Skip to Main content Skip to Navigation
Conference papers

HMAC is a Randomness Extractor and Applications to TLS

Pierre-Alain Fouque 1, 2 David Pointcheval 1, 2 Sébastien Zimmer 1, 2
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : In this paper, we study the security of a practical randomness extractor and its application in the tls standard. Randomness extraction is the first stage of key derivation functions since the secret shared between the entities does not always come from a uniformly distributed source. More precisely, we wonder if the Hmac function, used in many standards, can be considered as a randomness extractor? We show that when the shared secret is put in the key space of the Hmac function, there are two cases to consider depending on whether the key is larger than the block-length of the hash function or not. In both cases, we provide a formal proof that the output is pseudo- random, but under different assumptions. Nevertheless, all the assumptions are related to the fact that the compression function of the underlying hash function behaves like a pseudo-random function. This analysis allows us to prove the tls randomness extractor for Diffie-Hellman and RSA key exchange. Of independent interest, we study a computational analog to the leftover hash lemma for computational almost universal hash function families: any pseudo-random function family matches the latter definition.
Document type :
Conference papers
Complete list of metadatas
Contributor : David Pointcheval <>
Submitted on : Tuesday, September 22, 2009 - 4:22:18 PM
Last modification on : Wednesday, October 14, 2020 - 3:58:01 AM
Long-term archiving on: : Wednesday, June 16, 2010 - 12:00:14 AM


Files produced by the author(s)


  • HAL Id : inria-00419158, version 1



Pierre-Alain Fouque, David Pointcheval, Sébastien Zimmer. HMAC is a Randomness Extractor and Applications to TLS. Proceedings of the 3rd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS '08), 2008, Tokyo, Japon, Japan. pp.21--32. ⟨inria-00419158⟩



Record views


Files downloads