Quiz Entry - updated: 2026.07.14
How can a block cipher be used as a pseudorandom function (PRF) or for key derivation (KDF)?
By encrypting a counter or label with a secret key, a block cipher can generate pseudorandom output suitable for deriving multiple keys from a single master key.
* A KDF splits one master secret into separate purpose-specific keys, giving domain separation. *
Block cipher as PRF:
Output_i = E(K, i) (encrypt counter values 0, 1, 2, ...)
This produces a sequence of pseudorandom blocks, similar to CTR mode but used for key generation rather than encryption.
Key Derivation Function (KDF):
- Input: a master key K_master
- Output: multiple derived keys for different purposes
- Example:
K_enc = E(K_master, 1),K_mac = E(K_master, 2),K_iv = E(K_master, 3)
Why use a KDF?
- Never use the same key for multiple purposes
- A single shared secret (from key exchange) needs to produce multiple keys
- KDFs add domain separation — even if one derived key is compromised, others remain safe
Standard KDFs:
- HKDF (HMAC-based) — most common in TLS
- NIST SP 800-108 — uses block ciphers or HMAC
- PBKDF2 — for password-based key derivation (adds salt and iterations)
Go deeper:
Key derivation function (Wikipedia) — HKDF, PBKDF2, and why one secret becomes many keys.
RFC 5869 — HKDF — the extract-and-expand KDF used throughout TLS.