Strong key derivation from noisy sources

A shared cryptographic key enables strong authentication. Candidate sources for creating such a shared key include biometrics and physically unclonable functions. However, these sources come with a substantial problem: noise in repeated readings. A fuzzy extractor produces a stable key from a noisy source. It consists of two stages. At enrollment time, the generate algorithm produces a key from an initial reading of the source. At authentication time, the reproduce algorithm takes a repeated but noisy reading of the source, yielding the same key when the two readings are close. For many sources of practical importance, traditional fuzzy extractors provide no meaningful security guarantee. This dissertation improves key derivation from noisy sources. These improvements stem from three observations about traditional fuzzy extractors. First, the only property of a source that standard fuzzy extractors use is the entropy in the original reading. We observe that additional structural information about the source can facilitate key derivation. Second, most fuzzy extractors work by first recovering the initial reading from the noisy reading (known as a secure sketch). This approach imposes harsh limitations on

[1]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[2]  Leonid Reyzin,et al.  Computational Entropy and Information Leakage , 2012, IACR Cryptol. ePrint Arch..

[3]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[4]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[5]  Yuval Ishai,et al.  On Pseudorandom Generators with Linear Stretch in NC0 , 2006, APPROX-RANDOM.

[6]  Leonid Reyzin,et al.  When Are Fuzzy Extractors Possible? , 2016, IEEE Transactions on Information Theory.

[7]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[8]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[9]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[10]  Omer Paneth,et al.  Key Derivation From Noisy Sources With More Errors Than Entropy , 2014, IACR Cryptol. ePrint Arch..

[11]  J. Daugman,et al.  How iris recognition works , 2002, Proceedings. International Conference on Image Processing.

[12]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[13]  Ee-Chien Chang,et al.  Robust, short and sensitive authentication tags using secure sketch , 2006, MM&Sec '06.

[14]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[15]  Colin Cooper,et al.  On the rank of random matrices , 2000, Random Struct. Algorithms.

[16]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[17]  Himanshu Tyagi,et al.  A Bound For Multiparty Secret Key Agreement And Implications For A Problem Of Secure Computing , 2014, IACR Cryptol. ePrint Arch..

[18]  M. Skala Hypergeometric tail inequalities: ending the insanity , 2013, 1311.5939.

[19]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[20]  Hugo Krawczyk,et al.  Leftover Hash Lemma, Revisited , 2011, IACR Cryptol. ePrint Arch..

[21]  Marina Blanton,et al.  Analysis of Reusability of Secure Sketches and Fuzzy Extractors , 2013, IEEE Transactions on Information Forensics and Security.

[22]  Pieter H. Hartel,et al.  Embedding renewable cryptographic keys into noisy data , 2010, International Journal of Information Security.

[23]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[24]  Jørn Justesen,et al.  Class of constructive asymptotically good algebraic codes , 1972, IEEE Trans. Inf. Theory.

[25]  Leonid Reyzin,et al.  Key Agreement from Close Secrets over Unsecured Channels , 2009, IACR Cryptol. ePrint Arch..

[26]  Leonid Reyzin,et al.  Some Notions of Entropy for Cryptography ∗ , 2011 .

[27]  Oded Goldreich,et al.  A Sample of Samplers - A Computational Perspective on Sampling (survey) , 1997, Electron. Colloquium Comput. Complex..

[28]  Hugo Krawczyk,et al.  Computational Extractors and Pseudorandomness , 2011, IACR Cryptol. ePrint Arch..

[29]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[30]  Ran Canetti,et al.  Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[31]  L.G. Tallini,et al.  On the capacity and codes for the Z-channel , 2002, Proceedings IEEE International Symposium on Information Theory,.

[32]  David Zuckerman,et al.  DETERMINISTIC EXTRACTORS FOR BIT-FIXING SOURCES AND EXPOSURE-RESILIENT CRYPTOGRAPHY , 2003 .

[33]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[34]  Nalini K. Ratha,et al.  Biometrics break-ins and band-aids , 2003, Pattern Recognit. Lett..

[35]  Marina Blanton,et al.  On the (Non-)Reusability of Fuzzy Sketches and Extractors and Security Improvements in the Computational Setting , 2012, IACR Cryptol. ePrint Arch..

[36]  Leonid Reyzin,et al.  Computational Fuzzy Extractors , 2013, ASIACRYPT.

[37]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[38]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[39]  Srinivas Devadas,et al.  Trapdoor Computational Fuzzy Extractors , 2014, IACR Cryptol. ePrint Arch..

[40]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[41]  Arun Ross,et al.  From the Iriscode to the Iris: A New Vulnerability of Iris Recognition Systems , 2012 .

[42]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[43]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[44]  Frans M. J. Willems,et al.  Biometric Security from an Information-Theoretical Perspective , 2012, Found. Trends Commun. Inf. Theory.

[45]  Tsuhan Chen,et al.  Biometrics-based cryptographic key generation , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[46]  Ariel Hamlin,et al.  Unifying Leakage Classes: Simulatable Leakage and Pseudoentropy , 2015, ICITS.

[47]  Chris Peikert,et al.  Hardness of SIS and LWE with Small Parameters , 2013, CRYPTO.

[48]  Boris Skoric,et al.  Key Extraction From General Nondiscrete Signals , 2010, IEEE Transactions on Information Forensics and Security.

[49]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[50]  Yevgeniy Dodis,et al.  Key Derivation without Entropy Waste , 2014, EUROCRYPT.

[51]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[52]  Salil P. Vadhan,et al.  On Constructing Locally Computable Extractors and Cryptosystems in the Bounded Storage Model , 2003, CRYPTO.

[53]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[54]  Marina Blanton,et al.  Biometric-Based Non-transferable Anonymous Credentials , 2009, ICICS.

[55]  Nir Bitansky,et al.  On Strong Simulation and Composable Point Obfuscation , 2010, CRYPTO.

[56]  Michael Sipser,et al.  Introduction to the Theory of Computation , 1996, SIGA.

[57]  Feng Hao,et al.  Combining Crypto with Biometrics Effectively , 2006, IEEE Transactions on Computers.

[58]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[59]  John Daugman,et al.  Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons , 2006, Proceedings of the IEEE.

[60]  Arno Mittelbach,et al.  Indistinguishability Obfuscation versus Multi-bit Point Obfuscation with Auxiliary Input , 2014, ASIACRYPT.

[61]  Zoltán Füredi,et al.  A short proof for a theorem of Harper about Hamming-spheres , 1981, Discret. Math..

[62]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[63]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[64]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[65]  Chi-Jen Lu,et al.  Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility , 2007, EUROCRYPT.

[66]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[67]  R. Khazan,et al.  GROK Secure multi-user Chat at Red Flag 2007-03 , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[68]  Yael Tauman Kalai,et al.  On Virtual Grey Box Obfuscation for General Circuits , 2017, Algorithmica.

[69]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[70]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[71]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[72]  Rafael Pass,et al.  Indistinguishability Obfuscation from Semantically-Secure Multilinear Encodings , 2014, CRYPTO.

[73]  Seng-Phil Hong,et al.  A Method of Risk Assessment for Multi-Factor Authentication , 2011, J. Inf. Process. Syst..

[74]  Nico Döttling,et al.  Lossy Codes and a New Variant of the Learning-With-Errors Problem , 2013, EUROCRYPT.

[75]  Bart Preneel,et al.  Privacy Weaknesses in Biometric Sketches , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[76]  Stark C. Draper,et al.  A Theoretical Analysis of Authentication, Privacy, and Reusability Across Secure Biometric Systems , 2011, IEEE Transactions on Information Forensics and Security.

[77]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[78]  Vasek Chvátal,et al.  The tail of the hypergeometric distribution , 1979, Discret. Math..

[79]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[80]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[81]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[82]  Boris Skoric,et al.  An efficient fuzzy extractor for limited noise , 2009, Foundations for Forgery-Resilient Cryptographic Hardware.

[83]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[84]  L. H. Harper Optimal numberings and isoperimetric problems on graphs , 1966 .

[85]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.