Draft:Domain separation

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,592 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Domain separation (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Bing, Wikipedia) · Submitted 34 hours ago by Dimawik (talk: D · +) · Last edited 4 hours ago by The Herald

Submission declined on 21 April 2024 by ToadetteEdit (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by ToadetteEdit 16 days ago. Last edited by The Herald 4 hours ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

• Comment: Feels that there are some original research. Toadette ^{(Let's talk together!)} 09:04, 21 April 2024 (UTC)

---

In cryptography, domain separation is a construct used to implement multiple different functions using only one underlying template in an efficient way.^[1] The domain separation can be defined as partitioning of the domain of a function to assign separate subdomains to different applications of the same function.^[2]

For example, cryptographic protocols typically rely on random oracles (ROs, functions that return a value fully determined by their input yet otherwise random). The security proofs for these protocols are based on the assumption that the random oracle is unique to the protocol: if two protocols share the same RO, the assumptions of the proof are not met anymore. Since creating a new cryptographic primitive from scratch each time an RO is needed is impractical, multiple ROs (say, RO1 and RO2) are produced by prepending unique domain separation tags (DSTs, also known as domain separators) to the input of a base oracle RO:

RO1(x) := RO("RO1" || x)

RO2(x) := RO("RO2" || x)

where "RO1" and "RO2" are the strings representing the unique DSTs and || is a concatenation operator.^[3] If the underlying RO function is secure (say, it is a cryptographic hash), RO1 and RO2 are statistically independent.^[1] The technique was originally proposed^[4] by Bellare & Rogaway in 1993.^[5]

Uses

The domain separation construct can be used for multiple purposes:

• providing independent ROs for protocols;^[6]
• extending the output size of an RO (for example, by using the RO multiple times (numbered from 1 to L), each time using a representation of oracle number as a DST. This technique is called "counter mode" due to its similarity to the counter mode of a block cipher;^[7]
• "keying" the oracle by using an encryption key as a DST.^[8]

In the practical sense, the domain separation can provide "customization", an equivalent of the strong typing in programming: it enforces the use of independent calculations for different tasks, so an attacker that had learned result of one calculation will get no information about another one.^[9]

Kinds of functions

Domain separation can be used with functions implementing different cryptographic primitives.

Hash functions

Domain separation is most commonly used with hash functions. The input domain of a hash function is practically unlimited, it is easy to partition it among any number of derived functions, for example, by prepending or appending of a DST to the message.^[10][1]

Domain separation is used within the implementation of some hash functions to produce multiple different functions from the same design.^[11] For example, in SHA-3 the domain separation makes differently named functions (like SHA3-512 or SHAKE128) are independent.^[9]

Symmetric ciphers and MACs

The security of symmetric ciphers and MACs critically depends of the key not being used for other purposes. If an application needs multiple keys but has only one source of keying material, it would typically employ a key derivation function to produce the keys. KDFs can usually produce output of arbitrary length, so they can be used to generate any number of keys.^[12]

Also, just like hash functions, some symmetric ciphers and MACs use domain separation internally.^[13]

Signatures

In many cases, it is desirable to use a single signing key to produce digital signatures for different purposes. If this is done, it is important to make sure that signed messages intended for one purpose cannot be used for the other. A simple way to achieve this is to add to each message an identifier specifying the purpose, and to reject a message if the identifier doesn't match.^[14]

References

1. Hampiholi et al. 2015, p. 317.
2. Kelsey, Chang & Perlner 2016, p. 3.
3. Faz-Hernandez et al. 2023, Domain Separation.
4. Bellare, Bernstein & Tessaro 2016, p. 566.
5. Bellare & Rogaway 1993.
6. Mittelbach & Fischlin 2021, p. 357.
7. Mittelbach & Fischlin 2021, p. 358.
8. Mittelbach & Fischlin 2021, p. 359.
9. Kelsey, Chang & Perlner 2016, p. 1.
10. Gunsing, Aldo; Mennink, Bart (10 April 2020). "Collapseability of Tree Hashes". PQCrypto 2020: Post-Quantum Cryptography. doi:10.1007/978-3-030-44223-1_28.
11. Bertoni, Guido; Daemen, Joan; Hoffert, Seth; Peeters, Michaël; Van Assche, Gilles; Van Keer, Ronny; Viguier, Benoît (2023). "TurboSHAKE".
12. Wong, David (19 October 2021). Real-World Cryptography. Simon and Schuster. ISBN 9781638350842.
13. Aumasson, Jean-Philippe; Jovanovic, Philipp; Neves, Samuel. "NORX: Parallel and Scalable AEAD". Computer Security - ESORICS 2014. doi:10.1007/978-3-319-11212-1_2.
14. Blum, Erica; Katz, Jonathan; Loss, Julian (22 November 2019). "Synchronous Consensus with Optimal Asynchronous Fallback Guarantees". TCC 2019: Theory of Cryptography. doi:10.1007/978-3-030-36030-6_6.

Sources

• Hampiholi, Brinda; Alpár, Gergely; van den Broek, Fabian; Jacobs, Bart (2015). "Towards Practical Attribute-Based Signatures". Security, Privacy, and Applied Cryptography Engineering. Vol. 9354. Cham: Springer International Publishing. pp. 310–328. doi:10.1007/978-3-319-24126-5_18. ISBN 978-3-319-24125-8.
• Faz-Hernandez, A.; Scott, S.; Sullivan, N.; Wahby, R. S.; Wood, C. A. (August 2023). "RFC 9380: Hashing to Elliptic Curves". The RFC Series. 2.2.5. Domain Separation. ISSN 2070-1721.
• Bellare, Mihir; Rogaway, Phillip (1993). Random oracles are practical: a paradigm for designing efficient protocols (PDF). ACM Press. doi:10.1145/168588.168596. ISBN 978-0-89791-629-5.
• Bellare, Mihir; Bernstein, Daniel J.; Tessaro, Stefano (2016). "Hash-Function Based PRFs: AMAC and Its Multi-User Security". Advances in Cryptology – EUROCRYPT 2016. Vol. 9665. Berlin, Heidelberg: Springer Berlin Heidelberg. doi:10.1007/978-3-662-49890-3_22. ISBN 978-3-662-49889-7.
• Kelsey, John; Chang, Shu-jen; Perlner, Ray (2016). "NIST SP 800-185: SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash". NIST Computer Security Resource Center. NIST. Retrieved 6 May 2024.

External links

• Hashing Apples, Bananas and Cherries

This page will be placed in the following categories if it is moved to the article namespace.

Categories:

• Cryptography