词条 | Mask generation function |
释义 |
A mask generation function (MGF) is a cryptographic primitive similar to a cryptographic hash function except that while a hash function's output is a fixed size, a MGF supports output of a variable length. In this respect, a MGF can be viewed as a single-use sponge function: it can absorb any length of input and process it to produce any length of output. Mask generation functions are completely deterministic: for any given input and desired output length the output is always the same. Definition
ApplicationsMask generation functions, as generalizations of hash functions, are useful wherever hash functions are. However, use of a MGF is desirable in cases where a fixed-size hash would be inadequate. Examples include generating padding, producing one time pads or keystreams in symmetric key encryption, and yielding outputs for pseudorandom number generators. Padding schemesMask generation functions were first proposed as part of the specification for padding in the RSA-OAEP algorithm. The OAEP algorithm required a cryptographic hash function that could generate an output equal in size to a "data block" whose length was proportional to arbitrarily sized input message.[1] Keyed encryptionThe Salsa20 stream cipher may be viewed as a mask generation function as its keystream is produced by hashing the key and nonce with a counter, to yield an arbitrarily long output.[2]
Random number generatorsNIST Special Publication 800-90A[3] defines a class of cryptographically secure random number generators, one of which is the "Hash DRBG", which uses a hash function with a counter to produce a requested sequence of random bits equal in size to the requested number of random bits. ExamplesPerhaps the most common and straightforward mechanism to build a MGF is to iteratively apply a hash function together with an incrementing counter value. The counter may be incremented indefinitely to yield new output blocks until a sufficient amount of output is collected. This is the approach used in MGF1. MGF1MGF1 is a mask generation function defined in the Public Key Cryptography Standard #1 published by RSA Laboratories[1]:
Example CodeBelow is python code implementing MGF1: Example outputs of MGF1: References1. ^1 2 {{cite web |url=https://www.ietf.org/rfc/rfc2437.txt |title=RFC 2437 PKCS #1 |author=RSA Laboratories}} 2. ^{{cite web |url=https://cr.yp.to/snuffle/salsafamily-20071225.pdf | title=The Salsa20 family of stream ciphers |author=Daniel J. Bernstein}} 3. ^{{cite web |url=http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf | title=Recommendation for Random Number Generation Using Deterministic Random Bit Generators |author=National Institute of Standards and Technology}} 4 : Cryptography|Cryptographic primitives|Cryptographic hash functions|Theory of cryptography |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。