Reusable cryptographic fuzzy extractors

We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret---a major shortcoming in the case of biometric applications. We propose two particularly stringent security models that specifically address the case of fuzzy secret reuse, respectively from an outsider and an insider perspective, in what we call a chosen perturbation attack. We characterize the conditions that fuzzy extractors need to satisfy to be secure, and present generic constructions from ordinary building blocks. As an illustration, we demonstrate how to use a biometric secret in a remote fuzzy authentication protocol that does not require any storage on the client's side.

[1]  Jaikumar Radhakrishnan,et al.  Tight bounds for depth-two superconcentrators , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[2]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[3]  C. Crepeau,et al.  "Efficient cryptographic protocols based on noisy channels," Advances in Cryptology-EUROCRYPT'97 , 1997 .

[4]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[5]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[7]  Ari Juels,et al.  Error-tolerant password recovery , 2001, CCS '01.

[8]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[9]  Yevgeniy Dodis,et al.  Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints , 2003 .

[10]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[11]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[12]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[13]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[14]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[15]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[16]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..