HKDF (HMAC-based Key Derivation Function).

An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys. サイバーセキュリティの 暗号 カテゴリに属します。

An extract-then-expand key derivation function based on HMAC, specified in RFC 5869, designed to turn high-entropy but non-uniform secret material (DH shared secrets, master keys) into multiple cryptographically strong keys.

HKDF (HMAC-based Key Derivation Function), defined by Krawczyk in RFC 5869 (2010), is the default modern KDF for symmetric key derivation from already-high-entropy inputs such as Diffie-Hellman shared secrets, master keys, or pre-shared keys. It is built in two phases. Extract takes input keying material (IKM) and an optional salt and applies HMAC to produce a fixed-length pseudorandom key (PRK). Expand then applies HMAC iteratively, with a counter and an info-context parameter, to derive output keying material of arbitrary length. The info parameter is used to bind derived keys to a context, which makes it safe to derive many independent keys from one PRK without collision. HKDF is the KDF chosen for TLS 1.3, Signal, Noise, WireGuard, JWE, the IETF QUIC handshake, and most modern cryptographic protocols. It is not appropriate for low-entropy inputs such as passwords — use Argon2id, scrypt, or bcrypt for those — and it is not itself a MAC; the underlying HMAC is.

HKDF (HMAC-based Key Derivation Function) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: RFC 5869, HMAC KDF。