AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We demonstrate that fuzzy extractors can be built out of secure sketches by utilizing strong randomness extractors, such as, for example, pairwise-independent hash functions

Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

Theory and Application of Cryptographic Techniques, no. 1 (2008): 97-139

Cited by: 3333|Views212
EI

Abstract

We provide formal definitions and efficient secure techniques for turning noisy information into keys usable for any cryptographic application, and, in particular, reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic k...More

Code:

Data:

0
Introduction
  • Cryptography traditionally relies on uniformly distributed and precisely reproducible random strings for its secrets.
  • Reality, makes it difficult to create, store, and reliably retrieve such strings.
  • Strings that are neither uniformly random nor reliably reproducible seem to be more plentiful.
  • A long pass-phrase is not uniformly random and is difficult to remember for a human user.
  • The authors' approach is rigorous and general, and the results have both theoretical and practical value
Highlights
  • Cryptography traditionally relies on uniformly distributed and precisely reproducible random strings for its secrets
  • We propose a new primitive, termed fuzzy extractor
  • We demonstrate that fuzzy extractors can be built out of secure sketches by utilizing strong randomness extractors [NZ96], such as, for example, pairwise-independent hash functions [CW79, WC81]
  • We provide constructions of secure sketches and fuzzy extractors in three metrics: Hamming distance, set difference, and edit distance
  • The definitions and constructions just described use a very strong error model: we require that secure sketches and fuzzy extractors accept every secret w′ which is sufficiently close to the original secret w, with probability 1
  • We show that a relaxed notion of embedding, called a biometric embedding in Section 4.3, can produce fuzzy extractors and secure sketches that are better than what one can get from the embedding of [OR05] when t is large
Results
  • Before proceeding to construct the primitives for concrete metrics, the authors make some observations about the definitions.
  • The definitions and constructions just described use a very strong error model: the authors require that secure sketches and fuzzy extractors accept every secret w′ which is sufficiently close to the original secret w, with probability 1.
  • In Section 8, the authors extend the definitions and constructions of earlier sections to several relaxed error models
  • It is well-known that in the standard setting of error-correction for a binary communication channel, one can tolerate many more errors when the errors are random and independent than when the errors are determined adversarially.
  • The constructions are quite simple, and draw on existing techniques from the coding literature [BBR88, DGL04, Gur[03], Lan[04], MPSW05]
Conclusion
  • As a point of reference, the authors will see below that log n s

    − log A(n, 2t + 1, s) is a lower bound on the entropy loss of any secure sketch for set difference.
  • In the large universe setting, where t ≪ n, the lower bound is approximately t log n.
  • The relevant lower bounds are discussed at the end of Sections 6.1 and 6.2.
  • The authors discuss the code-offset construction, as well as a permutation-based scheme which is tailored to fixed set size.
  • The latter scheme is optimal for this metric, but impractical
Tables
  • Table1: Summary of Secure Sketches for Set Difference
Download tables as Excel
Funding
  • In roughly chronological order, we thank Piotr Indyk for discussions about embeddings and for his help in the proof of Lemma 7.3; Madhu Sudan, for helpful discussions about the construction of [JS02] and the uses of error-correcting codes; Venkat Guruswami, for enlightenment about list decoding; Pim Tuyls, for pointing out relevant previous work; Chris Peikert, for pointing out the model of computationally bounded adversaries from [MPSW05]; Ari Trachtenberg, for finding an error in the preliminary version of Appendix E; Ronny Roth, for discussions about efficient BCH decoding; Kevin Harmon and Soren Johnson, for their implementation work; and Silvio Micali, for suggestions on presenting our results. The work of the Y.D. was partly funded by the National Science Foundation under CAREER Award No CCR-0133806 and Trusted Computing Grant No CCR-0311095, and by the New York University Research Challenge Fund 25-74100-N5237
  • The work of the L.R. was partly funded by the National Science Foundation under Grant No CCR-0311485
  • The work of the A.S. was partly funded by US A.R.O. grant DAAD19-00-1-0177 and by a Microsoft Fellowship
Reference
  • [ACM99] Sixth ACM Conference on Computer and Communication Security. ACM, November 1999.
    Google ScholarFindings
  • [ADG+03] A. Andoni, M. Deza, A. Gupta, P. Indyk, and S. Raskhodnikova. Lower bounds for embedding edit distance into normed spaces. In Proceedings of the Fourteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pages 523–526, 2003.
    Google ScholarLocate open access versionFindings
  • Erik Agrell, Alexander Vardy, and Kenneth Zeger. Upper bounds for constant-weight codes. IEEE Transactions on Information Theory, 46(7):2373–2395, 2000.
    Google ScholarLocate open access versionFindings
  • [BBCM95] Charles H. Bennett, Gilles Brassard, Claude Crepeau, and Ueli M. Maurer. Generalized privacy amplification. IEEE Transactions on Information Theory, 41(6):1915–1923, 1995.
    Google ScholarLocate open access versionFindings
  • Charles H. Bennett, Gilles Brassard, Claude Crepeau, and Marie-Helene Skubiszewska. Practical quantum oblivious transfer. In J. Feigenbaum, editor, Advances in Cryptology— CRYPTO ’91, volume 576 of Lecture Notes in Computer Science, pages 351–366. SpringerVerlag, 1992, 11–15 August 1991.
    Google ScholarLocate open access versionFindings
  • C. Bennett, G. Brassard, and J. Robert. Privacy amplification by public discussion. SIAM Journal on Computing, 17(2):210–229, 1988.
    Google ScholarLocate open access versionFindings
  • C. Barral, J.-S. Coron, and D. Naccache. Externalized fingerprint matching. Technical Report 2004/021, Cryptology e-print archive, http://eprint.iacr.org, 2004.
    Findings
  • Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. Secure remote authentication using biometric data. In Ronald Cramer, editor, Advances in Cryptology—EUROCRYPT 2005, volume 3494 of Lecture Notes in Computer Science, pages 147–163. Springer-Verlag, 2005.
    Google ScholarLocate open access versionFindings
  • Richard E. Blahut. Theory and practice of error control codes. Addison Wesley Longman, Reading, MA, 1983. 512 p.
    Google ScholarFindings
  • Xavier Boyen. Reusable cryptographic fuzzy extractors. In Eleventh ACM Conference on Computer and Communication Security. ACM, October 25–29 2004.
    Google ScholarLocate open access versionFindings
  • Andrei Broder. On the resemblence and containment of documents. In Compression and Complexity of Sequences, 1997.
    Google ScholarLocate open access versionFindings
  • [BSSS90] Andries E. Brouwer, James B. Shearer, Neil J. A. Sloane, and Warren D. Smith. A new table of constant weight codes. IEEE Transactions on Information Theory, 36(6):1334–1380, 1990.
    Google ScholarLocate open access versionFindings
  • Benny Chor and Oded Goldreich. Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing, 17(2):230–261, 1988.
    Google ScholarLocate open access versionFindings
  • L. Csirmaz and G.O.H. Katona. Geometrical cryptography. In Proc. International Workshop on Coding and Cryptography, 2003.
    Google ScholarLocate open access versionFindings
  • Claude Crepeau. Efficient cryptographic protocols based on noisy channels. In Walter Fumy, editor, Advances in Cryptology—EUROCRYPT 97, volume 1233 of Lecture Notes in Computer Science, pages 306–317. Springer-Verlag, 11–15 May 1997.
    Google ScholarLocate open access versionFindings
  • V. Chauhan and A. Trachtenberg. Reconciliation puzzles. In IEEE Globecom, Dallas, TX, 2004.
    Google ScholarLocate open access versionFindings
  • J.L. Carter and M.N. Wegman. Universal classes of hash functions. Journal of Computer and System Sciences, 18:143–154, 1979.
    Google ScholarLocate open access versionFindings
  • Gerard Cohen and Gilles Zemor. Generalized coset schemes for the wire-tap channel: Application to biometrics. In IEEE International Symp. on Information Theory, 2004.
    Google ScholarLocate open access versionFindings
  • [DFMP99] G.I. Davida, Y. Frankel, B.J. Matt, and R. Peralta. On the relation of error correction and cryptography to an off line biometric based identification scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography, Paris, France, 11-14 January 1999.
    Google ScholarLocate open access versionFindings
  • [DGL04] Yan Zhong Ding, P. Gopalan, and Richard J. Lipton. Error correction against computationally bounded adversaries. Manuscript. Appeared initially as [Lip94], 2004.
    Google ScholarLocate open access versionFindings
  • Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Christian Cachin and Jan Camenisch, editors, Advances in Cryptology—EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science. Springer-Verlag, 2004.
    Google ScholarLocate open access versionFindings
  • [EHMS00] Carl Ellison, Chris Hall, Randy Milbert, and Bruce Schneier. Protecting keys with personal entropy. Future Generation Computer Systems, 16:311–318, February 2000.
    Google ScholarLocate open access versionFindings
  • Niklas Frykholm and Ari Juels. Error-tolerant password recovery. In Eighth ACM Conference on Computer and Communication Security, pages 1–8. ACM, November 5–8 2001.
    Google ScholarLocate open access versionFindings
  • G. David Forney. Concatenated Codes. PhD thesis, MIT, 1966.
    Google ScholarFindings
  • N. Frykholm. Passwords: Beyond the terminal interaction model. Master’s thesis, Umea University, 2000.
    Google ScholarFindings
  • Venkatesan Guruswami and Madhu Sudan. List decoding algorithms for certain concatenated codes. In Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, pages 181–190, Portland, Oregon, 21–23 May 2000.
    Google ScholarLocate open access versionFindings
  • V. Guruswami. List Decoding of Error-Correcting Codes. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, 2001.
    Google ScholarFindings
  • Venkatesan Guruswami. List decoding with side information. In IEEE Conference on Computational Complexity, pages 300–. IEEE Computer Society, 2003.
    Google ScholarLocate open access versionFindings
  • [HILL99] J. Hastad, R. Impagliazzo, L.A. Levin, and M. Luby. Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364–1396, 1999.
    Google ScholarLocate open access versionFindings
  • Kevin Harmon, Soren Johnson, and Leonid Reyzin. An implementation of syndrome encoding and decoding for binary BCH codes, secure sketches and fuzzy extractors. Available at http://www.cs.bu.edu/̃reyzin/code/fuzzy.html.
    Findings
  • Ari Juels and Madhu Sudan. A fuzzy vault scheme. In IEEE International Symposium on Information Theory, 2002.
    Google ScholarLocate open access versionFindings
  • Joe Kilian, editor. First Theory of Cryptography Conference — TCC 2005, volume 3378 of Lecture Notes in Computer Science. Springer-Verlag, February 10–12 2005.
    Google ScholarLocate open access versionFindings
  • A.A. Karatsuba and Y. Ofman. Multiplication of multidigit numbers on automata. Soviet Physics Doklady, 7:595–596, 1963.
    Google ScholarLocate open access versionFindings
  • E. Kaltofen and V. Shoup. Subquadratic-time factoring of polynomials over finite fields. In Proceedings of the Twenty-Seventh Annual ACM Symposium on the Theory of Computing, pages 398–406, Las Vegas, Nevada, 29 May–1 June 1995.
    Google ScholarLocate open access versionFindings
  • Michael Langberg. Private codes or succinct random codes that are (almost) perfect. In FOCS ’04: Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS’04), pages 325–334, Washington, DC, USA, 2004. IEEE Computer Society.
    Google ScholarLocate open access versionFindings
  • Springer, 1994. The full version of this paper is in preparation [DGL04].
    Google ScholarFindings
  • J.-P. M. G. Linnartz and P. Tuyls. New shielding functions to enhance privacy and prevent misuse of biometric templates. In AVBPA, pages 393–402, 2003.
    Google ScholarLocate open access versionFindings
  • Ueli Maurer. Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory, 39(3):733–742, 1993.
    Google ScholarLocate open access versionFindings
  • Yaron Minsky. The SKS OpenPGP key server. http://www.nongnu.org/sks.
    Findings
  • [MRLW01a] Fabian Monrose, Michael K. Reiter, Qi Li, and Susanne Wetzel. Cryptographic key generation from voice. In Proceedings of the IEEE Symposium on Security and Privacy, 2001.
    Google ScholarLocate open access versionFindings
  • [MRLW01b] Fabian Monrose, Michael K. Reiter, Qi Li, and Susanne Wetzel. Using voice to generate cryptographic keys. In 2001: A Speaker Odyssey. The Speaker Recognition Workshop, 2001.
    Google ScholarFindings
  • Robert Morris and Ken Thomson. Password security: A case history. Communications of the ACM, 22(11):594–597, 1979.
    Google ScholarLocate open access versionFindings
  • Yaron Minsky and Ari Trachtenberg. Scalable set reconciliation. In 40th Annual Allerton Conference on Communication, Control and Computing, Monticello, IL, October 2002. See also tehcnial report BU-ECE-2002-01.
    Google ScholarLocate open access versionFindings
  • Yaron Minsky, Ari Trachtenberg, and Richard Zippel. Set reconciliation with nearly optimal communication complexity. IEEE Transactions on Information Theory, 49(9):2213–2218, 2003.
    Google ScholarLocate open access versionFindings
  • Noam Nisan and David Zuckerman. Randomness is linear in space. Journal of Computer and System Sciences, 52(1):43–53, 1996.
    Google ScholarLocate open access versionFindings
  • Rafail Ostrovsky and Yuval Rabani. Low distortion embeddings for edit distance. In Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pages 218–224, Baltimore, Maryland, 22–24 May 2005.
    Google ScholarLocate open access versionFindings
  • Jaikumar Radhakrishnan and Amnon Ta-Shma. Bounds for dispersers, extractors, and depthtwo superconcentrators. SIAM Journal on Computing, 13(1):2–24, 2000.
    Google ScholarLocate open access versionFindings
  • Renato Renner and Stefan Wolf. Smooth renyi entropy and applications. In Proceedings of IEEE International Symposium on Information Theory, page 233, June 2004.
    Google ScholarLocate open access versionFindings
  • Renato Renner and Stefan Wolf. Simple and tight bounds for information reconciliation and privacy amplification. In Bimal Roy, editor, Advances in Cryptology—ASIACRYPT 2005, Lecture Notes in Computer Science, Chennai, India, 4–8 December 2005. Springer-Verlag.
    Google ScholarFindings
  • Claude E. Shannon. A mathematical theory of communication. Bell System Technical Journal, 27:379–423 and 623–656, July and October 1948. Reprinted in D. Slepian, editor, Key Papers in the Development of Information Theory, IEEE Press, NY, 1974.
    Google ScholarLocate open access versionFindings
  • Ronen Shaltiel. Recent developments in explicit constructions of extractors. Bulletin of the EATCS, 77:67–95, 2002.
    Google ScholarLocate open access versionFindings
  • Victor Shoup. A proposal for an ISO standard for public key encryption. Available at http://eprint.iacr.org/2001/112, 2001.
    Findings
  • Victor Shoup. A Computational Introduction to Number Theory and Algebra. Cambridge University Press, 2005. Available from http://shoup.net.
    Findings
  • [SKHN75] Yasuo Sugiyama, Masao Kasahara, Shigeichi Hirasawa, and Toshihiko Namekawa. A method for solving key equation for decoding Goppa codes. Information and Control, 27(1):87–99, 1975.
    Google ScholarLocate open access versionFindings
  • David Starobinski, Ari Trachtenberg, and Sachin Agarwal. Efficient PDA synchronization. IEEE Transactions on Mobile Computing, 2(1):40–51, 2003.
    Google ScholarLocate open access versionFindings
  • Madhu Sudan. Lecture notes for an algorithmic introduction to coding theory. Course taught at MIT, December 2001.
    Google ScholarLocate open access versionFindings
  • J.H. van Lint. Introduction to Coding Theory. Springer-Verlag, 1992.
    Google ScholarFindings
  • [VTDL03] E. Verbitskiy, P. Tuyls, D. Denteneer, and J.-P. Linnartz. Reliable biometric authentication with privacy protection. In Proc. 24th Benelux Symposium on Information theory, 2003.
    Google ScholarLocate open access versionFindings
  • [vzGG03] Joachim von zur Gathen and Jurgen Gerhard. Modern Computer Algebra. Cambridge University Press, 2003.
    Google ScholarFindings
  • M.N. Wegman and J.L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 22:265–279, 1981.
    Google ScholarLocate open access versionFindings
  • 2. Choose r − s distinct points xs+1,..., xr at random from F − w.
    Google ScholarFindings
  • 3. For i = s + 1,..., r, choose yi ∈ F at random such that yi = p(xi).
    Google ScholarFindings
  • 4. Output SS(w) = {(x1, y1),..., (xr, yr)} (in lexicographic order of xi). The parameter r dictates the amount of storage necessary, one on hand, and also the security of the scheme (that is, for r = s the scheme leaks all information and for larger and larger r there is less information about w). Juels and Sudan actually propose two analyses for the scheme. First, they analyze the case where the secret w is distributed uniformly over all subsets of size s. Second, they provide an analysis of a nonuniform password distribution, but only for the case r = n (that is, their analysis only applies in the small universe setting, where Ω(n) storage is acceptable). Here we give a simpler analysis which handles nonuniformity and any r ≤ n. We get the same results for a broader set of parameters.
    Google ScholarFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科