A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE

TL;DR

This paper compares various NIST and IEEE standardized Key Derivation Functions based on MAC algorithms, analyzing their performance, advantages, and suitable applications through experimental evaluation.

Contribution

It provides a comprehensive comparison and implementation analysis of NIST and IEEE standardized KDFs based on different MAC algorithms, highlighting their performance and use cases.

Findings

CMAC and CMAC-based KDF have the shortest computation times

Experimental evaluation of MAC and KDF performance

Analysis of advantages and scenarios for each KDF

Abstract

Since many applications and services require pseudorandom numbers (PRNs), it is feasible to generate specific PRNs under given key values and input messages using Key Derivation Functions (KDFs). These KDFs are primarily constructed based on Message Authentication Codes (MACs), where the MAC serves as a core component in the generation of pseudorandom numbers. In light of this, the study first examines three MAC algorithms defined by the National Institute of Standards and Technology (NIST): the Keyed-Hash Message Authentication Code (HMAC), the Cipher-based Message Authentication Code (CMAC), and the Keccak-based Message Authentication Code (KMAC). Subsequently, the study explores KDFs based on these MACs, including the Counter Mode KDF, the KMAC-based KDF, and the KDF defined in IEEE 1609.2.1. In experiments, the computation times for generating MACs and the corresponding pseudorandom numbers using each KDF are evaluated. The study further analyzes the advantages, disadvantages, and applicable scenarios for each method. Experimental results indicate that the CMAC and the CMAC-based KDF exhibit the shortest computation times, averaging approximately 0.007 milliseconds and 0.014 milliseconds, respectively.