DPA-resistant key derivation function

What is claimed is: 1. A method comprising: obtaining a first cryptographic key; receiving a key diversification information (KDI) comprising n strings of bits; obtaining, by a processing device, an expanded key diversification information (EKDI), comprising n blocks of bits, wherein a j-th block of the n blocks of bits is obtained from a j-th string of the n strings of the KDI and a length of the j-th block of the EKDI is greater than a length of the j-th string of the KDI; and applying, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key. 2. The method of claim 1 , wherein obtaining the EKDI comprises applying an expansion function to the KDI, wherein the expansion function deterministically derives the j-th block of the EKDI from the j-th string of the KDI. 3. The method of claim 1 , wherein the EKDI comprises a plurality of copies of a first string of the n strings of bits of the KDI. 4. The method of claim 3 , wherein a length of the first string of bits is not to exceed eight bits. 5. The method of claim 3 , wherein a number of copies in the plurality of copies of the first interval of bits of the KDI is at least sixteen. 6. The method of claim 1 , wherein the EKDI further comprises a plurality of copies of a second string of then strings of bits of the KDI. 7. The method of claim 1 , wherein the j-th block of EKDI is obtained from the j-th string of the KDI by padding the j-th string of the KDI to the length of the j-th block of EKDI. 8. The method of claim 1 , wherein applying the key derivation function comprises applying a compression function to a chaining value and to a first block of the EK DI, wherein the chaining value is derived from the first cryptographic key. 9. The method of claim 8 , wherein the compression function is a pseudorandom function. 10. The method of claim 1 , wherein the key derivation function comprises one or more instances of a hash function, wherein the hash function is to output a fixed-length hash value. 11. The method of claim 10 , wherein the hash function is one of SHA-256 or SHA-512. 12. The method of claim 1 , wherein the key derivation function is a hash-based key derivation function (HKDF). 13. The method of claim 1 , wherein the key derivation function comprises a hash-based message authentication code (HMAC). 14. The method of claim 1 , wherein the key derivation function comprises a plurality of iterations, wherein each iteration comprises inputting a counter variable into a pseudorandom function. 15. The method of claim 1 , wherein the key derivation function comprises a plurality of iterations, wherein each iteration comprises inputting an output of a previous iteration into a pseudorandom function. 16. The method of claim 1 , wherein obtaining the first cryptographic key comprises: obtaining an initial key and a salt information; and applying a hash-based authentication code to the initial key and the salt information to obtain the first cryptographic key. 17. The method of claim 1 , wherein applying the key derivation function to the first cryptographic key and the EKDI comprises: applying a first instance of a hash function to the first cryptographic key and the EKDI to obtain an intermediate hash value; and applying a second instance of a hash function to the intermediate hash value and the first cryptographic key to obtain the second cryptographic key. 18. The method of claim 17 , further comprising: adjusting a length of the second cryptographic key to a pre-determined length by (1) trimming the second cryptographic key to the pre-determined length, if the length of the second cryptographic key exceeds the pre-determined length, or (2) padding the second cryptographic key to the pre-determined length, if the pre-determined length exceeds the length of the second cryptographic key. 19. A system to perform a cryptographic operation, the system comprising: a memory device; and a processor coupled to the memory device to: obtain a first cryptographic key; receive a key diversification information (KDI) comprising n strings of bits; obtain an expanded key diversification information (EKDI), comprising n blocks of bits, wherein a j-th block of the n blocks of bits is obtained from a j-th string of the n strings of the KDI and a length of the j-th block of the EKDI is greater than a length of the j-th string of the KDI; and apply a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key. 20. A non-transitory computer-readable medium to store instructions, which when executed by a processing device, cause the processing device to: obtain a first cryptographic key; receive a key diversification information (KDI) comprising n strings of bits; obtain an expanded key diversification information (EKDI), comprising n blocks of bits, wherein a j-th block of the n blocks of bits is obtained from a j-th string of the n strings of the KDI and a length of the j-th block of the EKDI is greater than a length of the j-th string of the KDI; and apply a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key. 21. A method comprising: obtaining a first cryptographic key; receiving a key diversification information (KDI) comprising a first plurality of bits; obtaining, by a processing device, an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits; and applying, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key. 22. The method of claim 21 , wherein obtaining the EKDI comprises: selecting a plurality of strings of the KDI; and generating multiple copies of each of the plurality of selected strings of the KDI. 23. The method of claim 22 , wherein a number of copies of each of the plurality of selected strings of the KDI is at least fifteen. 24. The method of claim 21 , wherein the key derivation function comprises at least one instance of a hash function, wherein the hash function is to output a fixed-length hash value. 25. The method of claim 21 , wherein the key derivation function comprises a hash-based message authentication code (HMAC).