crypto primitives: hashes, HKDF, HKDF-ModHEAD master

author: Mikolai Gütschow <mikolai.guetschow@tu-dresden.de> 2024-03-28 16:52:40 +0100
committer: Mikolai Gütschow <mikolai.guetschow@tu-dresden.de> 2024-03-28 16:52:40 +0100
commit: 267fb8ebe469a235205c834b9a36166c16b0c6c1 (patch)
tree: 4e67e9818f6262c58f1f147eed2d6b355ea0b48a /draft-guetschow-taler-protocol.xml
parent: eea4a515ece86fa181e89758d5153fea769edec5 (diff)
download: lsd0009-master.tar.gz
lsd0009-master.zip
1 files changed, 222 insertions, 16 deletions
diff --git a/draft-guetschow-taler-protocol.xml b/draft-guetschow-taler-protocol.xml
index eab6d50..891e5e7 100644
--- a/draft-guetschow-taler-protocol.xml
+++ b/draft-guetschow-taler-protocol.xml
@@ -38,7 +38,7 @@
    <abstract>
-<?line 37?>
+<?line 41?>
 <t>[ TBW ]</t>
@@ -53,12 +53,131 @@
  <middle>
-<?line 41?>
+<?line 45?>
 <section anchor="introduction"><name>Introduction</name>
 <t>[ TBW ]</t>
+<t>Beware that this document is still work-in-progress and may contain errors.
+Use at your own risk!</t>
+</section>
+<section anchor="notation"><name>Notation</name>
+<t><list style="symbols">
+  <t><spanx style="verb">a | b</spanx> denotes the concatenation of a with b</t>
+</list></t>
+</section>
+<section anchor="cryptographic-primitives"><name>Cryptographic Primitives</name>
+<section anchor="cryptographic-hash-functions"><name>Cryptographic Hash Functions</name>
+<section anchor="sha256"><name>SHA-256</name>
+<t>Taler uses SHA-256 as defined in Section 5.1 of <xref target="RFC6234"></xref>.</t>
+</section>
+<section anchor="sha512"><name>SHA-512</name>
+<t>Taler uses SHA-512 as defined in Section 5.2 of <xref target="RFC6234"></xref>.</t>
+</section>
+<section anchor="sha512-trunc"><name>Truncated SHA-512</name>
+</section>
+</section>
+<section anchor="key-derivation-functions"><name>Key Derivation Functions</name>
+<section anchor="hkdf"><name>HKDF</name>
+<t>The Hashed Key Derivation Function (HKDF) used in Taler is an instantiation of <xref target="RFC5869"></xref>
+with two different hash functions for the Extract and Expand step as suggested in <xref target="HKDF"></xref>.
+HMAC-SHA512 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-512, cf. <xref target="sha512"/>) is used for <spanx style="verb">HKDF-Extract</spanx>.
+HMAC-SHA256 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-256, cf. <xref target="sha256"/>) is used for <spanx style="verb">HKDF-Expand</spanx>.</t>
+<figure><artwork><![CDATA[
+HKDF(salt, IKM, info, L) -> OKM
+Inputs:
+    salt     optional salt value (a non-secret random value);
+              if not provided, it is set to a string of 64 zeros.
+    IKM      input keying material
+    info     optional context and application specific information
+              (can be a zero-length string)
+    L        length of output keying material in octets
+              (<= 255*32 = 8160)
+Output:
+    OKM      output keying material (of L octets)
+]]></artwork></figure>
+<t>The output OKM is calculated as follows:</t>
+<figure><artwork><![CDATA[
+PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512, HashLen = 64
+OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256, HashLen = 32
+]]></artwork></figure>
+</section>
+<section anchor="hkdf-mod"><name>HKDF-Mod</name>
+<t>Based on the HKDF defined in <xref target="hkdf"/>, this function returns an OKM that is smaller than a given big number N.</t>
+<figure><artwork><![CDATA[
+HKDF-Mod(N, salt, IKM, info) -> OKM
+Inputs:
+    N        big number; Nbits denotes the length of N in bits
+    salt     optional salt value (a non-secret random value);
+              if not provided, it is set to a string of 64 zeros.
+    IKM      input keying material
+    info     optional context and application specific information
+              (can be a zero-length string)
+Output:
+    OKM      output keying material (smaller than N)
+]]></artwork></figure>
+<t>The output OKM is calculated as follows:</t>
+<figure><artwork><![CDATA[
+Nlen = ceil(Nbits / 8)
+while true:
+    counter = 0
+    c = 2 least significant octets of counter in network-byte order
+    x = HKDF(salt, IKM, info | c, NLen)
+    reset all but lower Nbits bits in x
+    if x < N:
+        OKM = x
+        break
+    counter += 1
+]]></artwork></figure>
+</section>
+</section>
+<section anchor="non-blind-signatures"><name>Non-Blind Signatures</name>
+<section anchor="ed25519"><name>Ed25519</name>
+</section>
+</section>
+<section anchor="blind-signatures"><name>Blind Signatures</name>
+<section anchor="fdh-rsa"><name>FDH-RSA</name>
+</section>
+<section anchor="clause-schnorr"><name>Clause-Schnorr</name>
+</section>
+</section>
+</section>
+<section anchor="the-taler-crypto-protocol"><name>The Taler Crypto Protocol</name>
+<section anchor="withdrawal"><name>Withdrawal</name>
+</section>
 </section>
 <section anchor="security-considerations"><name>Security Considerations</name>
@@ -77,10 +196,74 @@
  <back>
+    <references title='Normative References' anchor="sec-normative-references">
+<reference anchor="RFC2104">
+  <front>
+    <title>HMAC: Keyed-Hashing for Message Authentication</title>
+    <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
+    <author fullname="M. Bellare" initials="M." surname="Bellare"/>
+    <author fullname="R. Canetti" initials="R." surname="Canetti"/>
+    <date month="February" year="1997"/>
+    <abstract>
+      <t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t>
+    </abstract>
+  </front>
+  <seriesInfo name="RFC" value="2104"/>
+  <seriesInfo name="DOI" value="10.17487/RFC2104"/>
+</reference>
+<reference anchor="RFC5869">
+  <front>
+    <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title>
+    <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
+    <author fullname="P. Eronen" initials="P." surname="Eronen"/>
+    <date month="May" year="2010"/>
+    <abstract>
+      <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
+    </abstract>
+  </front>
+  <seriesInfo name="RFC" value="5869"/>
+  <seriesInfo name="DOI" value="10.17487/RFC5869"/>
+</reference>
+<reference anchor="RFC6234">
+  <front>
+    <title>US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)</title>
+    <author fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"/>
+    <author fullname="T. Hansen" initials="T." surname="Hansen"/>
+    <date month="May" year="2011"/>
+    <abstract>
+      <t>Federal Information Processing Standard, FIPS</t>
+    </abstract>
+  </front>
+  <seriesInfo name="RFC" value="6234"/>
+  <seriesInfo name="DOI" value="10.17487/RFC6234"/>
+</reference>
+<reference anchor="HKDF">
+  <front>
+    <title>Cryptographic Extraction and Key Derivation: The HKDF Scheme</title>
+    <author fullname="Hugo Krawczyk" initials="H." surname="Krawczyk">
+      <organization/>
+    </author>
+    <date year="2010"/>
+  </front>
+  <seriesInfo name="Advances in Cryptology – CRYPTO 2010" value="pp. 631-648"/>
+  <seriesInfo name="DOI" value="10.1007/978-3-642-14623-7_34"/>
+  <seriesInfo name="ISBN" value="[&quot;9783642146220&quot;, &quot;9783642146237&quot;]"/>
+<refcontent>Springer Berlin Heidelberg</refcontent></reference>
+    </references>
-<?line 57?>
+<?line 160?>
 <section anchor="change-log"><name>Change log</name>
@@ -98,19 +281,42 @@ Education and Research (BMBF) within the project Concrete Contracts.</t>
  </back>
 <!-- ##markdown-source:
-H4sIAAAAAAAAA22TzW7UMBDH736K0XKBg7NpkZAaCYm2SwuHVgi24kA5eO3Z
+H4sIAAAAAAAAA+1X23LbNhB9x1dsnRepNWVJvsRm6k59jT225YwvkwfH00Ak
-xKxjR/ZkVwH1zbjxYoydQrWCS+SMfzPznw9LKcW+gZdCkCWHDSzWHcL17R2s
+RKKCAA4IWlZc58v61h/rLkBJli8zbZ+bycggsNjrOctlFEXsLoZVxpx0SsSw
-lcMIH2KgoINbCBO0Vz0TJqotyXZESroLB0kZlMMjKLQibEOcGrB+G4SwQ2yA
+dJUL+Ni7hiuuhIVP1jiTGLXEUpNoPkKJ1PKBi7JKuDLJzThyJBgVtSBLuBOZ
-4pjotK7P6lNxCHHXxjAOmTA4IH88iUQRVX9s2+HEtGkEgISSp5x0nAYKbVRD
+sZMYpB4YxmRhY3C2Kl233d5qd9nY2GFmTVWQRCoKgT/asdJZwUeLe0MxQek0
-NxUDapW6chrU1LNnEuIZ7NGP2PABIOIQGuiIhtQsl62lqvWjR6pCbJcumZql
+ZgAReDt+ldhJ4UxmeZFP/IZIeJn7VcEnI7xZMvYO7oSuRIwLACsKE0PuXFHG
-VWxeFtpxCYmeeAb+wy+FUCN1IbI8yckB5v7c2F1wysL1r59zh8odOzawvlvB
+KyuZdK1MV1q4lrHZiirTNrrWwu0VL60whNLN5VHgFfkVxnjlcmPRvQiNA4T8
-KmLi4uDO2z3GZGmCsIU16s4HF9qp0GqzibjPDn/4Ys49Qhb2Dl3fBUff2VDB
+nMmhUVzCx7/+DBnyZ3gxhqvrfdi3osTg4FrLO2FL6SZgBnAlklwbZbKJl+b9
-SV0uNYdqjnAdDOtZyfqkfnX2aBk95dlcY+yVn5Nhr6xroJ91V38n+4ZGaeZw
+vhV3dGEq77cpRwIdOxJqlBvlvuFGCzptf5igqnhBPDEp+rMftTvtja16p9KO
-lUEhfGAfYtUNT5Vn+/QnpJSsmdUoTULcf4H1xWe4/zpf9NYYh3ki7zl5MKMm
+avNR2BHXwZgYcaliGAW/W7PK/uqqKA3qWqlgTBu849BrqsfF4V63016rl+ub
-G/wRli8/oR5jbsdl8MkajCpj6ZFbFY5DnN+e/0PcBo/VnGyj9C5zl53yLQJ3
+G1v1cqO76nePTvYP0fj5cavTxv/t9ytb7zej1WhjrRt11lAqev/b6hriA1Ey
-NP+d650PB4emnbfjR+PHfoMRzevFVrmEi4ejPOvOJsiLCgeVII3DECKh4eXk
+08tYFEUYPcbFE8fYlxu42v0MX27DwUimqRJU22MMw6RV4qTRC2K7YsytAJdz
-DYsEmwkov5PSRbjCrMXx5L3lHuSBirdcZpEHyhv4iAlV1B08v7i5uHoBB0sd
+hz+yBMRtRZAAXJdOKgUEwEhqgmyG4ZXAdQojPsHsaMelBmGtsWWLXZcCUM3E
-x8ox+OF8Q025Jh2RMB9KH1MlfgM5XuVzngMAAA==
+VBbMWIOV5fAHst4zjgfLEXzl8Af0vwJmySBs0KggRUQD7YWovBzG0uXQp8t7
+c/TKBAkmR5KCJ8g+PzxCWMNhpX2YXuAdXB7tRN31DXh4V+YcF4+MBapWJVqf
+nnIMXAykFikSCi6F1wDrrQ55c1OX6bY1V7ne6QaVuHipkk7fUtl9TeWVrXwK
+0hfKI0dHjz7aEzGBfWHlXUjUs0gJQXgtH6YD8gjzSvlAlW9cgwbdaJLX3sUQ
+g6T64mPpuHZyVpGbGrW3zFfGjQ2kcjAQlqCSU94HU28AAerLenDvYenxcnBf
+0J/SiYIyU1ZZhj0jGL4hPzATR2c7exHGT+E36MFbJdrcPnEI73gX6kQtQzJo
+wcNDXYrHJkXgQyI3vpLqqHbk69wE1fyfmUDJJyYIQG+YoPjQAvv+/TujrUbJ
+lVuG45OzZd/al+G0CdEvcH5yxtixLipXxqFLoRz4nldQ/rgKO3dcVQIaHLTR
+USkSKxxYtGFG4aj5wd+e/5MDFHWANL2TqUjRaiAx3nMGKYVNQuqMirmxBt+E
+NUhZuoce1grIKcCXCIlhi0HIcMXCycAsukjcF/ehtrwolEwCVMpCJHKAXJz1
+KaOf+dlIEGB9bBXeiUgJnWGug3dNL3s6Fa3P0GVTuVecI/SYxGEDfm7j523o
+rq//uNqFbdjsbLSbjJ17FSHn59OY39DbQJOnteqmL6knVC1NtzGzCVdJpTxc
+OKFeKTPGmnrxTxcnaPkp+uZ4aAZ0+W61PccxPZ/im24b68PIxOw+QauBGp8A
+6bkGD9O5htVucHraF6Izk2Kz5wRarBKx07eLJx3q4cF3jsfl8B6Y0hlnAVdZ
+7bsCOeXfFASrEVfUL/BZYykzbMlYVZmBrkZ93O89oQJZb/SW4RkjXqdDb1rD
+ubIP0OtLVy68M+bQ6JH3dP4/m16w6d+BfqGmvf+E+57y+EuEVI1QtBXYbLJx
+LpWgsVbE88EKLW1DPYzhqos15aWDUmaagsZeXDOQsjy9gbXGwdLPJP2JQ9ds
+6sdcgPuaMM8bL84byTL0kBihu+AMg0XESKGPMaHvhFbvqv9BA/esRsA9/Ay9
+eJbxQMr72TMOnXy4EM9P29CZMg/HHh3tKhzQ4RJD4kgjUb+qD1JsTp0tL/W6
+xOH+UXRxuRMe9hTH1010STOvtTQUUVHC+zpMQLMPD6/yMzYH/OwYc3qk0aOy
+NDfv4csZsWx5PTT4MXDfj4E4Ie70dl5IYASiFWbJPk+GfhxDbGRIP5PR004y
+1GasRJqFz4iHODBWpNtLA65KsfS4YOeKWgsVD8Z+CigKY+spoODWQX/iyR3G
+bTgU5IvCTwQtEdE0+bMDnGIDOYgsF1hLbpMcGrtnu4ehLcrQ35C5v+PQRTER
+2wUtfCNGov4NMZRdgccNAAA=
 -->
author	Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>	2024-03-28 16:52:40 +0100
committer	Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>	2024-03-28 16:52:40 +0100
commit	267fb8ebe469a235205c834b9a36166c16b0c6c1 (patch)
tree	4e67e9818f6262c58f1f147eed2d6b355ea0b48a /draft-guetschow-taler-protocol.xml
parent	eea4a515ece86fa181e89758d5153fea769edec5 (diff)
download	lsd0009-master.tar.gz lsd0009-master.zip

diff --git a/draft-guetschow-taler-protocol.xml b/draft-guetschow-taler-protocol.xml index eab6d50..891e5e7 100644 --- a/draft-guetschow-taler-protocol.xml +++ b/draft-guetschow-taler-protocol.xml
@@ -38,7 +38,7 @@
38	<abstract>	38	<abstract>
39		39
40		40
41	<?line 37?>	41	<?line 41?>
42		42
43	<t>[ TBW ]</t>	43	<t>[ TBW ]</t>
44		44
@@ -53,12 +53,131 @@
53	<middle>	53	<middle>
54		54
55		55
56	<?line 41?>	56	<?line 45?>
57		57
58	<section anchor="introduction"><name>Introduction</name>	58	<section anchor="introduction"><name>Introduction</name>
59		59
60	<t>[ TBW ]</t>	60	<t>[ TBW ]</t>
61		61
		62	<t>Beware that this document is still work-in-progress and may contain errors.
		63	Use at your own risk!</t>
		64
		65	</section>
		66	<section anchor="notation"><name>Notation</name>
		67
		68	<t><list style="symbols">
		69	<t><spanx style="verb">a \| b</spanx> denotes the concatenation of a with b</t>
		70	</list></t>
		71
		72	</section>
		73	<section anchor="cryptographic-primitives"><name>Cryptographic Primitives</name>
		74
		75	<section anchor="cryptographic-hash-functions"><name>Cryptographic Hash Functions</name>
		76
		77	<section anchor="sha256"><name>SHA-256</name>
		78
		79	<t>Taler uses SHA-256 as defined in Section 5.1 of <xref target="RFC6234"></xref>.</t>
		80
		81	</section>
		82	<section anchor="sha512"><name>SHA-512</name>
		83
		84	<t>Taler uses SHA-512 as defined in Section 5.2 of <xref target="RFC6234"></xref>.</t>
		85
		86	</section>
		87	<section anchor="sha512-trunc"><name>Truncated SHA-512</name>
		88
		89	</section>
		90	</section>
		91	<section anchor="key-derivation-functions"><name>Key Derivation Functions</name>
		92
		93	<section anchor="hkdf"><name>HKDF</name>
		94
		95	<t>The Hashed Key Derivation Function (HKDF) used in Taler is an instantiation of <xref target="RFC5869"></xref>
		96	with two different hash functions for the Extract and Expand step as suggested in <xref target="HKDF"></xref>.
		97	HMAC-SHA512 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-512, cf. <xref target="sha512"/>) is used for <spanx style="verb">HKDF-Extract</spanx>.
		98	HMAC-SHA256 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-256, cf. <xref target="sha256"/>) is used for <spanx style="verb">HKDF-Expand</spanx>.</t>
		99
		100	<figure><artwork><![CDATA[
		101	HKDF(salt, IKM, info, L) -> OKM
		102
		103	Inputs:
		104	salt optional salt value (a non-secret random value);
		105	if not provided, it is set to a string of 64 zeros.
		106	IKM input keying material
		107	info optional context and application specific information
		108	(can be a zero-length string)
		109	L length of output keying material in octets
		110	(<= 255*32 = 8160)
		111
		112	Output:
		113	OKM output keying material (of L octets)
		114	]]></artwork></figure>
		115
		116	<t>The output OKM is calculated as follows:</t>
		117
		118	<figure><artwork><![CDATA[
		119	PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512, HashLen = 64
		120	OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256, HashLen = 32
		121	]]></artwork></figure>
		122
		123	</section>
		124	<section anchor="hkdf-mod"><name>HKDF-Mod</name>
		125
		126	<t>Based on the HKDF defined in <xref target="hkdf"/>, this function returns an OKM that is smaller than a given big number N.</t>
		127
		128	<figure><artwork><![CDATA[
		129	HKDF-Mod(N, salt, IKM, info) -> OKM
		130
		131	Inputs:
		132	N big number; Nbits denotes the length of N in bits
		133	salt optional salt value (a non-secret random value);
		134	if not provided, it is set to a string of 64 zeros.
		135	IKM input keying material
		136	info optional context and application specific information
		137	(can be a zero-length string)
		138
		139	Output:
		140	OKM output keying material (smaller than N)
		141	]]></artwork></figure>
		142
		143	<t>The output OKM is calculated as follows:</t>
		144
		145	<figure><artwork><![CDATA[
		146	Nlen = ceil(Nbits / 8)
		147	while true:
		148	counter = 0
		149	c = 2 least significant octets of counter in network-byte order
		150	x = HKDF(salt, IKM, info \| c, NLen)
		151	reset all but lower Nbits bits in x
		152	if x < N:
		153	OKM = x
		154	break
		155	counter += 1
		156	]]></artwork></figure>
		157
		158	</section>
		159	</section>
		160	<section anchor="non-blind-signatures"><name>Non-Blind Signatures</name>
		161
		162	<section anchor="ed25519"><name>Ed25519</name>
		163
		164	</section>
		165	</section>
		166	<section anchor="blind-signatures"><name>Blind Signatures</name>
		167
		168	<section anchor="fdh-rsa"><name>FDH-RSA</name>
		169
		170	</section>
		171	<section anchor="clause-schnorr"><name>Clause-Schnorr</name>
		172
		173	</section>
		174	</section>
		175	</section>
		176	<section anchor="the-taler-crypto-protocol"><name>The Taler Crypto Protocol</name>
		177
		178	<section anchor="withdrawal"><name>Withdrawal</name>
		179
		180	</section>
62	</section>	181	</section>
63	<section anchor="security-considerations"><name>Security Considerations</name>	182	<section anchor="security-considerations"><name>Security Considerations</name>
64		183
@@ -77,10 +196,74 @@
77	<back>	196	<back>
78		197
79		198
		199	<references title='Normative References' anchor="sec-normative-references">
		200
		201
		202
		203	<reference anchor="RFC2104">
		204	<front>
		205	<title>HMAC: Keyed-Hashing for Message Authentication</title>
		206	<author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
		207	<author fullname="M. Bellare" initials="M." surname="Bellare"/>
		208	<author fullname="R. Canetti" initials="R." surname="Canetti"/>
		209	<date month="February" year="1997"/>
		210	<abstract>
		211	<t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t>
		212	</abstract>
		213	</front>
		214	<seriesInfo name="RFC" value="2104"/>
		215	<seriesInfo name="DOI" value="10.17487/RFC2104"/>
		216	</reference>
		217
		218	<reference anchor="RFC5869">
		219	<front>
		220	<title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title>
		221	<author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
		222	<author fullname="P. Eronen" initials="P." surname="Eronen"/>
		223	<date month="May" year="2010"/>
		224	<abstract>
		225	<t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
		226	</abstract>
		227	</front>
		228	<seriesInfo name="RFC" value="5869"/>
		229	<seriesInfo name="DOI" value="10.17487/RFC5869"/>
		230	</reference>
		231
		232	<reference anchor="RFC6234">
		233	<front>
		234	<title>US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)</title>
		235	<author fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"/>
		236	<author fullname="T. Hansen" initials="T." surname="Hansen"/>
		237	<date month="May" year="2011"/>
		238	<abstract>
		239	<t>Federal Information Processing Standard, FIPS</t>
		240	</abstract>
		241	</front>
		242	<seriesInfo name="RFC" value="6234"/>
		243	<seriesInfo name="DOI" value="10.17487/RFC6234"/>
		244	</reference>
		245
		246	<reference anchor="HKDF">
		247	<front>
		248	<title>Cryptographic Extraction and Key Derivation: The HKDF Scheme</title>
		249	<author fullname="Hugo Krawczyk" initials="H." surname="Krawczyk">
		250	<organization/>
		251	</author>
		252	<date year="2010"/>
		253	</front>
		254	<seriesInfo name="Advances in Cryptology – CRYPTO 2010" value="pp. 631-648"/>
		255	<seriesInfo name="DOI" value="10.1007/978-3-642-14623-7_34"/>
		256	<seriesInfo name="ISBN" value="["9783642146220", "9783642146237"]"/>
		257	<refcontent>Springer Berlin Heidelberg</refcontent></reference>
		258
		259
		260
		261
		262	</references>
80		263
81		264
82		265
83	<?line 57?>	266	<?line 160?>
84		267
85	<section anchor="change-log"><name>Change log</name>	268	<section anchor="change-log"><name>Change log</name>
86		269
@@ -98,19 +281,42 @@ Education and Research (BMBF) within the project Concrete Contracts.</t>
98	</back>	281	</back>
99		282
100	<!-- ##markdown-source:	283	<!-- ##markdown-source:
101	H4sIAAAAAAAAA22TzW7UMBDH736K0XKBg7NpkZAaCYm2SwuHVgi24kA5eO3Z	284	H4sIAAAAAAAAA+1X23LbNhB9x1dsnRepNWVJvsRm6k59jT225YwvkwfH00Ak
102	xKxjR/ZkVwH1zbjxYoydQrWCS+SMfzPznw9LKcW+gZdCkCWHDSzWHcL17R2s	285	RKKCAA4IWlZc58v61h/rLkBJli8zbZ+bycggsNjrOctlFEXsLoZVxpx0SsSw
103	lcMIH2KgoINbCBO0Vz0TJqotyXZESroLB0kZlMMjKLQibEOcGrB+G4SwQ2yA	286	dJUL+Ni7hiuuhIVP1jiTGLXEUpNoPkKJ1PKBi7JKuDLJzThyJBgVtSBLuBOZ
104	4pjotK7P6lNxCHHXxjAOmTA4IH88iUQRVX9s2+HEtGkEgISSp5x0nAYKbVRD	287	sZMYpB4YxmRhY3C2Kl233d5qd9nY2GFmTVWQRCoKgT/asdJZwUeLe0MxQek0
105	NxUDapW6chrU1LNnEuIZ7NGP2PABIOIQGuiIhtQsl62lqvWjR6pCbJcumZql	288	ZgAReDt+ldhJ4UxmeZFP/IZIeJn7VcEnI7xZMvYO7oSuRIwLACsKE0PuXFHG
106	VWxeFtpxCYmeeAb+wy+FUCN1IbI8yckB5v7c2F1wysL1r59zh8odOzawvlvB	289	KyuZdK1MV1q4lrHZiirTNrrWwu0VL60whNLN5VHgFfkVxnjlcmPRvQiNA4T8
107	KmLi4uDO2z3GZGmCsIU16s4HF9qp0GqzibjPDn/4Ys49Qhb2Dl3fBUff2VDB	290	nMmhUVzCx7/+DBnyZ3gxhqvrfdi3osTg4FrLO2FL6SZgBnAlklwbZbKJl+b9
108	SV0uNYdqjnAdDOtZyfqkfnX2aBk95dlcY+yVn5Nhr6xroJ91V38n+4ZGaeZw	291	vhV3dGEq77cpRwIdOxJqlBvlvuFGCzptf5igqnhBPDEp+rMftTvtja16p9KO
109	lUEhfGAfYtUNT5Vn+/QnpJSsmdUoTULcf4H1xWe4/zpf9NYYh3ki7zl5MKMm	292	avNR2BHXwZgYcaliGAW/W7PK/uqqKA3qWqlgTBu849BrqsfF4V63016rl+ub
110	G/wRli8/oR5jbsdl8MkajCpj6ZFbFY5DnN+e/0PcBo/VnGyj9C5zl53yLQJ3	293	G1v1cqO76nePTvYP0fj5cavTxv/t9ytb7zej1WhjrRt11lAqev/b6hriA1Ey
111	NP+d650PB4emnbfjR+PHfoMRzevFVrmEi4ejPOvOJsiLCgeVII3DECKh4eXk	294	08tYFEUYPcbFE8fYlxu42v0MX27DwUimqRJU22MMw6RV4qTRC2K7YsytAJdz
112	DYsEmwkov5PSRbjCrMXx5L3lHuSBirdcZpEHyhv4iAlV1B08v7i5uHoBB0sd	295	hz+yBMRtRZAAXJdOKgUEwEhqgmyG4ZXAdQojPsHsaMelBmGtsWWLXZcCUM3E
113	x8ox+OF8Q025Jh2RMB9KH1MlfgM5XuVzngMAAA==	296	VBbMWIOV5fAHst4zjgfLEXzl8Af0vwJmySBs0KggRUQD7YWovBzG0uXQp8t7
		297	c/TKBAkmR5KCJ8g+PzxCWMNhpX2YXuAdXB7tRN31DXh4V+YcF4+MBapWJVqf
		298	nnIMXAykFikSCi6F1wDrrQ55c1OX6bY1V7ne6QaVuHipkk7fUtl9TeWVrXwK
		299	0hfKI0dHjz7aEzGBfWHlXUjUs0gJQXgtH6YD8gjzSvlAlW9cgwbdaJLX3sUQ
		300	g6T64mPpuHZyVpGbGrW3zFfGjQ2kcjAQlqCSU94HU28AAerLenDvYenxcnBf
		301	0J/SiYIyU1ZZhj0jGL4hPzATR2c7exHGT+E36MFbJdrcPnEI73gX6kQtQzJo
		302	wcNDXYrHJkXgQyI3vpLqqHbk69wE1fyfmUDJJyYIQG+YoPjQAvv+/TujrUbJ
		303	lVuG45OzZd/al+G0CdEvcH5yxtixLipXxqFLoRz4nldQ/rgKO3dcVQIaHLTR
		304	USkSKxxYtGFG4aj5wd+e/5MDFHWANL2TqUjRaiAx3nMGKYVNQuqMirmxBt+E
		305	NUhZuoce1grIKcCXCIlhi0HIcMXCycAsukjcF/ehtrwolEwCVMpCJHKAXJz1
		306	KaOf+dlIEGB9bBXeiUgJnWGug3dNL3s6Fa3P0GVTuVecI/SYxGEDfm7j523o
		307	rq//uNqFbdjsbLSbjJ17FSHn59OY39DbQJOnteqmL6knVC1NtzGzCVdJpTxc
		308	OKFeKTPGmnrxTxcnaPkp+uZ4aAZ0+W61PccxPZ/im24b68PIxOw+QauBGp8A
		309	6bkGD9O5htVucHraF6Izk2Kz5wRarBKx07eLJx3q4cF3jsfl8B6Y0hlnAVdZ
		310	7bsCOeXfFASrEVfUL/BZYykzbMlYVZmBrkZ93O89oQJZb/SW4RkjXqdDb1rD
		311	ubIP0OtLVy68M+bQ6JH3dP4/m16w6d+BfqGmvf+E+57y+EuEVI1QtBXYbLJx
		312	LpWgsVbE88EKLW1DPYzhqos15aWDUmaagsZeXDOQsjy9gbXGwdLPJP2JQ9ds
		313	6sdcgPuaMM8bL84byTL0kBihu+AMg0XESKGPMaHvhFbvqv9BA/esRsA9/Ay9
		314	eJbxQMr72TMOnXy4EM9P29CZMg/HHh3tKhzQ4RJD4kgjUb+qD1JsTp0tL/W6
		315	xOH+UXRxuRMe9hTH1010STOvtTQUUVHC+zpMQLMPD6/yMzYH/OwYc3qk0aOy
		316	NDfv4csZsWx5PTT4MXDfj4E4Ie70dl5IYASiFWbJPk+GfhxDbGRIP5PR004y
		317	1GasRJqFz4iHODBWpNtLA65KsfS4YOeKWgsVD8Z+CigKY+spoODWQX/iyR3G
		318	bTgU5IvCTwQtEdE0+bMDnGIDOYgsF1hLbpMcGrtnu4ehLcrQ35C5v+PQRTER
		319	2wUtfCNGov4NMZRdgccNAAA=
114		320
115	-->	321	-->
116		322