Extendable-output Function
   HOME

TheInfoList



Click Here for Items Related To - Extendable-output Function
OR:
Extendable-output Function on:   [Wikipedia]   [Google]   [Amazon]

Extendable-output function (XOF) is an extension of the
cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptographic application: * the probability of a particu ...
that allows its output to be arbitrarily long. In particular, the sponge construction makes any sponge hash a natural XOF: the squeeze operation can be repeated, and the regular hash functions with a fixed-size result are obtained from a sponge mechanism by stopping the squeezing phase after obtaining the fixed number of bits). The genesis of a XOF makes it
collision In physics, a collision is any event in which two or more bodies exert forces on each other in a relatively short time. Although the most common use of the word ''collision'' refers to incidents in which two or more objects collide with great for ...
,
preimage In mathematics, for a function f: X \to Y, the image of an input value x is the single output value produced by f when passed x. The preimage of an output value y is the set of input values that produce y. More generally, evaluating f at each ...
and second preimage resistant. Technically, any XOF can be turned into a cryptographic hash by truncating the result to a fixed length (in practice, hashes and XOFs are defined differently for domain separation). The examples of XOF include the algorithms from the
Keccak SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
family: SHAKE128, SHAKE256, and a variant with higher efficiency, KangarooTwelve. XOFs are used as
key derivation function In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a cr ...
s (KDFs),
stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream ( keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystrea ...
s, mask generation functions.


Related-output issues

By their nature, XOFs can produce related outputs (a longer result includes a shorter one as a prefix). The use of KDFs for key derivation can therefore cause related-output problems. As a "naïve" example, if the
Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Dat ...
keys are generated with a XOF, and there is a confusion in the implementation that causes some operations to be performed as 3TDEA (3x56 = 168-bit key), and some as 2TDEA (2x56 = 112 bit key), comparing the encryption results will lower the attack complexity to just 56 bits; similar problems can occur if hashes in the NIST SP 800-108 are naïvely replaced by the KDFs.


References


Sources

* * * * Extendable-output functions {{crypto-stub