Wrangling Entropy: Next-Generation Multi-Factor Key Derivation, Credential Hashing, and Credential Generation Functions

• URL: http://arxiv.org/abs/2509.05893v1
• Date: Sun, 07 Sep 2025 02:01:53 GMT
• Title: Wrangling Entropy: Next-Generation Multi-Factor Key Derivation, Credential Hashing, and Credential Generation Functions
• Authors: Colin Roberts, Vivek Nair, Dawn Song,
• Abstract summary: We present a novel cryptanalytic technique designed to reveal pernicious leaks of entropy across multiple invocations of a cryptographic key derivation or hash function.<n>We show that it can be used to correctly identify each of the known vulnerabilities in the original MFKDF construction.<n>We propose a new construction for MFKDF2,'' a next-generation multi-factor key derivation function that can be proven to be end-to-end secure.
• Score: 47.715495058757824
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The Multi-Factor Key Derivation Function (MFKDF) offered a novel solution to the classic problem of usable client-side key management by incorporating multiple popular authentication factors into a key derivation process, but was later shown to be vulnerable to cryptanalysis that degraded its security over multiple invocations. In this paper, we present the Entropy State Transition Modeling Framework (ESTMF), a novel cryptanalytic technique designed to reveal pernicious leaks of entropy across multiple invocations of a cryptographic key derivation or hash function, and show that it can be used to correctly identify each of the known vulnerabilities in the original MFKDF construction. We then use these findings to propose a new construction for ``MFKDF2,'' a next-generation multi-factor key derivation function that can be proven to be end-to-end secure using the ESTMF. Finally, we discuss how MFKDF2 can be extended to support more authentication factors and usability features than the previous MFKDF construction, and derive several generalizable best-practices for the construction of new KDFs in the future.

Related papers

• Post-Quantum Cryptography Key Expansion Method and Anonymous Certificate Scheme Based on NTRU [0.0]
  NTRU is one of the important lattice-based post-quantum cryptography methods.<n>This study proposes an NTRU-based key expansion method that enables efficient public key expansion.
  arXiv  Detail & Related papers  (2026-01-02T00:18:54Z)
• Collusion-Resistant Quantum Secure Key Leasing Beyond Decryption [4.375194832711421]
  We present a quantum-secure collusion-resistant tracing scheme called multi-level traitor tracing (MLTT)<n>We also present a compiler that transforms an MLTT scheme for a primitive X into a collusion-resistant SKL scheme for primitive X.
  arXiv  Detail & Related papers  (2025-10-06T12:31:39Z)
• Secure Multi-Key Homomorphic Encryption with Application to Privacy-Preserving Federated Learning [10.862166653863571]
  We identify a critical security vulnerability in the CDKS scheme when applied to multiparty secure computation tasks.<n>We propose a new scheme, SMHE, which incorporates a novel masking mechanism into the multi-key BFV and CKKS frameworks.<n>We implement a PPFL application using SMHE and demonstrate it provides significantly improved security with only a modest overhead in runtime evaluation.
  arXiv  Detail & Related papers  (2025-06-25T03:28:25Z)
• Decentralized Multi-Authority Attribute-Based Inner-Product Functional Encryption: Noisy and Evasive Constructions from Lattices [26.8852774949828]
  We study multi-authority attribute-based functional encryption for noisy inner-product functionality.<n>We propose two new primitives: (1) multi-authority attribute-based (noisy) inner-product functional encryption (MA-AB(N)IPFE), and (2) multi-authority attribute-based evasive inner-product functional encryption (MA-evIPFE)<n>Our schemes are proven to be statically secure in the random oracle model under the standard LWE assumption and the newly introduced assumptions.
  arXiv  Detail & Related papers  (2025-05-16T23:03:23Z)
• Exploiting Mixture-of-Experts Redundancy Unlocks Multimodal Generative Abilities [69.26544016976396]
  We exploit the redundancy within Mixture-of-Experts (MoEs) as a source of additional capacity for learning a new modality.<n>We preserve the original language generation capabilities by applying low-rank adaptation exclusively to the tokens of the new modality.
  arXiv  Detail & Related papers  (2025-03-28T15:21:24Z)
• Order-agnostic Identifier for Large Language Model-based Generative Recommendation [94.37662915542603]
  Items are assigned identifiers for Large Language Models (LLMs) to encode user history and generate the next item.<n>Existing approaches leverage either token-sequence identifiers, representing items as discrete token sequences, or single-token identifiers, using ID or semantic embeddings.<n>We propose SETRec, which leverages semantic tokenizers to obtain order-agnostic multi-dimensional tokens.
  arXiv  Detail & Related papers  (2025-02-15T15:25:38Z)
• Learning Multi-Aspect Item Palette: A Semantic Tokenization Framework for Generative Recommendation [55.99632509895994]
  We introduce LAMIA, a novel approach for multi-aspect semantic tokenization.<n>Unlike RQ-VAE, which uses a single embedding, LAMIA learns an item palette''--a collection of independent and semantically parallel embeddings.<n>Our results demonstrate significant improvements in recommendation accuracy over existing methods.
  arXiv  Detail & Related papers  (2024-09-11T13:49:48Z)
• Mixture-of-Noises Enhanced Forgery-Aware Predictor for Multi-Face Manipulation Detection and Localization [52.87635234206178]
  This paper proposes a new framework, namely MoNFAP, specifically tailored for multi-face manipulation detection and localization. The framework incorporates two novel modules: the Forgery-aware Unified Predictor (FUP) Module and the Mixture-of-Noises Module (MNM)
  arXiv  Detail & Related papers  (2024-08-05T08:35:59Z)
• Robust and Reusable Fuzzy Extractors for Low-entropy Rate Randomness Sources [3.918940900258555]
  Fuzzy extractors (FE) are cryptographic primitives that extract reliable cryptographic key from noisy real world random sources. We consider information theoretic FEs, define a strong notion of reusability, and propose strongly robust and reusable FEs (srrFE) We give two constructions, one for reusable FEs and one for srrFE with information theoretic (IT) security for structured sources.
  arXiv  Detail & Related papers  (2024-05-07T05:48:02Z)
• RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
  Federated Learning allows a large number of clients to train a joint model without the need to share their private data. To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation. We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
  arXiv  Detail & Related papers  (2021-07-07T15:42:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.