Extendable-output function

Extendable-output function (XOF) is an extension^[1] of the cryptographic hash that allows its output to be arbitrarily long. In particular, the sponge construction makes any sponge hash a natural XOF: the squeeze operation can be repeated, and the regular hash functions with a fixed-size result are obtained from a sponge mechanism by stopping the squeezing phase after obtaining the fixed number of bits).^[2]

The genesis of a XOF makes it collision, preimage and second preimage resistant. Technically, any XOF can be turned into a cryptographic hash by truncating the result to a fixed length (in practice, hashes and XOFs are defined differently for domain separation^[3]). The examples of XOF include the algorithms from the Keccak family: SHAKE128, SHAKE256, and a variant with higher efficiency, KangarooTwelve.^[1]

XOFs are used as key derivation functions (KDFs), stream ciphers,^[1] mask generation functions.^[4]

Related-output issues

By their nature, XOFs can produce related outputs (a longer result includes a shorter one as a prefix). The use of KDFs for key derivation can therefore cause related-output problems. As a "naïve" example, if the Triple DES keys are generated with a XOF, and there is a confusion in the implementation that causes some operations to be performed as 3TDEA (3x56 = 168-bit key), and some as 2TDEA (2x56 = 112 bit key), comparing the encryption results will lower the attack complexity to just 56 bits; similar problems can occur if hashes in the NIST SP 800-108 are naïvely replaced by the KDFs.^[5]

References

↑ ^1.0 ^1.1 ^1.2 Peyrin & Wang 2020, p. 7.
↑ Mittelbach & Fischlin 2021, p. 526.
↑ Dworkin 2014, p. 3.
↑ Perlner 2014, p. 4.
↑ Perlner 2014, p. 5.

Sources

Mittelbach, Arno; Fischlin, Marc (2021). "Extendable Output Functions (XOFs)". The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography. Information Security and Cryptography. Springer International Publishing. ISBN 978-3-030-63287-8. https://books.google.com/books?id=Ly8WEAAAQBAJ&pg=PA526. Retrieved 2023-06-22.
Peyrin, Thomas; Wang, Haoyang (2020). "The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers". Advances in Cryptology – CRYPTO 2020. Lecture Notes in Computer Science. 12172. Springer International Publishing. pp. 249–278. doi:10.1007/978-3-030-56877-1_9. ISBN 978-3-030-56876-4. https://eprint.iacr.org/2020/986.pdf.
Perlner, Ray (August 22, 2014). "Extendable-Output Functions (XOFs)". NIST. https://csrc.nist.gov/events/2014/sha-3-2014-workshop.
Dworkin, Morris (August 22, 2014). "Domain Extensions". NIST. https://csrc.nist.gov/events/2014/sha-3-2014-workshop.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Extendable-output function. Read more

[FOOTNOTEPeyrinWang20207-1] 1.0 ^1.1 ^1.2 Peyrin & Wang 2020, p. 7.

[FOOTNOTEMittelbachFischlin2021526-2] Mittelbach & Fischlin 2021, p. 526.

[FOOTNOTEDworkin20143-3] Dworkin 2014, p. 3.

[FOOTNOTEPerlner20144-4] Perlner 2014, p. 4.

[FOOTNOTEPerlner20145-5] Perlner 2014, p. 5.

[1]

[2]

[3]

[4]

[5]

Anonymous

Search

Extendable-output function

Namespaces

More

Page actions

Related-output issues

References

Sources

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Extendable-output function

Related-output issues

References

Sources

Navigation

Wiki tools

Page tools

Other projects

Categories