Misplaced Pages

This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (July 2023) (Learn how and when to remove this message)

Extendable-output function (XOF) is an extension of the cryptographic hash that allows its output to be arbitrarily long. In particular, the sponge construction makes any sponge hash a natural XOF: the squeeze operation can be repeated, and the regular hash functions with a fixed-size result are obtained from a sponge mechanism by stopping the squeezing phase after obtaining the fixed number of bits).

The genesis of a XOF makes it collision, preimage and second preimage resistant. Technically, any XOF can be turned into a cryptographic hash by truncating the result to a fixed length (in practice, hashes and XOFs are defined differently for domain separation). The examples of XOF include the algorithms from the Keccak family: SHAKE128, SHAKE256, and a variant with higher efficiency, KangarooTwelve.

XOFs are used as key derivation functions (KDFs), stream ciphers, mask generation functions.

Related-output issues

By their nature, XOFs can produce related outputs (a longer result includes a shorter one as a prefix). The use of KDFs for key derivation can therefore cause related-output problems. As a "naïve" example, if the Triple DES keys are generated with a XOF, and there is a confusion in the implementation that causes some operations to be performed as 3TDEA (3x56 = 168-bit key), and some as 2TDEA (2x56 = 112 bit key), comparing the encryption results will lower the attack complexity to just 56 bits; similar problems can occur if hashes in the NIST SP 800-108 are naïvely replaced by the KDFs.

References

1. ^ Peyrin & Wang 2020, p. 7.
2. Mittelbach & Fischlin 2021, p. 526.
3. Dworkin 2014, p. 3.
4. Perlner 2014, p. 4.
5. Perlner 2014, p. 5.

Sources

• Mittelbach, Arno; Fischlin, Marc (2021). "Extendable Output Functions (XOFs)". The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography. Information Security and Cryptography. Springer International Publishing. ISBN 978-3-030-63287-8. Retrieved 2023-06-22.
• Peyrin, Thomas; Wang, Haoyang (2020). "The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers" (PDF). Advances in Cryptology – CRYPTO 2020. Lecture Notes in Computer Science. Vol. 12172. Springer International Publishing. pp. 249–278. doi:10.1007/978-3-030-56877-1_9. ISBN 978-3-030-56876-4. ISSN 0302-9743. S2CID 221107066.
• Perlner, Ray (August 22, 2014). "Extendable-Output Functions (XOFs)". csrc.nist.gov. NIST. Retrieved 22 June 2023.
• Dworkin, Morris (August 22, 2014). "Domain Extensions". csrc.nist.gov. NIST. Retrieved 22 June 2023.

This article needs additional or more specific categories. Please help out by adding categories to it so that it can be listed with similar articles. (June 2023)

This cryptography-related article is a stub. You can help Misplaced Pages by expanding it.

• v
• t
• e

• Extendable-output functions
• Cryptography stubs