Practical Reusable Fuzzy Extractors for the Set Difference Metric and Adaptive Fuzzy Extractors
نویسندگان
چکیده
A fuzzy extractor (Dodis et al., Eurocrypt 2004) is a pair of procedures that turns a noisy secret into a uniformly distributed key R. To eliminate noise, the generation procedure takes as input an enrollment value ω and outputsR and a helper string P that enables further reproduction ofR from some close reading ω′. Boyen highlighted the need for reusable fuzzy extractors (CCS 2004) that remain secure even when numerous calls to the generation procedure are made on a user’s noisy secret. Boyen proved that any information-theoretically secure reusable fuzzy extractor is subject to strong limitations. In subsequent work, Simoens et al. (IEEE S&P, 2009) showed this is a practical vulnerability. Canetti et al. (Eurocrypt 2016) recently proposed moving to computational security and constructed a computationally secure reusable fuzzy extractor for the Hamming metric that corrects a sublinear fraction of errors. In this work, we propose a different and generic approach: the idea is to separate the reusability property from key recovery. We define a new primitive called a reusable pseudoentropic isometry that projects an input metric space in a distance and entropy preserving manner even if applied multiple times. Generation of multiple randomized secrets Ωs via a reusable pseudoentropic isometry does not reveal information about the original fuzzy secret ω and can be used to “decorrelate” noisy versions of ω. Given a reusable pseudoentropic isometric building a reusable fuzzy extractor is easy by 1) randomizing the noisy secret ω into Ω and 2) using a traditional fuzzy extractor to derive a secret key from Ω. To show the promise of our framework, we construct a reusable pseudoentropic isometry for the set difference metric using composable digital lockers (Canetti and Dakdouk, Eurocrypt 2008). This construction allows us to build the first reusable fuzzy extractor that corrects a linear fraction of errors. Lastly, we propose browser and device fingerprints as new authentication sources. These fingerprints are a list of features with entropy that undergo deeper variation over time than biometrics. However, they still enable user identification (Eckersley, PETS 2010). Extending reusable fuzzy extractors, we define adaptive fuzzy extractors to handle such sources. An adaptive fuzzy extractor enables recovery ofR from ω′ as long as ω′ has naturally drifted from ω. We construct adaptive fuzzy extractors from reusable fuzzy extractors.
منابع مشابه
Reusable Fuzzy Extractors for the Set Difference Metric and Adaptive Fuzzy Extractors
A Fuzzy Extractor (Dodis et al., Eurocrypt 2004) is a two-step protocol that turns a noisy secret into a uniformly distributed key R. To eliminate noise, the generation procedure takes as input an enrollment value ω and outputsR and a helper string P that enables further reproduction ofR from some close reading ω′. Boyen highlighted the need for reusable fuzzy extractors (CCS 2004) that remain ...
متن کاملKey Derivation From Noisy Sources With More Errors Than Entropy
Fuzzy extractors (Dodis et al., Eurocrypt 2004) convert repeated noisy readings of a high-entropy secret into the same uniformly distributed key. To eliminate noise, they require an initial enrollment phase that takes the first noisy reading of the secret and produces a nonsecret helper string to be used in subsequent readings. This helper string reduces the entropy of the original secret—in th...
متن کاملReusable Fuzzy Extractors via Digital Lockers
Fuzzy extractors (Dodis et al., Eurocrypt 2004) convert repeated noisy readings of a secret into the same uniformly distributed key. To eliminate noise, they require an initial enrollment phase that takes the first noisy reading of the secret and produces a nonsecret helper string to be used in subsequent readings. Reusable fuzzy extractors (Boyen, CCS 2004) remain secure even when this initial...
متن کاملReusable Fuzzy Extractors for Low-Entropy Distributions
Fuzzy extractors (Dodis et al., Eurocrypt 2004) convert repeated noisy readings of a secret into the same uniformly distributed key. To eliminate noise, they require an initial enrollment phase that takes the first noisy reading of the secret and produces a nonsecret helper string to be used in subsequent readings. Reusable fuzzy extractors (Boyen, CCS 2004) remain secure even when this initial...
متن کاملRobust Fuzzy Extractors and Helper Data Manipulation Attacks Revisited: Theory vs Practice
Fuzzy extractors have been proposed in 2004 by Dodis et al. as a secure way to generate cryptographic keys from noisy sources. In recent years, fuzzy extractors have become an important building block in hardware security due to their use in secure key generation based on Physical Unclonable Functions (PUFs). Fuzzy extractors are provably secure against passive attackers. A year later Boyen et ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016