A fuzzy commitment scheme

We combine well-known techniques from the areas of error-correcting codes and cryptography to achieve a new type of cryptographic primitive that we refer to as a fuzzy commitment scheme. Like a conventional cryptographic commitment scheme, our fuzzy commitment scheme is both concealing and binding: it is infeasible for an attacker to learn the committed value, and also for the committer to decommit a value in more than one way. In a conventional scheme, a commitment must be opened using a unique witness, which acts, essentially, as a decryption key. By contrast, our scheme is fuzzy in the sense that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of our fuzzy commitment scheme makes it useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme is tolerant of error, it is capable of protecting biometric data just as conventional cryptographic techniques, like hash functions, are used to protect alphanumeric passwords. This addresses a major outstanding problem in the theory of biometric authentication. We prove the security characteristics of our fuzzy commitment scheme relative to the properties of an underlying cryptographic hash function.

[1]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[2]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[3]  George J. Klir,et al.  Fuzzy sets and fuzzy logic - theory and applications , 1995 .

[4]  Robert J. McEliece,et al.  The Theory of Information and Coding , 1979 .

[5]  Sergei Ovchinnikov,et al.  Fuzzy sets and applications , 1987 .

[6]  Josef Pieprzyk,et al.  On password-based authenticated key exchange using collisionful hash functions , 1996, ACISP.

[7]  R. Chien,et al.  Error-Correcting Codes, Second Edition , 1973, IEEE Transactions on Communications.

[8]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[9]  Stephen B. Wicker,et al.  A Digital Signature Scheme Based on Linear Error-correcting Block Codes , 1994, ASIACRYPT.

[10]  Li Gong,et al.  Collisionful Keyed Hash Functions with Selectable Collisions , 1995, Inf. Process. Lett..

[11]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[12]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[13]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[14]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[15]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[16]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[17]  Josef Pieprzyk,et al.  On selectable collisionful hash functions , 1996, ACISP.

[18]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[19]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[20]  Shai Halevi,et al.  Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver , 1995, Journal of Cryptology.

[21]  Gilles Brassard,et al.  Experimental Quantum Cryptography , 1990, EUROCRYPT.

[22]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[23]  V. Pless Introduction to the Theory of Error-Correcting Codes , 1991 .

[24]  T. R. N. Rao,et al.  Private-key algebraic-code encryptions , 1989, IEEE Trans. Inf. Theory.

[25]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[26]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[27]  Harve Bennett,et al.  Star trek II : the wrath of Khan , 1982 .

[28]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[29]  Madhu Sudan,et al.  Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..

[30]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[31]  Ivan Damgård,et al.  Commitment Schemes and Zero-Knowledge Protocols , 1998, Lectures on Data Security.

[32]  Amin Shokrollahi,et al.  Decoding algebraic-geometric codes beyond the error-correction bound , 1998, STOC '98.

[33]  S. Bakhtiari On the Weaknesses of Gong ' s Collisionful Hash Function , 1998 .

[34]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[35]  Thomas Jakobson,et al.  Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree , 1998, CRYPTO.

[36]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[37]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[38]  Paul C. van Oorschot,et al.  An Introduction to Error Correcting Codes with Applications , 1989 .

[39]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[40]  Josef Pieprzyk,et al.  On the Weakness of Gong's Collisionful Hash Functions , 1997, J. Univers. Comput. Sci..

[41]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[42]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[43]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .