Skip to content

Commit

Permalink
Improve the NIST KDF
Browse files Browse the repository at this point in the history 
Using the XOR of the outputs as the IV makes more sense than using it as the Context parameter. This is more efficient and avoids a suffix MAC situation.

However, with SHAKE256, SHA3-512, and BLAKE3, the current PRF input still exceeds one block. I think keeping the counter and domain separation is a good idea though so will probably have to live with this.
  • Loading branch information
@samuel-lucas6
samuel-lucas6 committed Oct 26, 2024
1 parent 9e5f1b8 commit 7f00934
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions draft-lucas-bkdf.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,10 +282,10 @@ foreach output in outputs

counter = 1
reps = Ceiling(length / HASH_LEN)
previous = ByteArray(0)
previous = hash
result = ByteArray(0)
for i = 0 to reps
previous = PRF(key, previous || LE32(counter++) || UTF8("bkdf") || hash)
previous = PRF(key, previous || LE32(counter++) || UTF8("bkdf"))
result = result || previous

return result.Slice(0, length)
Expand Down

0 comments on commit 7f00934

Please sign in to comment.