-
2025-09-03 A Note on Feedback-PRF Mode of KDF from NIST SP 800-108.
Summary: We consider FB-PRF, one of the key derivation functions defined in NIST SP 800-108 constructed from a pseudorandom function in a feedback mode. The standard allows some flexibility in the specification, and we show that one specific instance of FB-PRF allows an efficient distinguishing attack.