doc

SP 800-56A Rev. 3 Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography

SP 800-56B Rev. 2 Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography

SP 800-56C Rev. 2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes

trusted third party(TTP)

mac: hmac, aes-cmac, kmac

random bit generator (RBG): SP 800-90

mqv 漏洞太多

IEEE P1363

800-56c

Z: shared secret

OtherInput: salt, L, {IV}, FixedInfo

FixedInfo: Label, Context

DerivedKeyingMaterial = KDM(Z, OtherInput)

one-step kdf: shared secret -> Key-Derivation key

  • hash(x), fips 180, fips 202
  • hmac(key=salt, message=x), fips 198
  • kmac(key=salt, message=x, H_outputBits, “KDF”), SP 800-185
可以基于 H(counter   Z   fixedInfo),counter递增,迭代拼接

two-step kdf: extraction-then-expansion, shared secret -> Key-Derivation key -> keying material

randomness extraction => KDK

  • hmac(key=salt, message = Z)
  • aes-cmac(key=salt, message=Z), sp 800-38B

key expansion => DerivedKeyingMaterial

  • KDF(KDK, L, {IV}, FixedInfo)

如果PRF-based KDF是feedback mode,则需要IV。

如果PRF-based KDF是Counter mode / Double-Pipeline Iteration Mode,则不需要IV。



Published

20 April 2020

Tags


Share On