BHATI, Amit Singh, Antonín DUFKA, Elena ANDREEVA, Arnab ROY and Bart PRENEEL. Skye: An Expanding PRF based Fast KDF and its Applications. Online. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS '24). New York, NY, USA: Association for Computing Machinery, 2024, p. 1082–1098. ISBN 979-8-4007-0482-6. Available from: https://dx.doi.org/10.1145/3634737.3637673.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Skye: An Expanding PRF based Fast KDF and its Applications
Authors BHATI, Amit Singh (guarantor), Antonín DUFKA (203 Czech Republic, belonging to the institution), Elena ANDREEVA, Arnab ROY and Bart PRENEEL.
Edition New York, NY, USA, Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (ASIA CCS '24), p. 1082–1098, 17 pp. 2024.
Publisher Association for Computing Machinery
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10200 1.2 Computer and information sciences
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
Organization unit Faculty of Informatics
ISBN 979-8-4007-0482-6
Doi http://dx.doi.org/10.1145/3634737.3637673
Keywords in English KDF; Deterministic Extraction; Extract-then-Expand; HKDF; X3DH; Signal; Expanding PRF; PRF-PRNG; Randomness Amplification
Tags International impact, Reviewed
Changed by Changed by: RNDr. Antonín Dufka, učo 445281. Changed: 8/8/2024 15:54.
Abstract
A Key Derivation Function (KDF) generates a uniform and highly random key-stream from weakly random key material. KDFs are broadly used in various security protocols such as digital signatures and key exchange protocols. HKDF, the most deployed KDF in practice, is based on the extract-then-expand paradigm. It is presently used, among others, in the Signal Protocol for end-to-end encrypted messaging.HKDF is a generic KDF for general input sources and thus is not optimized for source-specific use cases such as key derivation from Diffie-Hellman (DH) sources (i.e. DH shared secrets as key material). Furthermore, the sequential HKDF design is unnecessarily slow on some general-purpose platforms that can benefit from parallelization.In this work, we propose a novel, efficient and secure KDF called Skye. Skye follows the extract-then-expand paradigm and consists of two algorithms: efficient deterministic randomness extractor and expander functions. Instantiating our extractor for dedicated source-specific (e.g. DH sources) inputs leads to a significant efficiency gain over HKDF while maintaining its security level. We provide concrete security analysis of Skye and both its underlying algorithms in the standard model.We provide a software performance comparison of Skye with the AES-based expanding PRF ButterKnife and HKDF with SHA-256 (as used in practice). Our results show that in isolation Skye performs from 4x to 47x faster than HKDF, depending on the availability of AES or SHA instruction support. We further demonstrate that with such a performance gain, when Skye is integrated within the current Signal implementation, we can achieve significant overall improvements ranging from 38% to 64% relative speedup in unidirectional messaging. Even in bidirectional messaging, that includes DH computation with dominating computational cost, Skye still contributes to 12-36% relative speedup when just 10 messages are sent and received at once.
Links
101087529, interní kód MUName: Cyber-security Excellence Hub in Estonia and South Moravia (CHESS)
Investor: European Union, Cyber-security Excellence Hub in Estonia and South Moravia (CHESS), Widening participation and strengthening the European Research Area
PrintDisplayed: 3/9/2024 06:15