Corpus
Istex
Racine
Corpus
Checkpoint
Istex
Racine
Istex
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la recherche en informatique en Lorraine

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

The Twist-AUgmented Technique for Key Exchange

Identifieur interne : 000B79 ( Istex/Corpus ); précédent : 000B78; suivant : 000B80

The Twist-AUgmented Technique for Key Exchange

Auteurs : Olivier Chevassut ; Pierre-Alain Fouque ; Pierrick Gaudry ; David Pointcheval

Source :

RBID : ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A

Abstract

Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.

Url:
DOI: 10.1007/11745853_27

Links to Exploration step

ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A

Le document en format XML

<record>
<TEI wicri:istexFullTextTei="biblStruct">
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title>
<author>
<name sortKey="Chevassut, Olivier" sort="Chevassut, Olivier" uniqKey="Chevassut O" first="Olivier" last="Chevassut">Olivier Chevassut</name>
<affiliation>
<mods:affiliation>Lawrence Berkeley National Lab., Berkeley, CA, USA</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: OChevassut@lbl.gov</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name>
<affiliation>
<mods:affiliation>CNRS-École normale supérieure, Paris, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: Pierre-Alain.Fouque@ens.fr</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name>
<affiliation>
<mods:affiliation>CNRS-LORIA, Nancy, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: Pierrick.Gaudry@loria.fr</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name>
<affiliation>
<mods:affiliation>CNRS-École normale supérieure, Paris, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: David.Pointcheval@ens.fr</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A</idno>
<date when="2006" year="2006">2006</date>
<idno type="doi">10.1007/11745853_27</idno>
<idno type="url">https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/fulltext.pdf</idno>
<idno type="wicri:Area/Istex/Corpus">000B79</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">000B79</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title>
<author>
<name sortKey="Chevassut, Olivier" sort="Chevassut, Olivier" uniqKey="Chevassut O" first="Olivier" last="Chevassut">Olivier Chevassut</name>
<affiliation>
<mods:affiliation>Lawrence Berkeley National Lab., Berkeley, CA, USA</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: OChevassut@lbl.gov</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Fouque, Pierre Alain" sort="Fouque, Pierre Alain" uniqKey="Fouque P" first="Pierre-Alain" last="Fouque">Pierre-Alain Fouque</name>
<affiliation>
<mods:affiliation>CNRS-École normale supérieure, Paris, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: Pierre-Alain.Fouque@ens.fr</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name>
<affiliation>
<mods:affiliation>CNRS-LORIA, Nancy, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: Pierrick.Gaudry@loria.fr</mods:affiliation>
</affiliation>
</author>
<author>
<name sortKey="Pointcheval, David" sort="Pointcheval, David" uniqKey="Pointcheval D" first="David" last="Pointcheval">David Pointcheval</name>
<affiliation>
<mods:affiliation>CNRS-École normale supérieure, Paris, France</mods:affiliation>
</affiliation>
<affiliation>
<mods:affiliation>E-mail: David.Pointcheval@ens.fr</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series>
<title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass></textClass>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</div>
</front>
</TEI>
<istex>
<corpusName>springer-ebooks</corpusName>
<author>
<json:item>
<name>Olivier Chevassut</name>
<affiliations>
<json:string>Lawrence Berkeley National Lab., Berkeley, CA, USA</json:string>
<json:string>E-mail: OChevassut@lbl.gov</json:string>
</affiliations>
</json:item>
<json:item>
<name>Pierre-Alain Fouque</name>
<affiliations>
<json:string>CNRS-École normale supérieure, Paris, France</json:string>
<json:string>E-mail: Pierre-Alain.Fouque@ens.fr</json:string>
</affiliations>
</json:item>
<json:item>
<name>Pierrick Gaudry</name>
<affiliations>
<json:string>CNRS-LORIA, Nancy, France</json:string>
<json:string>E-mail: Pierrick.Gaudry@loria.fr</json:string>
</affiliations>
</json:item>
<json:item>
<name>David Pointcheval</name>
<affiliations>
<json:string>CNRS-École normale supérieure, Paris, France</json:string>
<json:string>E-mail: David.Pointcheval@ens.fr</json:string>
</affiliations>
</json:item>
</author>
<arkIstex>ark:/67375/HCB-1JDVK4LG-3</arkIstex>
<language>
<json:string>eng</json:string>
</language>
<originalGenre>
<json:string>OriginalPaper</json:string>
</originalGenre>
<abstract>Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</abstract>
<qualityIndicators>
<score>9.748</score>
<pdfWordCount>7524</pdfWordCount>
<pdfCharCount>38968</pdfCharCount>
<pdfVersion>1.3</pdfVersion>
<pdfPageCount>17</pdfPageCount>
<pdfPageSize>430 x 660 pts</pdfPageSize>
<refBibsNative>false</refBibsNative>
<abstractWordCount>229</abstractWordCount>
<abstractCharCount>1458</abstractCharCount>
<keywordCount>0</keywordCount>
</qualityIndicators>
<title>The Twist-AUgmented Technique for Key Exchange</title>
<chapterId>
<json:string>27</json:string>
<json:string>Chap27</json:string>
</chapterId>
<genre>
<json:string>conference</json:string>
</genre>
<serie>
<title>Lecture Notes in Computer Science</title>
<language>
<json:string>unknown</json:string>
</language>
<copyrightDate>2006</copyrightDate>
<issn>
<json:string>0302-9743</json:string>
</issn>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<editor>
<json:item>
<name>David Hutchison</name>
<affiliations>
<json:string>Lancaster University, UK</json:string>
</affiliations>
</json:item>
<json:item>
<name>Takeo Kanade</name>
<affiliations>
<json:string>Carnegie Mellon University, Pittsburgh, PA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Josef Kittler</name>
<affiliations>
<json:string>University of Surrey, Guildford, UK</json:string>
</affiliations>
</json:item>
<json:item>
<name>Jon M. Kleinberg</name>
<affiliations>
<json:string>Cornell University, Ithaca, NY, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Friedemann Mattern</name>
<affiliations>
<json:string>ETH Zurich, Switzerland</json:string>
</affiliations>
</json:item>
<json:item>
<name>John C. Mitchell</name>
<affiliations>
<json:string>Stanford University, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Moni Naor</name>
<affiliations>
<json:string>Weizmann Institute of Science, Rehovot, Israel</json:string>
</affiliations>
</json:item>
<json:item>
<name>Oscar Nierstrasz</name>
<affiliations>
<json:string>University of Bern, Switzerland</json:string>
</affiliations>
</json:item>
<json:item>
<name>C. Pandu Rangan</name>
<affiliations>
<json:string>Indian Institute of Technology, Madras, India</json:string>
</affiliations>
</json:item>
<json:item>
<name>Bernhard Steffen</name>
<affiliations>
<json:string>University of Dortmund, Germany</json:string>
</affiliations>
</json:item>
<json:item>
<name>Madhu Sudan</name>
<affiliations>
<json:string>Massachusetts Institute of Technology, MA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Demetri Terzopoulos</name>
<affiliations>
<json:string>University of California, Los Angeles, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Dough Tygar</name>
<affiliations>
<json:string>University of California, Berkeley, CA, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Moshe Y. Vardi</name>
<affiliations>
<json:string>Rice University, Houston, TX, USA</json:string>
</affiliations>
</json:item>
<json:item>
<name>Gerhard Weikum</name>
<affiliations>
<json:string>Max-Planck Institute of Computer Science, Saarbruecken, Germany</json:string>
</affiliations>
</json:item>
</editor>
</serie>
<host>
<title>Public Key Cryptography - PKC 2006</title>
<language>
<json:string>unknown</json:string>
</language>
<copyrightDate>2006</copyrightDate>
<doi>
<json:string>10.1007/11745853</json:string>
</doi>
<issn>
<json:string>0302-9743</json:string>
</issn>
<eissn>
<json:string>1611-3349</json:string>
</eissn>
<eisbn>
<json:string>978-3-540-33852-9</json:string>
</eisbn>
<bookId>
<json:string>978-3-540-33852-9</json:string>
</bookId>
<isbn>
<json:string>978-3-540-33851-2</json:string>
</isbn>
<volume>3958</volume>
<pages>
<first>410</first>
<last>426</last>
</pages>
<genre>
<json:string>book-series</json:string>
</genre>
<editor>
<json:item>
<name>Moti Yung</name>
<affiliations>
<json:string>Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA</json:string>
<json:string>E-mail: moti@cs.columbia.edu</json:string>
</affiliations>
</json:item>
<json:item>
<name>Yevgeniy Dodis</name>
<affiliations>
<json:string>New York University,</json:string>
<json:string>E-mail: dodis@cs.nyu.edu</json:string>
</affiliations>
</json:item>
<json:item>
<name>Aggelos Kiayias</name>
<affiliations>
<json:string>Computer Science and Engineering, University of Connecticut, Storrs, CT, USA</json:string>
<json:string>E-mail: aggelos@cse.uconn.edu</json:string>
</affiliations>
</json:item>
<json:item>
<name>Tal Malkin</name>
<affiliations>
<json:string>Dept. of Computer Science, Columbia University,</json:string>
<json:string>E-mail: tal@cs.columbia.edu</json:string>
</affiliations>
</json:item>
</editor>
<subject>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Computer Science</value>
</json:item>
<json:item>
<value>Data Encryption</value>
</json:item>
<json:item>
<value>Algorithm Analysis and Problem Complexity</value>
</json:item>
<json:item>
<value>Computer Communication Networks</value>
</json:item>
<json:item>
<value>Computers and Society</value>
</json:item>
<json:item>
<value>Management of Computing and Information Systems</value>
</json:item>
</subject>
</host>
<ark>
<json:string>ark:/67375/HCB-1JDVK4LG-3</json:string>
</ark>
<publicationDate>2006</publicationDate>
<copyrightDate>2006</copyrightDate>
<doi>
<json:string>10.1007/11745853_27</json:string>
</doi>
<id>32506E8AABE71A8E1447E94F7FCC2D69133BA00A</id>
<score>1</score>
<fulltext>
<json:item>
<extension>pdf</extension>
<original>true</original>
<mimetype>application/pdf</mimetype>
<uri>https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/fulltext.pdf</uri>
</json:item>
<json:item>
<extension>zip</extension>
<original>false</original>
<mimetype>application/zip</mimetype>
<uri>https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/bundle.zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/fulltext.tei">
<teiHeader>
<fileDesc>
<titleStmt>
<title level="a" type="main" xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title>
</titleStmt>
<publicationStmt>
<authority>ISTEX</authority>
<availability>
<licence>Springer-Verlag Berlin Heidelberg</licence>
</availability>
<date when="2006">2006</date>
</publicationStmt>
<notesStmt>
<note type="conference" source="proceedings" scheme="https://content-type.data.istex.fr/ark:/67375/XTP-BFHXPBJJ-3">conference</note>
<note type="publication-type" subtype="book-series" scheme="https://publication-type.data.istex.fr/ark:/67375/JMC-0G6R5W5T-Z">book-series</note>
</notesStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title level="a" type="main" xml:lang="en">The Twist-AUgmented Technique for Key Exchange</title>
<author>
<persName>
<forename type="first">Olivier</forename>
<surname>Chevassut</surname>
</persName>
<email>OChevassut@lbl.gov</email>
<affiliation>
<orgName type="institution">Lawrence Berkeley National Lab.</orgName>
<address>
<settlement>Berkeley</settlement>
<region>CA</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</author>
<author>
<persName>
<forename type="first">Pierre-Alain</forename>
<surname>Fouque</surname>
</persName>
<email>Pierre-Alain.Fouque@ens.fr</email>
<affiliation>
<orgName type="institution">CNRS-École normale supérieure</orgName>
<address>
<settlement>Paris</settlement>
<country key="FR">FRANCE</country>
</address>
</affiliation>
</author>
<author>
<persName>
<forename type="first">Pierrick</forename>
<surname>Gaudry</surname>
</persName>
<email>Pierrick.Gaudry@loria.fr</email>
<affiliation>
<orgName type="institution">CNRS-LORIA</orgName>
<address>
<settlement>Nancy</settlement>
<country key="FR">FRANCE</country>
</address>
</affiliation>
</author>
<author>
<persName>
<forename type="first">David</forename>
<surname>Pointcheval</surname>
</persName>
<email>David.Pointcheval@ens.fr</email>
<affiliation>
<orgName type="institution">CNRS-École normale supérieure</orgName>
<address>
<settlement>Paris</settlement>
<country key="FR">FRANCE</country>
</address>
</affiliation>
</author>
<idno type="istex">32506E8AABE71A8E1447E94F7FCC2D69133BA00A</idno>
<idno type="ark">ark:/67375/HCB-1JDVK4LG-3</idno>
<idno type="DOI">10.1007/11745853_27</idno>
</analytic>
<monogr>
<title level="m" type="main">Public Key Cryptography - PKC 2006</title>
<title level="m" type="sub">9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24-26, 2006. Proceedings</title>
<title level="m" type="part">Authentication and Key Establishment</title>
<idno type="DOI">10.1007/11745853</idno>
<idno type="book-id">978-3-540-33852-9</idno>
<idno type="ISBN">978-3-540-33851-2</idno>
<idno type="eISBN">978-3-540-33852-9</idno>
<idno type="chapter-id">Chap27</idno>
<idno type="part-id">Part9</idno>
<editor>
<persName>
<forename type="first">Moti</forename>
<surname>Yung</surname>
</persName>
<email>moti@cs.columbia.edu</email>
<affiliation>
<orgName type="department">Computer Science Department</orgName>
<orgName type="institution">Google Inc. and Columbia University</orgName>
<address>
<street>1214 Amsterdam Avenue</street>
<postCode>10027</postCode>
<settlement>New York</settlement>
<region>NY</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Yevgeniy</forename>
<surname>Dodis</surname>
</persName>
<email>dodis@cs.nyu.edu</email>
<affiliation>
<orgName type="institution">New York University</orgName>
<address>
<country key=""></country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Aggelos</forename>
<surname>Kiayias</surname>
</persName>
<email>aggelos@cse.uconn.edu</email>
<affiliation>
<orgName type="department">Computer Science and Engineering</orgName>
<orgName type="institution">University of Connecticut</orgName>
<address>
<settlement>Storrs</settlement>
<region>CT</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Tal</forename>
<surname>Malkin</surname>
</persName>
<email>tal@cs.columbia.edu</email>
<affiliation>
<orgName type="department">Dept. of Computer Science</orgName>
<orgName type="institution">Columbia University</orgName>
<address>
<country key=""></country>
</address>
</affiliation>
</editor>
<imprint>
<biblScope unit="vol">3958</biblScope>
<biblScope unit="page" from="410">410</biblScope>
<biblScope unit="page" to="426">426</biblScope>
<biblScope unit="chapter-count">34</biblScope>
<biblScope unit="part-chapter-count">4</biblScope>
</imprint>
</monogr>
<series>
<title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title>
<editor>
<persName>
<forename type="first">David</forename>
<surname>Hutchison</surname>
</persName>
<affiliation>
<orgName type="institution">Lancaster University</orgName>
<address>
<country key="GB">UNITED KINGDOM</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Takeo</forename>
<surname>Kanade</surname>
</persName>
<affiliation>
<orgName type="institution">Carnegie Mellon University</orgName>
<address>
<settlement>Pittsburgh</settlement>
<region>PA</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Josef</forename>
<surname>Kittler</surname>
</persName>
<affiliation>
<orgName type="institution">University of Surrey</orgName>
<address>
<settlement>Guildford</settlement>
<country key="GB">UNITED KINGDOM</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Jon</forename>
<forename type="first">M.</forename>
<surname>Kleinberg</surname>
</persName>
<affiliation>
<orgName type="institution">Cornell University</orgName>
<address>
<settlement>Ithaca</settlement>
<region>NY</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Friedemann</forename>
<surname>Mattern</surname>
</persName>
<affiliation>
<orgName type="institution">ETH Zurich</orgName>
<address>
<country key="CH">SWITZERLAND</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">John</forename>
<forename type="first">C.</forename>
<surname>Mitchell</surname>
</persName>
<affiliation>
<orgName type="institution">Stanford University</orgName>
<address>
<settlement>CA</settlement>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Moni</forename>
<surname>Naor</surname>
</persName>
<affiliation>
<orgName type="institution">Weizmann Institute of Science</orgName>
<address>
<settlement>Rehovot</settlement>
<country key="IL">ISRAEL</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Oscar</forename>
<surname>Nierstrasz</surname>
</persName>
<affiliation>
<orgName type="institution">University of Bern</orgName>
<address>
<country key="CH">SWITZERLAND</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">C.</forename>
<surname>Pandu Rangan</surname>
</persName>
<affiliation>
<orgName type="institution">Indian Institute of Technology</orgName>
<address>
<settlement>Madras</settlement>
<country key="IN">INDIA</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Bernhard</forename>
<surname>Steffen</surname>
</persName>
<affiliation>
<orgName type="institution">University of Dortmund</orgName>
<address>
<country key="DE">GERMANY</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Madhu</forename>
<surname>Sudan</surname>
</persName>
<affiliation>
<orgName type="institution">Massachusetts Institute of Technology</orgName>
<address>
<settlement>MA</settlement>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Demetri</forename>
<surname>Terzopoulos</surname>
</persName>
<affiliation>
<orgName type="institution">University of California</orgName>
<address>
<settlement>Los Angeles</settlement>
<region>CA</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Dough</forename>
<surname>Tygar</surname>
</persName>
<affiliation>
<orgName type="institution">University of California</orgName>
<address>
<settlement>Berkeley</settlement>
<region>CA</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Moshe</forename>
<forename type="first">Y.</forename>
<surname>Vardi</surname>
</persName>
<affiliation>
<orgName type="institution">Rice University</orgName>
<address>
<settlement>Houston</settlement>
<region>TX</region>
<country key="US">UNITED STATES</country>
</address>
</affiliation>
</editor>
<editor>
<persName>
<forename type="first">Gerhard</forename>
<surname>Weikum</surname>
</persName>
<affiliation>
<orgName type="institution">Max-Planck Institute of Computer Science</orgName>
<address>
<settlement>Saarbruecken</settlement>
<country key="DE">GERMANY</country>
</address>
</affiliation>
</editor>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="seriesID">558</idno>
</series>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc>
<abstract xml:lang="en">
<head>Abstract</head>
<p>Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require
<hi rend="italic">randomness extractors</hi>
to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–.</p>
<p>In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are
<hi rend="italic">a priori</hi>
distinct tools, we first study whether such an application is correct or not. We thereafter study the case of
<formula xml:id="IEq1" notation="TEX">
<media mimeType="image" url=""></media>
$\mathbb{Z}^{*}_{p}$ </formula>
where
<hi rend="italic">p</hi>
is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present
<hi rend="italic">very efficient</hi>
and
<hi rend="italic">provable</hi>
randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called
<hi rend="italic">’Twist-AUgmented’</hi>
technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</p>
</abstract>
<textClass ana="subject">
<keywords scheme="book-subject-collection">
<list>
<label>SUCO11645</label>
<item>
<term>Computer Science</term>
</item>
</list>
</keywords>
</textClass>
<textClass ana="subject">
<keywords scheme="book-subject">
<list>
<label>I</label>
<item>
<term type="Primary">Computer Science</term>
</item>
<label>I15033</label>
<item>
<term type="Secondary" subtype="priority-1">Data Encryption</term>
</item>
<label>I16021</label>
<item>
<term type="Secondary" subtype="priority-2">Algorithm Analysis and Problem Complexity</term>
</item>
<label>I13022</label>
<item>
<term type="Secondary" subtype="priority-3">Computer Communication Networks</term>
</item>
<label>I24040</label>
<item>
<term type="Secondary" subtype="priority-4">Computers and Society</term>
</item>
<label>I24067</label>
<item>
<term type="Secondary" subtype="priority-5">Management of Computing and Information Systems</term>
</item>
</list>
</keywords>
</textClass>
<langUsage>
<language ident="EN"></language>
</langUsage>
</profileDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item>
<extension>txt</extension>
<original>false</original>
<mimetype>text/plain</mimetype>
<uri>https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/fulltext.txt</uri>
</json:item>
</fulltext>
<metadata>
<istex:metadataXml wicri:clean="corpus springer-ebooks not found" wicri:toSee="no header">
<istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document>
<Publisher>
<PublisherInfo>
<PublisherName>Springer Berlin Heidelberg</PublisherName>
<PublisherLocation>Berlin, Heidelberg</PublisherLocation>
</PublisherInfo>
<Series>
<SeriesInfo SeriesType="Series" TocLevels="0">
<SeriesID>558</SeriesID>
<SeriesPrintISSN>0302-9743</SeriesPrintISSN>
<SeriesElectronicISSN>1611-3349</SeriesElectronicISSN>
<SeriesTitle Language="En">Lecture Notes in Computer Science</SeriesTitle>
</SeriesInfo>
<SeriesHeader>
<EditorGroup>
<Editor AffiliationIDS="Aff1">
<EditorName DisplayOrder="Western">
<GivenName>David</GivenName>
<FamilyName>Hutchison</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff2">
<EditorName DisplayOrder="Western">
<GivenName>Takeo</GivenName>
<FamilyName>Kanade</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff3">
<EditorName DisplayOrder="Western">
<GivenName>Josef</GivenName>
<FamilyName>Kittler</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff4">
<EditorName DisplayOrder="Western">
<GivenName>Jon</GivenName>
<GivenName>M.</GivenName>
<FamilyName>Kleinberg</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff5">
<EditorName DisplayOrder="Western">
<GivenName>Friedemann</GivenName>
<FamilyName>Mattern</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff6">
<EditorName DisplayOrder="Western">
<GivenName>John</GivenName>
<GivenName>C.</GivenName>
<FamilyName>Mitchell</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff7">
<EditorName DisplayOrder="Western">
<GivenName>Moni</GivenName>
<FamilyName>Naor</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff8">
<EditorName DisplayOrder="Western">
<GivenName>Oscar</GivenName>
<FamilyName>Nierstrasz</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff9">
<EditorName DisplayOrder="Western">
<GivenName>C.</GivenName>
<FamilyName>Pandu Rangan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff10">
<EditorName DisplayOrder="Western">
<GivenName>Bernhard</GivenName>
<FamilyName>Steffen</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff11">
<EditorName DisplayOrder="Western">
<GivenName>Madhu</GivenName>
<FamilyName>Sudan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff12">
<EditorName DisplayOrder="Western">
<GivenName>Demetri</GivenName>
<FamilyName>Terzopoulos</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff13">
<EditorName DisplayOrder="Western">
<GivenName>Dough</GivenName>
<FamilyName>Tygar</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff14">
<EditorName DisplayOrder="Western">
<GivenName>Moshe</GivenName>
<GivenName>Y.</GivenName>
<FamilyName>Vardi</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff15">
<EditorName DisplayOrder="Western">
<GivenName>Gerhard</GivenName>
<FamilyName>Weikum</FamilyName>
</EditorName>
</Editor>
<Affiliation ID="Aff1">
<OrgName>Lancaster University</OrgName>
<OrgAddress>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff2">
<OrgName>Carnegie Mellon University</OrgName>
<OrgAddress>
<City>Pittsburgh</City>
<State>PA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff3">
<OrgName>University of Surrey</OrgName>
<OrgAddress>
<City>Guildford</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff4">
<OrgName>Cornell University</OrgName>
<OrgAddress>
<City>Ithaca</City>
<State>NY</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff5">
<OrgName>ETH Zurich</OrgName>
<OrgAddress>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff6">
<OrgName>Stanford University</OrgName>
<OrgAddress>
<City>CA</City>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff7">
<OrgName>Weizmann Institute of Science</OrgName>
<OrgAddress>
<City>Rehovot</City>
<Country>Israel</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff8">
<OrgName>University of Bern</OrgName>
<OrgAddress>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff9">
<OrgName>Indian Institute of Technology</OrgName>
<OrgAddress>
<City>Madras</City>
<Country>India</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff10">
<OrgName>University of Dortmund</OrgName>
<OrgAddress>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff11">
<OrgName>Massachusetts Institute of Technology</OrgName>
<OrgAddress>
<City>MA</City>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff12">
<OrgName>University of California</OrgName>
<OrgAddress>
<City>Los Angeles</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff13">
<OrgName>University of California</OrgName>
<OrgAddress>
<City>Berkeley</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff14">
<OrgName>Rice University</OrgName>
<OrgAddress>
<City>Houston</City>
<State>TX</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff15">
<OrgName>Max-Planck Institute of Computer Science</OrgName>
<OrgAddress>
<City>Saarbruecken</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</SeriesHeader>
<Book Language="En">
<BookInfo BookProductType="Proceedings" ContainsESM="No" Language="En" MediaType="eBook" NumberingDepth="2" NumberingStyle="ContentOnly" OutputMedium="All" TocLevels="0">
<BookID>978-3-540-33852-9</BookID>
<BookTitle>Public Key Cryptography - PKC 2006</BookTitle>
<BookSubTitle>9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24-26, 2006. Proceedings</BookSubTitle>
<BookVolumeNumber>3958</BookVolumeNumber>
<BookSequenceNumber>3958</BookSequenceNumber>
<BookDOI>10.1007/11745853</BookDOI>
<BookTitleID>138559</BookTitleID>
<BookPrintISBN>978-3-540-33851-2</BookPrintISBN>
<BookElectronicISBN>978-3-540-33852-9</BookElectronicISBN>
<BookChapterCount>34</BookChapterCount>
<BookCopyright>
<CopyrightHolderName>Springer Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2006</CopyrightYear>
</BookCopyright>
<BookSubjectGroup>
<BookSubject Code="I" Type="Primary">Computer Science</BookSubject>
<BookSubject Code="I15033" Priority="1" Type="Secondary">Data Encryption</BookSubject>
<BookSubject Code="I16021" Priority="2" Type="Secondary">Algorithm Analysis and Problem Complexity</BookSubject>
<BookSubject Code="I13022" Priority="3" Type="Secondary">Computer Communication Networks</BookSubject>
<BookSubject Code="I24040" Priority="4" Type="Secondary">Computers and Society</BookSubject>
<BookSubject Code="I24067" Priority="5" Type="Secondary">Management of Computing and Information Systems</BookSubject>
<SubjectCollection Code="SUCO11645">Computer Science</SubjectCollection>
</BookSubjectGroup>
<BookContext>
<SeriesID>558</SeriesID>
</BookContext>
</BookInfo>
<BookHeader>
<EditorGroup>
<Editor AffiliationIDS="Aff16">
<EditorName DisplayOrder="Western">
<GivenName>Moti</GivenName>
<FamilyName>Yung</FamilyName>
</EditorName>
<Contact>
<Email>moti@cs.columbia.edu</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff17">
<EditorName DisplayOrder="Western">
<GivenName>Yevgeniy</GivenName>
<FamilyName>Dodis</FamilyName>
</EditorName>
<Contact>
<Email>dodis@cs.nyu.edu</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff18">
<EditorName DisplayOrder="Western">
<GivenName>Aggelos</GivenName>
<FamilyName>Kiayias</FamilyName>
</EditorName>
<Contact>
<Email>aggelos@cse.uconn.edu</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff19">
<EditorName DisplayOrder="Western">
<GivenName>Tal</GivenName>
<FamilyName>Malkin</FamilyName>
</EditorName>
<Contact>
<Email>tal@cs.columbia.edu</Email>
</Contact>
</Editor>
<Affiliation ID="Aff16">
<OrgDivision>Computer Science Department</OrgDivision>
<OrgName>Google Inc. and Columbia University</OrgName>
<OrgAddress>
<Street>1214 Amsterdam Avenue</Street>
<Postcode>10027</Postcode>
<City>New York</City>
<State>NY</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff17">
<OrgName>New York University</OrgName>
<OrgAddress>
<Country> </Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff18">
<OrgDivision>Computer Science and Engineering</OrgDivision>
<OrgName>University of Connecticut</OrgName>
<OrgAddress>
<City>Storrs</City>
<State>CT</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff19">
<OrgDivision>Dept. of Computer Science</OrgDivision>
<OrgName>Columbia University</OrgName>
<OrgAddress>
<Country> </Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</BookHeader>
<Part ID="Part9">
<PartInfo TocLevels="0">
<PartID>9</PartID>
<PartSequenceNumber>9</PartSequenceNumber>
<PartTitle>Authentication and Key Establishment</PartTitle>
<PartChapterCount>4</PartChapterCount>
<PartContext>
<SeriesID>558</SeriesID>
<BookTitle>Public Key Cryptography - PKC 2006</BookTitle>
</PartContext>
</PartInfo>
<Chapter ID="Chap27" Language="En">
<ChapterInfo ChapterType="OriginalPaper" ContainsESM="No" NumberingDepth="2" NumberingStyle="ContentOnly" TocLevels="0">
<ChapterID>27</ChapterID>
<ChapterDOI>10.1007/11745853_27</ChapterDOI>
<ChapterSequenceNumber>27</ChapterSequenceNumber>
<ChapterTitle Language="En">The Twist-AUgmented Technique for Key Exchange</ChapterTitle>
<ChapterFirstPage>410</ChapterFirstPage>
<ChapterLastPage>426</ChapterLastPage>
<ChapterCopyright>
<CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2006</CopyrightYear>
</ChapterCopyright>
<ChapterGrants Type="Regular">
<MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ChapterGrants>
<ChapterContext>
<SeriesID>558</SeriesID>
<PartID>9</PartID>
<BookID>978-3-540-33852-9</BookID>
<BookTitle>Public Key Cryptography - PKC 2006</BookTitle>
</ChapterContext>
</ChapterInfo>
<ChapterHeader>
<AuthorGroup>
<Author AffiliationIDS="Aff20">
<AuthorName DisplayOrder="Western">
<GivenName>Olivier</GivenName>
<FamilyName>Chevassut</FamilyName>
</AuthorName>
<Contact>
<Email>OChevassut@lbl.gov</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff21">
<AuthorName DisplayOrder="Western">
<GivenName>Pierre-Alain</GivenName>
<FamilyName>Fouque</FamilyName>
</AuthorName>
<Contact>
<Email>Pierre-Alain.Fouque@ens.fr</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff22">
<AuthorName DisplayOrder="Western">
<GivenName>Pierrick</GivenName>
<FamilyName>Gaudry</FamilyName>
</AuthorName>
<Contact>
<Email>Pierrick.Gaudry@loria.fr</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff21">
<AuthorName DisplayOrder="Western">
<GivenName>David</GivenName>
<FamilyName>Pointcheval</FamilyName>
</AuthorName>
<Contact>
<Email>David.Pointcheval@ens.fr</Email>
</Contact>
</Author>
<Affiliation ID="Aff20">
<OrgName>Lawrence Berkeley National Lab.</OrgName>
<OrgAddress>
<City>Berkeley</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff21">
<OrgName>CNRS-École normale supérieure</OrgName>
<OrgAddress>
<City>Paris</City>
<Country>France</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff22">
<OrgName>CNRS-LORIA</OrgName>
<OrgAddress>
<City>Nancy</City>
<Country>France</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En">
<Heading>Abstract</Heading>
<Para>Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require
<Emphasis Type="Italic">randomness extractors</Emphasis>
to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–.</Para>
<Para>In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are
<Emphasis Type="Italic">a priori</Emphasis>
distinct tools, we first study whether such an application is correct or not. We thereafter study the case of
<InlineEquation ID="IEq1">
<InlineMediaObject>
<ImageObject FileRef="978-3-540-33852-9_27_Chapter_TeX2GIFIEq1.gif" Format="GIF" Color="BlackWhite" Type="Linedraw" Rendition="HTML"></ImageObject>
</InlineMediaObject>
<EquationSource Format="TEX">$\mathbb{Z}^{*}_{p}$</EquationSource>
</InlineEquation>
where
<Emphasis Type="Italic">p</Emphasis>
is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present
<Emphasis Type="Italic">very efficient</Emphasis>
and
<Emphasis Type="Italic">provable</Emphasis>
randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called
<Emphasis Type="Italic">’Twist-AUgmented’</Emphasis>
technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</Para>
</Abstract>
</ChapterHeader>
<NoBody></NoBody>
</Chapter>
</Part>
</Book>
</Series>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6">
<titleInfo lang="en">
<title>The Twist-AUgmented Technique for Key Exchange</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA">
<title>The Twist-AUgmented Technique for Key Exchange</title>
</titleInfo>
<name type="personal">
<namePart type="given">Olivier</namePart>
<namePart type="family">Chevassut</namePart>
<affiliation>Lawrence Berkeley National Lab., Berkeley, CA, USA</affiliation>
<affiliation>E-mail: OChevassut@lbl.gov</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Pierre-Alain</namePart>
<namePart type="family">Fouque</namePart>
<affiliation>CNRS-École normale supérieure, Paris, France</affiliation>
<affiliation>E-mail: Pierre-Alain.Fouque@ens.fr</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Pierrick</namePart>
<namePart type="family">Gaudry</namePart>
<affiliation>CNRS-LORIA, Nancy, France</affiliation>
<affiliation>E-mail: Pierrick.Gaudry@loria.fr</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">David</namePart>
<namePart type="family">Pointcheval</namePart>
<affiliation>CNRS-École normale supérieure, Paris, France</affiliation>
<affiliation>E-mail: David.Pointcheval@ens.fr</affiliation>
<role>
<roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre displayLabel="OriginalPaper" authority="ISTEX" authorityURI="https://content-type.data.istex.fr" type="conference" valueURI="https://content-type.data.istex.fr/ark:/67375/XTP-BFHXPBJJ-3">conference</genre>
<originInfo>
<publisher>Springer Berlin Heidelberg</publisher>
<place>
<placeTerm type="text">Berlin, Heidelberg</placeTerm>
</place>
<dateIssued encoding="w3cdtf">2006</dateIssued>
<copyrightDate encoding="w3cdtf">2006</copyrightDate>
</originInfo>
<language>
<languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<abstract lang="en">Abstract: Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, formal proofs in the standard model require randomness extractors to formally extract the entropy of the random master secret into a seed prior to deriving other keys. Whereas this is a quite simple tool, it is not easy to use in practice –or it is easy to misuse it–. In addition, in many standards, the acronym PRF (Pseudo-Random Functions) is used for several tasks, and namely the randomness extraction. While randomness extractors and pseudo-random functions are a priori distinct tools, we first study whether such an application is correct or not. We thereafter study the case of $\mathbb{Z}^{*}_{p}$ where p is a safe-prime and the case of elliptic curve since in IPSec for example, only these two groups are considered. We present very efficient and provable randomness extraction techniques for these groups under the DDH assumption. In the special case of elliptic curves, we present a new technique —the so-called ’Twist-AUgmented’ technique— which exploits specific properties of some elliptic curves, and avoids the need of any randomness extractor. We finally compare the efficiency of this method with other solutions.</abstract>
<relatedItem type="host">
<titleInfo>
<title>Public Key Cryptography - PKC 2006</title>
<subTitle>9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24-26, 2006. Proceedings</subTitle>
</titleInfo>
<name type="personal">
<namePart type="given">Moti</namePart>
<namePart type="family">Yung</namePart>
<affiliation>Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA</affiliation>
<affiliation>E-mail: moti@cs.columbia.edu</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Yevgeniy</namePart>
<namePart type="family">Dodis</namePart>
<affiliation>New York University,  </affiliation>
<affiliation>E-mail: dodis@cs.nyu.edu</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Aggelos</namePart>
<namePart type="family">Kiayias</namePart>
<affiliation>Computer Science and Engineering, University of Connecticut, Storrs, CT, USA</affiliation>
<affiliation>E-mail: aggelos@cse.uconn.edu</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Tal</namePart>
<namePart type="family">Malkin</namePart>
<affiliation>Dept. of Computer Science, Columbia University,  </affiliation>
<affiliation>E-mail: tal@cs.columbia.edu</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="book-series" authority="ISTEX" authorityURI="https://publication-type.data.istex.fr" valueURI="https://publication-type.data.istex.fr/ark:/67375/JMC-0G6R5W5T-Z">book-series</genre>
<originInfo>
<publisher>Springer</publisher>
<copyrightDate encoding="w3cdtf">2006</copyrightDate>
<issuance>monographic</issuance>
</originInfo>
<subject>
<genre>Book-Subject-Collection</genre>
<topic authority="SpringerSubjectCodes" authorityURI="SUCO11645">Computer Science</topic>
</subject>
<subject>
<genre>Book-Subject-Group</genre>
<topic authority="SpringerSubjectCodes" authorityURI="I">Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15033">Data Encryption</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I16021">Algorithm Analysis and Problem Complexity</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I13022">Computer Communication Networks</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I24040">Computers and Society</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I24067">Management of Computing and Information Systems</topic>
</subject>
<identifier type="DOI">10.1007/11745853</identifier>
<identifier type="ISBN">978-3-540-33851-2</identifier>
<identifier type="eISBN">978-3-540-33852-9</identifier>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="BookTitleID">138559</identifier>
<identifier type="BookID">978-3-540-33852-9</identifier>
<identifier type="BookChapterCount">34</identifier>
<identifier type="BookVolumeNumber">3958</identifier>
<identifier type="BookSequenceNumber">3958</identifier>
<identifier type="PartChapterCount">4</identifier>
<part>
<date>2006</date>
<detail type="part">
<title>Authentication and Key Establishment</title>
</detail>
<detail type="volume">
<number>3958</number>
<caption>vol.</caption>
</detail>
<extent unit="pages">
<start>410</start>
<end>426</end>
</extent>
</part>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2006</recordOrigin>
</recordInfo>
</relatedItem>
<relatedItem type="series">
<titleInfo>
<title>Lecture Notes in Computer Science</title>
</titleInfo>
<name type="personal">
<namePart type="given">David</namePart>
<namePart type="family">Hutchison</namePart>
<affiliation>Lancaster University, UK</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Takeo</namePart>
<namePart type="family">Kanade</namePart>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Josef</namePart>
<namePart type="family">Kittler</namePart>
<affiliation>University of Surrey, Guildford, UK</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Jon</namePart>
<namePart type="given">M.</namePart>
<namePart type="family">Kleinberg</namePart>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Friedemann</namePart>
<namePart type="family">Mattern</namePart>
<affiliation>ETH Zurich, Switzerland</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">John</namePart>
<namePart type="given">C.</namePart>
<namePart type="family">Mitchell</namePart>
<affiliation>Stanford University, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moni</namePart>
<namePart type="family">Naor</namePart>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Oscar</namePart>
<namePart type="family">Nierstrasz</namePart>
<affiliation>University of Bern, Switzerland</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">C.</namePart>
<namePart type="family">Pandu Rangan</namePart>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Bernhard</namePart>
<namePart type="family">Steffen</namePart>
<affiliation>University of Dortmund, Germany</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Madhu</namePart>
<namePart type="family">Sudan</namePart>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Demetri</namePart>
<namePart type="family">Terzopoulos</namePart>
<affiliation>University of California, Los Angeles, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Dough</namePart>
<namePart type="family">Tygar</namePart>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Moshe</namePart>
<namePart type="given">Y.</namePart>
<namePart type="family">Vardi</namePart>
<affiliation>Rice University, Houston, TX, USA</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal">
<namePart type="given">Gerhard</namePart>
<namePart type="family">Weikum</namePart>
<affiliation>Max-Planck Institute of Computer Science, Saarbruecken, Germany</affiliation>
<role>
<roleTerm type="text">editor</roleTerm>
</role>
</name>
<originInfo>
<publisher>Springer</publisher>
<copyrightDate encoding="w3cdtf">2006</copyrightDate>
<issuance>serial</issuance>
</originInfo>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="SeriesID">558</identifier>
<recordInfo>
<recordOrigin>Springer Berlin Heidelberg, 2006</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">32506E8AABE71A8E1447E94F7FCC2D69133BA00A</identifier>
<identifier type="ark">ark:/67375/HCB-1JDVK4LG-3</identifier>
<identifier type="DOI">10.1007/11745853_27</identifier>
<identifier type="ChapterID">27</identifier>
<identifier type="ChapterID">Chap27</identifier>
<accessCondition type="use and reproduction" contentType="copyright">Springer Berlin Heidelberg, 2006</accessCondition>
<recordInfo>
<recordContentSource authority="ISTEX" authorityURI="https://loaded-corpus.data.istex.fr" valueURI="https://loaded-corpus.data.istex.fr/ark:/67375/XBH-RLRX46XW-4">springer</recordContentSource>
<recordOrigin>Springer-Verlag Berlin Heidelberg, 2006</recordOrigin>
</recordInfo>
</mods>
<json:item>
<extension>json</extension>
<original>false</original>
<mimetype>application/json</mimetype>
<uri>https://api.istex.fr/ark:/67375/HCB-1JDVK4LG-3/record.json</uri>
</json:item>
</metadata>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Istex/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000B79 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 000B79 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:32506E8AABE71A8E1447E94F7FCC2D69133BA00A
   |texte=   The Twist-AUgmented Technique for Key Exchange
}}
Wicri

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022