Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I want to derive a 256 bit encryption key and a 256 bit MAC key from a single 25

ID: 648102 • Letter: I

Question

I want to derive a 256 bit encryption key and a 256 bit MAC key from a single 256 bit master key for an authenticated encryption scheme.

I was considering the following construction to derive the two keys using a secure 256 bit hash algorithm e.g. Keccak:

1) Key 1 for encryption = H(master key | '0')

2) Key 2 for MAC = H(master key | '1')

The advantage of this is that if the MAC key is compromised, it will not lead to decryption of messages as it should be hard to find a pre-image for the one-way hash to determine the master key and thus the derived encryption key.

Also, if only the encryption key was compromised, then this would also not compromise the master key so the attacker should not be able to determine the MAC key and be able to forge future transmissions.

Is this a secure method to derive two keys from one key? If not, what is a more secure method?

Explanation / Answer

Depends on what you mean by Keccak.

There is actually a slight issue here that not all 256-bit Keccak variants have 256-bit preimage resistance. SHA3-256 (in the current SHA-3 draft) does have 256-bit preimage, but if you are using Keccak with 256-bit capacity it only has 128-bit preimage resistance. At least some of the earlier documents had 256-bit output Keccak with 256-bit capacity.

If your hash function has 128-bit preimage resistance, an attacker who gets your encryption key might also be able to break the authentication or vice versa, using "only" about 2218 operations. Of course, even that wouldn't be feasible currently, but since you are going with 256-bit encryption, you should ensure that all steps maintain 256-bit resistance.

If you are using the version from the current SHA-3 draft, you should be fine. However, I'd like to second the suggestion of using HKDF (perhaps with a more established hash like SHA-256), because it is a fairly standard way to derive keys.

Related Questions

I want to buy the class notes for these three classes. The course major is \"Ele
Question #1813909
I want to calculate the volecity head on the service head A small coastal town i
Question #1711025
I want to calculate this problem in \"SPSS\" program and se how it looks. I want
Question #3310108
I want to change the current code to have an array of integers with user input i
Question #3551451
I want to check if I get the right answer to question 11. Can you please share y
Question #3311051
I want to check if I get the right answer to question 7. Can you please share yo
Question #3311049
I want to check if my homework is correct, I\'m prepping for an exam soon and it
Question #789536
I want to check if the data are correct. Especially for the system total. I just
Question #1780219
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I want to deleted an element from my Student array object. The code I have only
Next
I want to design a car for this assignment Choose a very simple product and crea

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.