JEP 478 : Key Derivation Function API

JEP 478: Key Derivation Function API (Preview)openjdk.org

"We define a new class, javax.crypto.KDF, to represent key derivation functions."

DEMO

run

com.wlodar.jeeps.jep475keyderivation.KdfDemo

Have language version set in IDE - 24 (Preview) or add

--enable-preview

What is a Key Derivation Function (KDF)?

A KDF turns a password or shared secret into a strong cryptographic key.

Used in:

Password-based encryption
Secure key exchange
Token generation (e.g., OAuth, JWT)

What’s the Problem?

Before Java 24:

No standard KDF API in Java
Developers used low-level, inconsistent, or third-party code
Risk of insecure parameters (e.g., low iteration counts)

🔐 What Is a Key Derivation Function (KDF)?

A Key Derivation Function (KDF) is used in cryptography to safely transform a shared secret or password into one or more cryptographic keys.

🔧 Common Use Cases

Use Case

How KDF Helps

🔐 Encrypting with a password

Turns the password into a strong AES key

🔑 Secure key exchange

Derives keys from shared secrets (e.g., TLS)

🪪 Token signing/auth

Derives separate keys for encryption and MAC

🗂 Key rotation/management

Generates new keys from existing material

🧠 How KDFs Relate to Quantum Security

While KDFs aren't quantum-safe on their own, they help build hybrid cryptographic protocols that are:

🔐 Resilient to known quantum attacks (e.g., Shor's algorithm)
🧬 Useful in post-quantum key exchange
🧩 Critical in hybrid encryption — combining classical + quantum-safe keys

🔒 KDFs in a Post-Quantum World

Quantum-safe key exchange algorithms (e.g., Kyber, Dilithium) produce raw shared secrets
A KDF (like HKDF) is used to stretch, compress, and standardize those secrets into usable keys
This ensures that even non-quantum-safe components (like AES) can be used securely in hybrid systems

🔹 Example Use Case (Real World)

In hybrid TLS (used by Google, Cloudflare, AWS):
Post-quantum and classical secrets are exchanged
Combined and passed into a KDF like HKDF
Output: symmetric keys for AES/GCM, HMAC, etc.

PreviousJEP 475 : Late Barrier Expansion for G1 NextJEP 479: Remove the Windows 32-bit x86 Port

Last updated 11 months ago

hashtagDEMO

hashtagWhat is a Key Derivation Function (KDF)?

hashtagWhat’s the Problem?

hashtag🔐 What Is a Key Derivation Function (KDF)?

hashtag🔧 Common Use Cases

hashtag🧠 How KDFs Relate to Quantum Security

hashtag🔒 KDFs in a Post-Quantum World

hashtag🔹 Example Use Case (Real World)