## AI helps you reading Science

## AI Insight

AI extracts a summary of this paper

Weibo:

# Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

Theory and Application of Cryptographic Techniques, no. 1 (2008): 97-139

EI

Full Text

Weibo

Keywords

Abstract

We provide formal definitions and efficient secure techniques for turning noisy information into keys usable for any cryptographic application, and, in particular, reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic k...More

Code:

Data:

Introduction

- Cryptography traditionally relies on uniformly distributed and precisely reproducible random strings for its secrets.
- Reality, makes it difficult to create, store, and reliably retrieve such strings.
- Strings that are neither uniformly random nor reliably reproducible seem to be more plentiful.
- A long pass-phrase is not uniformly random and is difficult to remember for a human user.
- The authors' approach is rigorous and general, and the results have both theoretical and practical value

Highlights

- Cryptography traditionally relies on uniformly distributed and precisely reproducible random strings for its secrets
- We propose a new primitive, termed fuzzy extractor
- We demonstrate that fuzzy extractors can be built out of secure sketches by utilizing strong randomness extractors [NZ96], such as, for example, pairwise-independent hash functions [CW79, WC81]
- We provide constructions of secure sketches and fuzzy extractors in three metrics: Hamming distance, set difference, and edit distance
- The definitions and constructions just described use a very strong error model: we require that secure sketches and fuzzy extractors accept every secret w′ which is sufficiently close to the original secret w, with probability 1
- We show that a relaxed notion of embedding, called a biometric embedding in Section 4.3, can produce fuzzy extractors and secure sketches that are better than what one can get from the embedding of [OR05] when t is large

Results

- Before proceeding to construct the primitives for concrete metrics, the authors make some observations about the definitions.
- The definitions and constructions just described use a very strong error model: the authors require that secure sketches and fuzzy extractors accept every secret w′ which is sufficiently close to the original secret w, with probability 1.
- In Section 8, the authors extend the definitions and constructions of earlier sections to several relaxed error models
- It is well-known that in the standard setting of error-correction for a binary communication channel, one can tolerate many more errors when the errors are random and independent than when the errors are determined adversarially.
- The constructions are quite simple, and draw on existing techniques from the coding literature [BBR88, DGL04, Gur[03], Lan[04], MPSW05]

Conclusion

- As a point of reference, the authors will see below that log n s

− log A(n, 2t + 1, s) is a lower bound on the entropy loss of any secure sketch for set difference. - In the large universe setting, where t ≪ n, the lower bound is approximately t log n.
- The relevant lower bounds are discussed at the end of Sections 6.1 and 6.2.
- The authors discuss the code-offset construction, as well as a permutation-based scheme which is tailored to fixed set size.
- The latter scheme is optimal for this metric, but impractical

- Table1: Summary of Secure Sketches for Set Difference

Funding

- In roughly chronological order, we thank Piotr Indyk for discussions about embeddings and for his help in the proof of Lemma 7.3; Madhu Sudan, for helpful discussions about the construction of [JS02] and the uses of error-correcting codes; Venkat Guruswami, for enlightenment about list decoding; Pim Tuyls, for pointing out relevant previous work; Chris Peikert, for pointing out the model of computationally bounded adversaries from [MPSW05]; Ari Trachtenberg, for finding an error in the preliminary version of Appendix E; Ronny Roth, for discussions about efficient BCH decoding; Kevin Harmon and Soren Johnson, for their implementation work; and Silvio Micali, for suggestions on presenting our results. The work of the Y.D. was partly funded by the National Science Foundation under CAREER Award No CCR-0133806 and Trusted Computing Grant No CCR-0311095, and by the New York University Research Challenge Fund 25-74100-N5237
- The work of the L.R. was partly funded by the National Science Foundation under Grant No CCR-0311485
- The work of the A.S. was partly funded by US A.R.O. grant DAAD19-00-1-0177 and by a Microsoft Fellowship

Reference

- [ACM99] Sixth ACM Conference on Computer and Communication Security. ACM, November 1999.
- [ADG+03] A. Andoni, M. Deza, A. Gupta, P. Indyk, and S. Raskhodnikova. Lower bounds for embedding edit distance into normed spaces. In Proceedings of the Fourteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pages 523–526, 2003.
- Erik Agrell, Alexander Vardy, and Kenneth Zeger. Upper bounds for constant-weight codes. IEEE Transactions on Information Theory, 46(7):2373–2395, 2000.
- [BBCM95] Charles H. Bennett, Gilles Brassard, Claude Crepeau, and Ueli M. Maurer. Generalized privacy amplification. IEEE Transactions on Information Theory, 41(6):1915–1923, 1995.
- Charles H. Bennett, Gilles Brassard, Claude Crepeau, and Marie-Helene Skubiszewska. Practical quantum oblivious transfer. In J. Feigenbaum, editor, Advances in Cryptology— CRYPTO ’91, volume 576 of Lecture Notes in Computer Science, pages 351–366. SpringerVerlag, 1992, 11–15 August 1991.
- C. Bennett, G. Brassard, and J. Robert. Privacy amplification by public discussion. SIAM Journal on Computing, 17(2):210–229, 1988.
- C. Barral, J.-S. Coron, and D. Naccache. Externalized fingerprint matching. Technical Report 2004/021, Cryptology e-print archive, http://eprint.iacr.org, 2004.
- Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. Secure remote authentication using biometric data. In Ronald Cramer, editor, Advances in Cryptology—EUROCRYPT 2005, volume 3494 of Lecture Notes in Computer Science, pages 147–163. Springer-Verlag, 2005.
- Richard E. Blahut. Theory and practice of error control codes. Addison Wesley Longman, Reading, MA, 1983. 512 p.
- Xavier Boyen. Reusable cryptographic fuzzy extractors. In Eleventh ACM Conference on Computer and Communication Security. ACM, October 25–29 2004.
- Andrei Broder. On the resemblence and containment of documents. In Compression and Complexity of Sequences, 1997.
- [BSSS90] Andries E. Brouwer, James B. Shearer, Neil J. A. Sloane, and Warren D. Smith. A new table of constant weight codes. IEEE Transactions on Information Theory, 36(6):1334–1380, 1990.
- Benny Chor and Oded Goldreich. Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing, 17(2):230–261, 1988.
- L. Csirmaz and G.O.H. Katona. Geometrical cryptography. In Proc. International Workshop on Coding and Cryptography, 2003.
- Claude Crepeau. Efficient cryptographic protocols based on noisy channels. In Walter Fumy, editor, Advances in Cryptology—EUROCRYPT 97, volume 1233 of Lecture Notes in Computer Science, pages 306–317. Springer-Verlag, 11–15 May 1997.
- V. Chauhan and A. Trachtenberg. Reconciliation puzzles. In IEEE Globecom, Dallas, TX, 2004.
- J.L. Carter and M.N. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18:143–154, 1979.
- Gerard Cohen and Gilles Zemor. Generalized coset schemes for the wire-tap channel: Application to biometrics. In IEEE International Symp. on Information Theory, 2004.
- [DFMP99] G.I. Davida, Y. Frankel, B.J. Matt, and R. Peralta. On the relation of error correction and cryptography to an off line biometric based identification scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography, Paris, France, 11-14 January 1999.
- [DGL04] Yan Zhong Ding, P. Gopalan, and Richard J. Lipton. Error correction against computationally bounded adversaries. Manuscript. Appeared initially as [Lip94], 2004.
- Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Christian Cachin and Jan Camenisch, editors, Advances in Cryptology—EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science. Springer-Verlag, 2004.
- [EHMS00] Carl Ellison, Chris Hall, Randy Milbert, and Bruce Schneier. Protecting keys with personal entropy. Future Generation Computer Systems, 16:311–318, February 2000.
- Niklas Frykholm and Ari Juels. Error-tolerant password recovery. In Eighth ACM Conference on Computer and Communication Security, pages 1–8. ACM, November 5–8 2001.
- G. David Forney. Concatenated Codes. PhD thesis, MIT, 1966.
- N. Frykholm. Passwords: Beyond the terminal interaction model. Master’s thesis, Umea University, 2000.
- Venkatesan Guruswami and Madhu Sudan. List decoding algorithms for certain concatenated codes. In Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, pages 181–190, Portland, Oregon, 21–23 May 2000.
- V. Guruswami. List Decoding of Error-Correcting Codes. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, 2001.
- Venkatesan Guruswami. List decoding with side information. In IEEE Conference on Computational Complexity, pages 300–. IEEE Computer Society, 2003.
- [HILL99] J. Hastad, R. Impagliazzo, L.A. Levin, and M. Luby. Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364–1396, 1999.
- Kevin Harmon, Soren Johnson, and Leonid Reyzin. An implementation of syndrome encoding and decoding for binary BCH codes, secure sketches and fuzzy extractors. Available at http://www.cs.bu.edu/̃reyzin/code/fuzzy.html.
- Ari Juels and Madhu Sudan. A fuzzy vault scheme. In IEEE International Symposium on Information Theory, 2002.
- Joe Kilian, editor. First Theory of Cryptography Conference — TCC 2005, volume 3378 of Lecture Notes in Computer Science. Springer-Verlag, February 10–12 2005.
- A.A. Karatsuba and Y. Ofman. Multiplication of multidigit numbers on automata. Soviet Physics Doklady, 7:595–596, 1963.
- E. Kaltofen and V. Shoup. Subquadratic-time factoring of polynomials over finite fields. In Proceedings of the Twenty-Seventh Annual ACM Symposium on the Theory of Computing, pages 398–406, Las Vegas, Nevada, 29 May–1 June 1995.
- Michael Langberg. Private codes or succinct random codes that are (almost) perfect. In FOCS ’04: Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS’04), pages 325–334, Washington, DC, USA, 2004. IEEE Computer Society.
- Springer, 1994. The full version of this paper is in preparation [DGL04].
- J.-P. M. G. Linnartz and P. Tuyls. New shielding functions to enhance privacy and prevent misuse of biometric templates. In AVBPA, pages 393–402, 2003.
- Ueli Maurer. Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory, 39(3):733–742, 1993.
- Yaron Minsky. The SKS OpenPGP key server. http://www.nongnu.org/sks.
- [MRLW01a] Fabian Monrose, Michael K. Reiter, Qi Li, and Susanne Wetzel. Cryptographic key generation from voice. In Proceedings of the IEEE Symposium on Security and Privacy, 2001.
- [MRLW01b] Fabian Monrose, Michael K. Reiter, Qi Li, and Susanne Wetzel. Using voice to generate cryptographic keys. In 2001: A Speaker Odyssey. The Speaker Recognition Workshop, 2001.
- Robert Morris and Ken Thomson. Password security: A case history. Communications of the ACM, 22(11):594–597, 1979.
- Yaron Minsky and Ari Trachtenberg. Scalable set reconciliation. In 40th Annual Allerton Conference on Communication, Control and Computing, Monticello, IL, October 2002. See also tehcnial report BU-ECE-2002-01.
- Yaron Minsky, Ari Trachtenberg, and Richard Zippel. Set reconciliation with nearly optimal communication complexity. IEEE Transactions on Information Theory, 49(9):2213–2218, 2003.
- Noam Nisan and David Zuckerman. Randomness is linear in space. Journal of Computer and System Sciences, 52(1):43–53, 1996.
- Rafail Ostrovsky and Yuval Rabani. Low distortion embeddings for edit distance. In Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pages 218–224, Baltimore, Maryland, 22–24 May 2005.
- Jaikumar Radhakrishnan and Amnon Ta-Shma. Bounds for dispersers, extractors, and depthtwo superconcentrators. SIAM Journal on Computing, 13(1):2–24, 2000.
- Renato Renner and Stefan Wolf. Smooth renyi entropy and applications. In Proceedings of IEEE International Symposium on Information Theory, page 233, June 2004.
- Renato Renner and Stefan Wolf. Simple and tight bounds for information reconciliation and privacy amplification. In Bimal Roy, editor, Advances in Cryptology—ASIACRYPT 2005, Lecture Notes in Computer Science, Chennai, India, 4–8 December 2005. Springer-Verlag.
- Claude E. Shannon. A mathematical theory of communication. Bell System Technical Journal, 27:379–423 and 623–656, July and October 1948. Reprinted in D. Slepian, editor, Key Papers in the Development of Information Theory, IEEE Press, NY, 1974.
- Ronen Shaltiel. Recent developments in explicit constructions of extractors. Bulletin of the EATCS, 77:67–95, 2002.
- Victor Shoup. A proposal for an ISO standard for public key encryption. Available at http://eprint.iacr.org/2001/112, 2001.
- Victor Shoup. A Computational Introduction to Number Theory and Algebra. Cambridge University Press, 2005. Available from http://shoup.net.
- [SKHN75] Yasuo Sugiyama, Masao Kasahara, Shigeichi Hirasawa, and Toshihiko Namekawa. A method for solving key equation for decoding Goppa codes. Information and Control, 27(1):87–99, 1975.
- David Starobinski, Ari Trachtenberg, and Sachin Agarwal. Efficient PDA synchronization. IEEE Transactions on Mobile Computing, 2(1):40–51, 2003.
- Madhu Sudan. Lecture notes for an algorithmic introduction to coding theory. Course taught at MIT, December 2001.
- J.H. van Lint. Introduction to Coding Theory. Springer-Verlag, 1992.
- [VTDL03] E. Verbitskiy, P. Tuyls, D. Denteneer, and J.-P. Linnartz. Reliable biometric authentication with privacy protection. In Proc. 24th Benelux Symposium on Information theory, 2003.
- [vzGG03] Joachim von zur Gathen and Jurgen Gerhard. Modern Computer Algebra. Cambridge University Press, 2003.
- M.N. Wegman and J.L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 22:265–279, 1981.
- 2. Choose r − s distinct points xs+1,..., xr at random from F − w.
- 3. For i = s + 1,..., r, choose yi ∈ F at random such that yi = p(xi).
- 4. Output SS(w) = {(x1, y1),..., (xr, yr)} (in lexicographic order of xi). The parameter r dictates the amount of storage necessary, one on hand, and also the security of the scheme (that is, for r = s the scheme leaks all information and for larger and larger r there is less information about w). Juels and Sudan actually propose two analyses for the scheme. First, they analyze the case where the secret w is distributed uniformly over all subsets of size s. Second, they provide an analysis of a nonuniform password distribution, but only for the case r = n (that is, their analysis only applies in the small universe setting, where Ω(n) storage is acceptable). Here we give a simpler analysis which handles nonuniformity and any r ≤ n. We get the same results for a broader set of parameters.

Tags

Comments

数据免责声明

页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果，我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问，可以通过电子邮件方式联系我们：report@aminer.cn