Strongly Robust Fuzzy Extractors

Fuzzy extractors are used to generate reliably reproducible randomness from a biased, noisy source. Known constructions of fuzzy extractors are built from a strong extractor, and a secure sketch, a function that transforms a biased noisy secret value into a public value, simultaneously hiding the secret and allowing for error correction. A robust sketch is secure against adversarial modification: no adversary can make a new valid sketch of a secret after seeing one valid sketch of that secret. Prior constructions of robust sketches are proven secure against an unbounded adversary that sees one and only one valid sketch of a secret. In this paper we examine the notion of strong robustness, that is, robustness even when the adversary receives multiple sketches of related secrets. Strong robustness can be used to prove that a fuzzy extractor is secure in a fully adaptive setting (called “insider security” by Boyen [3]). We demonstrate that previous secure sketches are not strongly robust, and give a proof of impossibility which demonstrates that sketches cannot be strongly robust against an unbounded adversary, for any reasonable set of perturbations. We then give two constructions of sketches that are strongly robust against a computationally bounded adversary. The first construction is proven secure assuming the existence of an xor related-key secure MAC in the CRS model, while the second construction is proven in the random oracle model. We show that our constructions can be adapted in the natural way into a strongly robust fuzzy extractor, and we demonstrate that these strongly robust fuzzy extractors are insider secure. It remains an open problem [3] to find a fuzzy extractor that is insider secure against an unbounded adversary, but our impossibility result implies that one cannot achieve such an extractor via robustness.