Score:3

Are PRNGs Key Derivation Functions?

ng flag

PRNG is a mechanism to produce randomness from an initial random seed, so basically a way to derive more secrets from one secret.

Looking at the Wikipedia entry for KDF you find

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a main key, a password, or a passphrase.

Which sounds to me like what PRNGS are. So will it be correct to classify PRNGs as KDFs?

Score:2
ng flag

While PRNGs are not exactly KDFs, there are several constructions of KDFs from PRNGs (actually PRFs, but they are equivalent). This is similar to how (symmetric) encryption is not the same as a PRG, but it is simple to build symmetric encryption from a PRG.

To read more about this, see NIST 800-108. There are three constructions listed from arbitrary PRFs.

Note that there are other ways to build KDFs as well. In particular, a number of KDFs are built from hashes, rather than PRFs. In particular, I believe PBKDF2 and Argon2 are popular KDFs that use hashes (SHA2 and Blake2) rather than PRGs for their underlying pseudorandom primitive.

Score:0
ph flag
jpa

So will it be correct to classify PRNGs as KDFs?

There are two important differences:

  1. Removal of any correlations in the output bits that could help compromise other algorithms that use the key. Cryptographic PRNGs satisfy this by default, but for example LFSR based algorithms do not.

  2. In case the input is a password, it is desirable that the KDF takes a reasonable amount of time to execute. Not too slow, but not too fast either - this helps increase the resistance against bruteforcing when the password entropy is not large enough. Usually KDFs are designed to limit the amount of acceleration available from specialized hardware such as GPUs and FPGAs. Most PRNGs on the other hand are designed to be as fast as they can be.

The NIST 800-108 standard mentioned by the other answer specifies ways to iterate a PRNG multiple times in a specific way. This both helps make it slower and reduce any known or unknown biases in the output.

SAI Peregrinus avatar
si flag
This answer is specific to Password-Based KDFs, not to KDFs in general. "Plain" KDFs like HKDF are used to turn non-uniformly random bytes (like the result of an ECDH exchange) into uniformly random bytes, and do so as efficiently as possible.
ph flag
jpa
@SAIPeregrinus You are correct. I edited the answer a bit.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.