The Twist-AUgmented Technique for Key Exchange

Chevassut, Olivier; Fouque, Pierre-Alain; Gaudry, Pierrick; Pointcheval, David

doi:10.1007/11745853_27

Cited by 36 publications

(38 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another technique consists in using a curve and its twist as suggested in [5]. Given a curve defined by equation (1), one can define the twisted curve of equation…”

Section: Related Workmentioning

confidence: 99%

How to Hash into Elliptic Curves

Icart

2009

Lecture Notes in Computer Science

105

View full text Add to dashboard Cite

show abstract

“…Another technique consists in using a curve and its twist as suggested in [5]. Given a curve defined by equation (1), one can define the twisted curve of equation…”

Section: Related Workmentioning

confidence: 99%

How to Hash into Elliptic Curves

Icart

2009

Lecture Notes in Computer Science

105

View full text Add to dashboard Cite

show abstract

“…In the latter case, one can consider deterministic extractors. Examples of such source-specific extractors in the cryptographic setting include the well-known hard-core schemes for RSA [2,15] and for discrete-log based functions [21,34], and the recent elegant extraction functions specific to some Diffie-Hellman groups in [11,16]. For most of our study we focus on generic extractors, i.e., those that can extract randomness from any source with sufficient min-entropy, and hence require some non-secret salt.…”

Section: Definition 1 a Probability Distribution X Has Min-entropy (mentioning

confidence: 99%

“…Both [5,6] offer interesting perspectives on the use of randomness extractors in practice that complement our work; our HKDF design is well suited for use also in the settings studied by these works. A good discussion of extraction issues in the context of KDFs in the Diffie-Hellman setting can be found in [11] where a dedicated deterministic extractor for specific DH groups is presented. Another such extractor (very different in techniques and applicability) is presented in [16].…”

Section: Introductionmentioning

confidence: 99%

Cryptographic Extraction and Key Derivation: The HKDF Scheme

Krawczyk

2010

Lecture Notes in Computer Science

273

198

View full text Add to dashboard Cite

Abstract. In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extractthen-expand approach; we present the first general and rigorous definition of KDFs and their security that we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario.Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function. (The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.)

show abstract

“…Another extractor for elliptic curves over prime fields is proposed by Gürel in the same paper. However, the latter extracts essentially less than half of the bits of the abscissa of P. One more extractor for elliptic curves over prime fields is the TAU technique of Chevassut et al [5]. This technique allows to extract almost all the bits of the abscissa of a point of the union of an elliptic curve and its quadratic twist.…”

mentioning

confidence: 99%

Extractors for binary elliptic curves

Farashahi

Pellikaan

Sidorenko

2008

Des. Codes Cryptogr.

View full text Add to dashboard Cite

We propose a simple and efficient deterministic extractor for an ordinary elliptic curve E, defined over F 2 n , where n = 2 and is a positive integer. Our extractor, for a given point P on E, outputs the first F 2 -coefficient of the abscissa of the point P. We also propose a deterministic extractor for the main subgroup G of E, where E has minimal 2-torsion. We show that if a point P is chosen uniformly at random in G, the bits extracted from the point P are indistinguishable from a uniformly random bit-string of length .

show abstract

The Twist-AUgmented Technique for Key Exchange

Cited by 36 publications

References 32 publications

How to Hash into Elliptic Curves

How to Hash into Elliptic Curves

Cryptographic Extraction and Key Derivation: The HKDF Scheme

Extractors for binary elliptic curves

Contact Info

Product

Resources

About