A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing

Motivated by typo correction in password authentication, we investigate cryptographic error-correction of secrets in settings where the distribution of secrets is a priori (approximately) known. We refer to this as the distribution-sensitive setting.

[1]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[2]  Boris Skoric,et al.  An efficient fuzzy extractor for limited noise , 2009, Foundations for Forgery-Resilient Cryptographic Hardware.

[3]  David Zhang,et al.  A comparative study on quality assessment of high resolution fingerprint images , 2010, 2010 IEEE International Conference on Image Processing.

[4]  Leonid Reyzin,et al.  When Are Fuzzy Extractors Possible? , 2016, IEEE Transactions on Information Theory.

[5]  Thomas Ristenpart,et al.  Honey Encryption: Encryption beyond the Brute-Force Barrier , 2014, IEEE Security & Privacy.

[6]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[7]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[8]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Daniel Lowe Wheeler zxcvbn: Low-Budget Password Strength Estimation , 2016, USENIX Security Symposium.

[10]  S. Boztaş Entropies, Guessing and Cryptography , 1999 .

[11]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[12]  Jeremiah Blocki,et al.  Efficiently Computing Data-Independent Memory-Hard Functions , 2016, CRYPTO.

[13]  Thomas Ristenpart,et al.  Honey Encryption: Security Beyond the Brute-Force Bound , 2014, IACR Cryptol. ePrint Arch..

[14]  F. Frances Yao,et al.  Design and Analysis of Password-Based Key Derivation Functions , 2005, IEEE Trans. Inf. Theory.

[15]  Steven Skiena,et al.  Improving Usability Through Password-Corrective Hashing , 2006, SPIRE.

[16]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[17]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[18]  Rafail Ostrovsky,et al.  Low distortion embeddings for edit distance , 2007, JACM.

[19]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[20]  Joseph Bonneau,et al.  Guessing human-chosen secrets , 2012 .

[21]  Thomas Ristenpart,et al.  pASSWORD tYPOS and How to Correct Them Securely , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[23]  Vladimir Kolmogorov,et al.  On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model , 2016, EUROCRYPT.

[24]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[25]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[26]  Mihir Bellare,et al.  Multi-instance Security and Its Application to Password-Based Cryptography , 2012, CRYPTO.

[27]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[28]  Leonid Reyzin,et al.  Fuzzy Extractors ∗ , 2007 .

[29]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[30]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..