Lower Bounds on Key Derivation for Square-Friendly Applications

Author Maciej Skorski

Thumbnail PDF


  • Filesize: 0.5 MB
  • 12 pages

Document Identifiers

Author Details

Maciej Skorski

Cite AsGet BibTex

Maciej Skorski. Lower Bounds on Key Derivation for Square-Friendly Applications. In 34th Symposium on Theoretical Aspects of Computer Science (STACS 2017). Leibniz International Proceedings in Informatics (LIPIcs), Volume 66, pp. 57:1-57:12, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2017)


Security of cryptographic applications is typically defined by security games. The adversary, within certain resources, cannot win with probability much better than 0 (for unpredictability applications, like one-way functions) or much better than 1/2 (indistinguishability applications for instance encryption schemes). In so called squared-friendly applications the winning probability of the adversary, for different values of the application secret randomness, is not only close to 0 or 1/2 on average, but also concentrated in the sense that its second central moment is small. The class of squared-friendly applications, which contains all unpredictability applications and many indistinguishability applications, is particularly important for key derivation. Barak et al. observed that for square-friendly applications one can beat the "RT-bound", extracting secure keys with significantly smaller entropy loss. In turn Dodis and Yu showed that in squared-friendly applications one can directly use a "weak" key, which has only high entropy, as a secure key. In this paper we give sharp lower bounds on square security assuming security for "weak" keys. We show that any application which is either (a) secure with weak keys or (b) allows for entropy savings for keys derived by universal hashing, must be square-friendly. Quantitatively, our lower bounds match the positive results of Dodis and Yu and Barak et al. (TCC'13, CRYPTO'11) Hence, they can be understood as a general characterization of squared-friendly applications. While the positive results on squared-friendly applications where derived by one clever application of the Cauchy-Schwarz Inequality, for tight lower bounds we need more machinery. In our approach we use convex optimization techniques and some theory of circular matrices.
  • key derivation
  • square-friendly applications
  • lower bounds


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. B. Barak, Y. Dodis, H. Krawczyk, O. Pereira, K. Pietrzak, F. Standaert, and Yu Yu. Leftover hash lemma, revisited. In Proc. 31th CRYPTO, 2011. Google Scholar
  2. B. Barak, R. Shaltiel, and A. Wigderson. Computational analogues of entropy. In RANDOM-APPROX, 2003. Google Scholar
  3. Stephen Boyd and Lieven Vandenberghe. Convex Optimization. Cambridge University Press, New York, NY, USA, 2004. Google Scholar
  4. Y. Dodis, K. Pietrzak, and D. Wichs. Key derivation without entropy waste. In EUROCRYPT, pages 93-110. Springer Berlin Heidelberg, 2014. URL: http://dx.doi.org/10.1007/978-3-642-55220-5_6.
  5. Y. Dodis and Yu Yu. Overcoming weak expectations. In Theory of Cryptography, volume 7785 of Lecture Notes in Computer Science. Springer, 2013. URL: http://dx.doi.org/10.1007/978-3-642-36594-2_1.
  6. J. Radhakrishnan and A. Ta-Shma. Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM JOURNAL ON DISCRETE MATHEMATICS, 13:2000, 2000. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail