An Improved Robust Fuzzy Extractor

We consider the problem of building robust fuzzy extractors, which allow two parties holding similar random variables W, Wi¾? to agree on a secret key Rin the presence of an active adversary. Robust fuzzy extractors were defined by Dodis et al. in Crypto 2006 to be noninteractive, i.e., only one message P, which can be modified by an unbounded adversary, can pass from one party to the other. This allows them to be used by a single party at different points in time (e.g., for key recovery or biometric authentication), but also presents an additional challenge: what if Ris used, and thus possibly observed by the adversary, before the adversary has a chance to modify P. Fuzzy extractors secure against such a strong attack are called post-application robust. We construct a fuzzy extractor with post-application robustness that extracts a shared secret key of up to (2mi¾? n)/2 bits (depending on error-tolerance and security parameters), where nis the bit-length and mis the entropy of W. The previously best known result, also of Dodis et al., extracted up to (2mi¾? n)/3 bits (depending on the same parameters).

[1]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[2]  Ueli Maurer,et al.  Protocols for Secret Key Agreement by Public Discussion Based on Common Information , 1992, CRYPTO.

[3]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[4]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[5]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[6]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[7]  I. Motivation,et al.  Secret-Key Agreement Over Unauthenticated Public Channels—Part III: Privacy Amplification , 2003 .

[8]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[9]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[10]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[11]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels III: Privacy amplification , 2003, IEEE Trans. Inf. Theory.

[12]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[13]  Renato Renner,et al.  Unconditional Authenticity and Privacy from an Arbitrarily Weak Secret , 2003, CRYPTO.

[14]  Joel H. Spencer,et al.  On the (non)universality of the one-time pad , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[15]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.

[16]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[17]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[18]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  N. S. Barnett,et al.  Private communication , 1969 .

[21]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[22]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[23]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[24]  Stefan Wolf,et al.  Strong Security Against Active Attacks in Information-Theoretic Secret-Key Agreement , 1998, ASIACRYPT.