Key derivation function
(also KDF)
Key derivation function definition
A key derivation function is a cryptographic algorithm that creates one or more derived keys from an original input key or password. It aims to produce keys suitable for different cryptographic purposes and, sometimes, to enhance key security by transforming them into longer, more random, and harder-to-guess values.
The key derivation process involves applying cryptographic operations like hashing, salting, or stretching to the original key or password. These operations add complexity and randomness to the derived key, making it resistant to brute-force and dictionary attacks.
KDFs find everyday use in various cryptographic applications. For example, they are employed in password-based key derivation to generate a cryptographic key based on a user’s password. Using a KDF, the derived key can have higher entropy than the original password, reducing the risk of successful attacks.
Multiple parties utilize KDFs in key agreement protocols to derive a shared secret key. In this scenario, each party independently derives the same key using their respective inputs, ensuring the resulting shared key is identical for all parties involved.
See also: cryptographic key, data key
Key derivation function use cases
- Password hashing. KDFs can add complexity to hashed passwords, making them more resistant to cracking attempts.
- Data encryption. KDFs generate encryption keys for encrypting data.
- Data signing. KDFs generate signing keys, and users utilize these keys to sign data.
- User authentication. KDFs generate authentication keys that authenticate users.