A Fuzzy Vault Scheme

We describe a simple and novel cryptographic construction that we refer to as a fuzzy vault. A player Alice may place a secret value κ in a fuzzy vault and “lock” it using a set A of elements from some public universe U. If Bob tries to “unlock” the vault using a set B of similar length, he obtains κ only if B is close to A, i.e., only if A and B overlap substantially. In constrast to previous constructions of this flavor, ours possesses the useful feature of order invariance, meaning that the ordering of A and B is immaterial to the functioning of the vault. As we show, our scheme enjoys provable security against a computationally unbounded attacker. Fuzzy vaults have potential application to the problem of protecting data in a number of real-world, error-prone environments. These include systems in which personal information serves to authenticate users for, e.g., the purposes of password recovery, and also to biometric authentication systems, in which readings are inherently noisy as a result of the refractory nature of image capture and processing.

[1]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[2]  Yair Frankel,et al.  On enabling secure applications through off-line biometric identification , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[3]  Gilles Brassard,et al.  Experimental Quantum Cryptography , 1990, EUROCRYPT.

[4]  Stephen B. Wicker,et al.  A Digital Signature Scheme Based on Linear Error-correcting Block Codes , 1994, ASIACRYPT.

[5]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[6]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[7]  Jacques Traoré,et al.  A fair and efficient solution to the socialist millionaires' problem , 2001, Discret. Appl. Math..

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Madhu Sudan,et al.  Hardness of approximating the minimum distance of a linear code , 1999, IEEE Trans. Inf. Theory.

[10]  W. W. Peterson,et al.  Encoding and error-correction procedures for the Bose-Chaudhuri codes , 1960, IRE Trans. Inf. Theory.

[11]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[12]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[13]  Muhammad Nadzir Marsono,et al.  A fuzzy vault scheme , 2002 .

[14]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[15]  Yair Frankel,et al.  On the Relation of Error Correction and Cryptography to an Off Line Biometric Based Identification S , 1999 .

[16]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[17]  Phong Q. Nguyen,et al.  Noisy Polynomial Interpolation and Noisy Chinese Remaindering , 2000, EUROCRYPT.

[18]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[19]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[20]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[21]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[22]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[23]  Ari Juels,et al.  Error-tolerant password recovery , 2001, CCS '01.

[24]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[25]  Markus Jakobsson,et al.  Proving Without Knowing: On Oblivious, Agnostic and Blindolded Provers , 1996, CRYPTO.

[26]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[27]  Thomas Jakobson,et al.  Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree , 1998, CRYPTO.

[28]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[29]  Gilles Brassard,et al.  Quantum Cryptography , 2005, Encyclopedia of Cryptography and Security.

[30]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.