Code Offset in the Exponent

Fuzzy extractors derive stable keys from noisy sources. They are a fundamental tool for key derivation from biometric sources. This work introduces a new construction, code offset in the exponent. This construction is the first reusable fuzzy extractor that simultaneously supports structured, low entropy distributions with correlated symbols and confidence information. These properties are specifically motivated by the most pertinent applications – key derivation from biometrics and physical unclonable functions – which typically demonstrate low entropy with additional statistical correlations and benefit from extractors that can leverage confidence information for efficiency. Code offset in the exponent is a group encoding of the code offset construction (Juels and Wattenberg, CCS 1999). A random codeword of a linear error-correcting code is used as a one-time pad for a sampled value from the noisy source. Rather than encoding this directly, code offset in the exponent encodes by exponentiation of a generator in a cryptographically strong group. We introduce and characterize a condition on noisy sources that directly translates to security of our construction in the generic group model. Our condition requires the inner product between the source distribution and all vectors in the null space of the code to be unpredictable. 2012 ACM Subject Classification Security and privacy→ Information-theoretic techniques; Security and privacy → Biometrics

[1]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[2]  Dawu Gu,et al.  Efficient Fuzzy Extraction of PUF-Induced Secrets: Theory and Applications , 2016, CHES.

[3]  Sebastian Gajek,et al.  Learning with Errors in the Exponent , 2015, ICISC.

[4]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[5]  Leonid Reyzin,et al.  Computational Fuzzy Extractors , 2013, ASIACRYPT.

[6]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[7]  Jonathan Katz,et al.  Efficient, Reusable Fuzzy Extractors from LWE , 2017, CSCML.

[8]  Robert L. Mercer,et al.  An Estimate of an Upper Bound for the Entropy of English , 1992, CL.

[9]  Yevgeniy Dodis,et al.  A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing , 2017, CRYPTO.

[10]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[11]  Aaron D. Wyner,et al.  Prediction and Entropy of Printed English , 1993 .

[12]  Yunhua Wen,et al.  Robustly Reusable Fuzzy Extractor from Standard Assumptions , 2018, IACR Cryptol. ePrint Arch..

[13]  O. Regev The Learning with Errors problem , 2010 .

[14]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[15]  Hoeteck Wee,et al.  Obfuscating simple functionalities from knowledge assumptions , 2019, IACR Cryptol. ePrint Arch..

[16]  Chris Peikert,et al.  Hardness of SIS and LWE with Small Parameters , 2013, CRYPTO.

[17]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[18]  Nico Döttling,et al.  Lossy Codes and a New Variant of the Learning-With-Errors Problem , 2013, EUROCRYPT.

[19]  F. Moore,et al.  Polynomial Codes Over Certain Finite Fields , 2017 .

[20]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[21]  James Steel,et al.  Cryptographic Authentication from the Iris , 2019, ISC.

[22]  Srinivas Devadas,et al.  Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions , 2017, IEEE Transactions on Dependable and Secure Computing.

[23]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[24]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[25]  Yael Tauman Kalai,et al.  On Symmetric Encryption and Point Obfuscation , 2010, TCC.

[26]  Benjamin Fuller,et al.  Continuous-Source Fuzzy Extractors: Source uncertainty and insecurity , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[27]  Srinivas Devadas,et al.  FPGA Implementation of a Cryptographically-Secure PUF Based on Learning Parity with Noise , 2017, Cryptogr..

[28]  Omer Paneth,et al.  Reusable Fuzzy Extractors for Low-Entropy Distributions , 2016, Journal of Cryptology.

[29]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[30]  Galyna Livshyts,et al.  Distribution of the Minimum Distance of Random Linear Codes , 2020, 2020 IEEE International Symposium on Information Theory (ISIT).

[31]  Dawu Gu,et al.  Generic Constructions of Robustly Reusable Fuzzy Extractor , 2019, IACR Cryptol. ePrint Arch..

[32]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[33]  Oded Goldreich,et al.  Collision-Free Hashing from Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[34]  Claude E. Shannon,et al.  Prediction and Entropy of Printed English , 1951 .

[35]  M. Montemurro,et al.  Universal Entropy of Word Ordering Across Linguistic Families , 2011, PloS one.

[36]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[37]  Zvika Brakerski,et al.  Hardness of LWE on General Entropic Distributions , 2020, IACR Cryptol. ePrint Arch..

[38]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[39]  Mark Zhandry,et al.  New Techniques for Obfuscating Conjunctions , 2019, IACR Cryptol. ePrint Arch..

[40]  Chris Peikert On Error Correction in the Exponent , 2005, IACR Cryptol. ePrint Arch..

[41]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[42]  Allison Bishop,et al.  A Simple Obfuscation Scheme for Pattern-Matching with Wildcards , 2018, IACR Cryptol. ePrint Arch..

[43]  Leonid Reyzin,et al.  When Are Fuzzy Extractors Possible? , 2016, IEEE Transactions on Information Theory.

[44]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[45]  Steven D. Galbraith,et al.  Obfuscated Fuzzy Hamming Distance and Conjunctions from Subset Product Problems , 2019, IACR Cryptol. ePrint Arch..

[46]  Yael Tauman Kalai,et al.  On Virtual Grey Box Obfuscation for General Circuits , 2017, Algorithmica.

[47]  Ran Canetti,et al.  Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[48]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[49]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[50]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[51]  Peter Elias,et al.  List decoding for noisy channels , 1957 .

[52]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[53]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[54]  Dennis Hofheinz,et al.  On Instantiating the Algebraic Group Model from Falsifiable Assumptions , 2020, IACR Cryptol. ePrint Arch..

[55]  James Steel,et al.  Reusable Authentication from the Iris , 2017, IACR Cryptol. ePrint Arch..