Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

We provide formal definitions and efficient secure techniques for - turning biometric information into keys usable for any cryptographic application, and - reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor extracts nearly uniform randomness R from its biometric input; the extraction is error-tolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in any cryptographic application. A secure sketch produces public information about its biometric input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them. In addition to formally introducing our new primitives, we provide nearly optimal constructions of both primitives for various measures of closeness of input data, such as Hamming distance, edit distance, and set difference.

[1]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[2]  Oscar H. IBARm Information and Control , 1957, Nature.

[3]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[4]  Masao Kasahara,et al.  A Method for Solving Key Equation for Decoding Goppa Codes , 1975, Inf. Control..

[5]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[6]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[7]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[8]  J. H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[9]  J.L. Massey,et al.  Theory and practice of error control codes , 1986, Proceedings of the IEEE.

[10]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[11]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[12]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[13]  N. J. A. Sloane,et al.  A new table of constant weight codes , 1990, IEEE Trans. Inf. Theory.

[14]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[15]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[16]  J. H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[17]  Richard J. Lipton,et al.  A New Approach To Information Theory , 1994, STACS.

[18]  Erich Kaltofen,et al.  Subquadratic-time factoring of polynomials over finite fields , 1995, STOC '95.

[19]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[20]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[21]  Bruce Schneier,et al.  Secure Applications of Low-Entropy Keys , 1997, ISW.

[22]  C. Crepeau,et al.  "Efficient cryptographic protocols based on noisy channels," Advances in Cryptology-EUROCRYPT'97 , 1997 .

[23]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[24]  Jaikumar Radhakrishnan,et al.  Tight bounds for depth-two superconcentrators , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[25]  Andrei Z. Broder,et al.  On the resemblance and containment of documents , 1997, Proceedings. Compression and Complexity of SEQUENCES 1997 (Cat. No.97TB100171).

[26]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[27]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[28]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[29]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[30]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[31]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[32]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[33]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[34]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[35]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[36]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[37]  Venkatesan Guruswami,et al.  List decoding algorithms for certain concatenated codes , 2000, STOC '00.

[38]  Alexander Vardy,et al.  Upper bounds for constant-weight codes , 2000, IEEE Trans. Inf. Theory.

[39]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[40]  Venkatesan Guruswami,et al.  List decoding of error correcting codes , 2001 .

[41]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[42]  Ari Juels,et al.  Error-tolerant password recovery , 2001, CCS '01.

[43]  Qi Li,et al.  Using voice to generate cryptographic keys , 2001, Odyssey.

[44]  L. Fortnow Recent Developments in Explicit Constructions of Extractors , 2002 .

[45]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[46]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[47]  Venkatesan Guruswami List decoding with side information , 2003, 18th IEEE Annual Conference on Computational Complexity, 2003. Proceedings..

[48]  Yaron Minsky,et al.  Set reconciliation with nearly optimal communication complexity , 2003, IEEE Trans. Inf. Theory.

[49]  Alexandr Andoni,et al.  Lower bounds for embedding edit distance into normed spaces , 2003, SODA '03.

[50]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[51]  Sachin Agarwal,et al.  Efficient PDA Synchronization , 2003, IEEE Trans. Mob. Comput..

[52]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[53]  Renato Renner,et al.  Smooth Renyi entropy and applications , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[54]  Jean-Sébastien Coron,et al.  Externalized Fingerprint Matching , 2004, ICBA.

[55]  Gilles Zémor,et al.  Generalized coset schemes for the wire-tap channel: application to biometrics , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[56]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[57]  Michael Langberg,et al.  Private codes or succinct random codes that are (almost) perfect , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[58]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[59]  Rafail Ostrovsky,et al.  Low distortion embeddings for edit distance , 2005, STOC '05.

[60]  Yan Zong Ding,et al.  Error Correction in the Bounded Storage Model , 2005, TCC.

[61]  Alexander Vardy,et al.  Correcting errors beyond the Guruswami-Sudan radius in polynomial time , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[62]  Juergen Bierbrauer Introduction to coding theory , 2005, Discrete mathematics and its applications.

[63]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[64]  Silvio Micali,et al.  Optimal Error Correction Against Computationally Bounded Noise , 2005, TCC.

[65]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[66]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[67]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[68]  Ee-Chien Chang,et al.  Hiding Secret Points Amidst Chaff , 2006, EUROCRYPT.

[69]  Nasir D. Memon,et al.  Secure Sketch for Biometric Templates , 2006, ASIACRYPT.

[70]  Venkatesan Guruswami,et al.  Explicit capacity-achieving list-decodable codes , 2005, STOC.

[71]  Ee-Chien Chang,et al.  Secure Sketch for Multi-Sets , 2006, IACR Cryptol. ePrint Arch..

[72]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[73]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[74]  Evgeny Verbitskiy,et al.  RELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION , 2007 .

[75]  Alexandr Andoni,et al.  The Computational Hardness of Estimating Edit Distance [Extended Abstract] , 2007, FOCS.

[76]  Alexandr Andoni,et al.  The Computational Hardness of Estimating Edit Distance [Extended Abstract] , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[77]  A. Meyers Reading , 1999, Language Teaching.

[78]  Adam D. Smith Scrambling adversarial errors using few random bits, optimal information reconciliation, and better private codes , 2007, SODA '07.

[79]  Leonid Reyzin Entropy Loss is Maximal for Uniform Inputs , 2007 .

[80]  Leonid Reyzin,et al.  Fuzzy Extractors ∗ , 2007 .

[81]  G. David Forney,et al.  Concatenated codes , 2009, Scholarpedia.

[82]  Yuan Zhou Introduction to Coding Theory , 2010 .