Fuzzy Password-Authenticated Key Exchange

Consider key agreement by two parties who start out knowing a common secret (which we refer to as “pass-string”, a generalization of “password”), but face two complications: (1) the pass-string may come from a low-entropy distribution, and (2) the two parties’ copies of the pass-string may have some noise, and thus not match exactly. We provide the first efficient and general solutions to this problem that enable, for example, key agreement based on commonly used biometrics such as iris scans.

[1]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[2]  Yevgeniy Dodis,et al.  A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing , 2017, CRYPTO.

[3]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[4]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[5]  Yael Tauman Kalai,et al.  On Virtual Grey Box Obfuscation for General Circuits , 2017, Algorithmica.

[6]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[7]  Qing Yang,et al.  Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones , 2016, IEEE Transactions on Information Forensics and Security.

[8]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[9]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[10]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[11]  Noam Nisan,et al.  More deterministic simulation in logspace , 1993, STOC.

[12]  Jonathan Katz,et al.  Quid-Pro-Quo-tocols: Strengthening Semi-honest Protocols with Dual Execution , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  David Pointcheval,et al.  Fuzzy Authenticated Key Exchange , 2017, IACR Cryptol. ePrint Arch..

[14]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2010, IACR Cryptol. ePrint Arch..

[15]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[16]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[17]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.

[18]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[19]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[20]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[21]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[22]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.

[23]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[24]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[25]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[26]  Matthew K. Franklin,et al.  Efficiency Tradeoffs for Malicious Two-Party Computation , 2006, Public Key Cryptography.

[27]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[28]  Tal Malkin,et al.  Garbling Gadgets for Boolean and Arithmetic Circuits , 2016, IACR Cryptol. ePrint Arch..

[29]  Marina Blanton,et al.  Biometric-Based Non-transferable Anonymous Credentials , 2009, ICICS.

[30]  Jan Camenisch,et al.  Credential Authenticated Identification and Key Exchange , 2010, IACR Cryptol. ePrint Arch..

[31]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[32]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[33]  Ran Canetti,et al.  Efficient Password Authenticated Key Exchange via Oblivious Transfer , 2012, Public Key Cryptography.

[34]  John Daugman,et al.  How iris recognition works , 2002, IEEE Transactions on Circuits and Systems for Video Technology.

[35]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[36]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets , 2006, IEEE Transactions on Information Theory.

[37]  Ran Canetti,et al.  Obtaining Universally Compoable Security: Towards the Bare Bones of Trust , 2007, ASIACRYPT.

[38]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[39]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[40]  Yehuda Lindell Fast Cut-and-Choose-Based Protocols for Malicious and Covert Adversaries , 2015, Journal of Cryptology.

[41]  Arash Afshar,et al.  How to Efficiently Evaluate RAM Programs with Malicious Security , 2014, EUROCRYPT.

[42]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[43]  Vladimir Kolesnikov,et al.  Password Mistyping in Two-Factor-Authenticated Key Exchange , 2008, ICALP.

[44]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[45]  Jonathan Katz,et al.  Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation , 2017, CCS.

[46]  Ivan Damgård,et al.  Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions , 2015, EUROCRYPT.

[47]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[48]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[49]  Ron M. Roth,et al.  Introduction to Coding Theory , 2019, Discrete Mathematics.

[50]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[51]  Hae Young Noh,et al.  Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[52]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[53]  Yehuda Lindell,et al.  Cut-and-Choose Yao-Based Secure Computation in the Online/Offline and Batch Settings , 2014, CRYPTO.

[54]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[55]  Sophia Yakoubov,et al.  A Gentle Introduction to Yao ’ s Garbled Circuits , 2017 .

[56]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[57]  Srinivas Devadas,et al.  Secure and robust error correction for physical unclonable functions , 2010, IEEE Design & Test of Computers.

[58]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[59]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[60]  Yuan Zhou Introduction to Coding Theory , 2010 .

[61]  René Mayrhofer,et al.  Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices , 2009, IEEE Transactions on Mobile Computing.

[62]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[63]  Omer Paneth,et al.  Reusable Fuzzy Extractors for Low-Entropy Distributions , 2016, Journal of Cryptology.

[64]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[65]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[66]  David Pointcheval,et al.  Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework , 2008, CT-RSA.

[67]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[68]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[69]  Xiao Wang,et al.  Convoy: Physical Context Verification for Vehicle Platoon Admission , 2017, HotMobile.