A fully robust fuzzy extractor

Cryptography traditionally relies on uniformly distributed and precisely reproducible random strings for its secrets, however, it is difficult to create, store, and reliably retrieve such strings. To securely derive cryptographic keys from a noisy input such as biometric data, two primitives are introduced by Y. Dodis et. al.: a secure sketch which allows recovery of a noisy input given a "close" approximation thereof, and a fuzzy extractor which extracts a uniformly distributed string from this noisy input in an error-tolerant manner. Both primitives work by constructing a "public" string which is used to encode the information needed for error-tolerant reconstruction of the original input and subsequent extraction. The public string, when transmitted over an insecure channel or stored in an insecure storage, can be modified by an adversary. A robust secure sketch and a robust fuzzy extractor mean that the public string can be authenticated by a receiver, if the authenticity of public string is verified by using, in some way, recovered string in secure sketch or extracted string in fuzzy extractor, we say that the authentication has circularity in it. In this paper, we propose a fully robust fuzzy extractor based on an error-correcting code, in which the public string can be authenticated by the receiver using his own a part of string that is close to sender's string under some metric, thus the circularity in authentication can be broken fully. The security is proven in standard model. © 2009 IEEE.