22, 2014). "Domain Extensions". csrc.nist.gov. NIST. Retrieved 22 June 2023.
Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.


Retrieved from "https://en.wikipedia.org/w/index.php?title=Extendable-output_function&oldid=1182493750"