On optimal cryptographic key derivation

Any secured system (such as secure group communication) can be modeled as a capability-based access control system in which each user is given a set of secret keys of the resources he is granted access to. In some large systems with resource-constrained devices, such as sensor networks and RFID systems, the design is sensitive to key storage cost. With a goal to minimize the maximum key storage needed at any user, key compression based on key linking, that is, deriving one key from another without compromising security, is studied. A lower bound on key storage needed for a general access structure with key derivation is derived. This bound demonstrates the theoretic limit of any systems which do not trade off security and can be viewed as a negative result to provide ground for designs with security tradeoff. A provably secure key derivation scheme based on pseudorandom functions is given, along with an algorithm to find the optimal key linking pattern for any given access structure. Using the key linking framework, a number of key pre-distribution schemes in the literature are analyzed.