TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

TWC：媒介：协作：密钥派生的理论与实践

• 批准号: 1314568
• 负责人: Yevgeniy Dodis
• 金额: $ 66.88万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-08-01 至 2019-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314568&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Theory; Practice

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis. Even though key derivation plays a central role in the security landscape, it has received surprisingly little formal study within the cryptographic community, leading to a large disconnect between the theory and practice. In this project, several important scenarios for key derivation are examined for their capability to improve security with provable guarantees, including the use of random number generators (RNGs), passwords, and biometrics. In particular: - How RNGs are designed to properly combine the entropy gathering, randomness extraction and pseudorandom generation modules, while achieving the best possible subset of clearly defined security properties against a variety of adversarial scenarios. - How to reduce the effectiveness of ?offline dictionary attacks? when generating keys from passwords. - How biometrics can be safely reused to generate many secret keys across many applications raises several interesting questions, combining cryptographic security properties with those of error-correcting codes.

大多数密码应用程序都依赖于随机选择的密钥，并且攻击者不知道这些密钥。不幸的是，在实践中导出密钥的过程通常是困难的，容易出错的，并且充满了安全漏洞。生成错误的密钥是一种普遍的攻击源，使复杂的加密应用程序完全不安全，尽管它们有复杂的设计和严格的数学分析。 尽管密钥推导在安全领域中起着核心作用，但令人惊讶的是，它在密码学界很少得到正式的研究，导致理论与实践之间存在很大的脱节。在这个项目中，几个重要的场景密钥推导检查他们的能力，以提高安全性与可证明的保证，包括使用随机数生成器（RNG），密码和生物识别。 特别是：- 如何设计RNG以适当地联合收割机组合熵收集、随机性提取和伪随机生成模块，同时针对各种对抗性场景实现明确定义的安全属性的最佳可能子集。- 如何降低功效？离线字典攻击？当从密码生成密钥时。- 如何安全地重复使用生物识别技术来生成许多应用程序中的许多密钥，这提出了几个有趣的问题，将密码学安全属性与纠错码的安全属性相结合。