Fuzzy extractors: How to generate strong keys from biometrics and other noisy data

SIAM Journal on Computing

Volumn 38, Issue 1, 2008, Pages 97-139

  Dodis, Yevgeniy ^a   Ostrovsky, Rafail ^b   Reyzin, Leonid ^c   Smith, Adam ^d  

^a POLYTECHNIC UNIVERSITY   (United States)

^b University of California   (United States)

^c BOSTON UNIVERSITY   (United States)

^d The Pennsylvania State University   (United States)

Author keywords

Biometric authentication; Error correcting codes; Error tolerance; Fuzzy extractors; Fuzzy fingerprints; Metric embed dings; Nonuniformity; Password based systems; Randomness extractors

Indexed keywords

BIOMETRIC AUTHENTICATION; FUZZY EXTRACTORS; FUZZY FINGERPRINTS; METRIC EMBED-DINGS; NONUNIFORMITY; PASSWORD-BASED SYSTEMS; RANDOMNESS EXTRACTORS;

ARTIFICIAL INTELLIGENCE; HAMMING DISTANCE; INFORMATION THEORY; KEYS (FOR LOCKS);

BIOMETRICS;

EID: 52149117439     PISSN: 00975397     EISSN: None     Source Type: Journal    
DOI: 10.1137/060651380     Document Type: Article

References (75)

1. E. AGRELL, A. VARDY, AND K. ZEGER, Upper bounds for constant-weight codes, IEEE Trans. Inform. Theory, 46 (2000), pp. 2373-2395.
2. A. ANDONI AND R. KRAUTHGAMER, The computational hardness of estimating edit distance, in IEEE Symposium on Foundations of Computer Science (FOCS), Providence, RI, 2007, pp. 724-734.
3. C. BARRAL, J.-S. CORON, AND D. NACCACHE, Externalized Fingerprint Matching, Tech. report 2004/021, Cryptology e-print archive, http://eprint.iacr.org, 2004.
4. C. H. BENNETT, G. BRASSARD, AND J.-M. ROBERT, Privacy amplification by public discussion, SIAM J. Comput., 17 (1988), pp. 210-229.
5. C. H. BENNETT, G. BRASSARD, C. CRÉPEAU, AND U. M. MAURER, Generalized privacy amplification, IEEE Trans. Inform. Theory, 41 (1995), pp. 1915-1923.
6. C. H. BENNETT, G. BRASSARD, C. CRÉPEAU, AND M.-H. SKUBISZEWSKA, Practical quantum oblivious transfer, in Advances in Cryptology-CRYPTO '91, 1991, Lecture Notes in Comput. Sci. 576, J. Feigenbaum, ed., Springer-Verlag, New York, 1992, pp. 351-366.
7. R. E. BLAHUT, Theory and Practice of Error Control Codes, Addison Wesley Longman, Reading, MA, 19S3.
8. X. BOYEN, Reusable cryptographic fuzzy extractors, in Proceedings of the 11th ACM Conference on Computer and Communication Security, ACM, New York, 2004, pp. 82-91.
9. X. BOYEN, Y. DODIS, J. KATZ, R. OSTROVSKY, AND A. SMITH, Secure remote authentication using biometric data, in Advances in Cryptology-EUROCRYPT 2005, Lecture Notes in Comput. Sci. 3494, R. Cramer, ed., Springer-Verlag, New York, 2005, pp. 147-163.
10. A. BRODER, On the resemblence and containment of documents, in Proceedings of Compression and Complexity of Sequences, IEEE Computer Society, Washington, DC, 1997, pp. 21-29.
11. A. E. BROUWER, J. B. SHEARER, N. J. A. SLOANE, AND W. D. SMITH, A new table of constant weight codes, IEEE Trans. Inform. Theory, 36 (1990), pp. 1334-1380.
12. J. L. CARTER AND M. N. WEGMAN, Universal classes of hash functions, J. Comput. System Sci., 18 (1979), pp. 143-154.
13. E.-C. CHANG, V. FEDYUKOVYCH, AND Q. LI, Secure Sketch for Multi-Sets, Tech. report 2006/090, Cryptology e-print archive, http://eprint.iacr.org, 2006.
14. E.-C. CHANG AND Q. LI, Hiding secret points amidst chaff, in Advances in Cryptology-EUROCRYPT 2006, Lecture Notes in Comput. Sci. 4004, S. Vaudenay, ed., Springer Verlag, New York, 2006, pp. 59-72.
15. V. CHAUHAN AND A. TRACHTENBERG, Reconciliation puzzles, in Proceedings of IEEE Globe-com, Dallas, TX, 2004. pp. 600-604.
16. B. CHOR AND O. GOLDREICH, Unbiased bits from sources of weak randomness and probabilistic communication complexity, SIAM J. Comput., 17 (1988), pp. 230-261.
17. G. COHEN AND G. ZÉMOR, Generalized coset schemes for the wire-tap channel: Application to biometrics, in Proceedings of the IEEE International Symposium on Information Theory, Chicago, IL, 2004, p. 46.
18. C. CRÉPEAU, Efficient cryptographic protocols based on noisy channels, in Advances in Cryptology-EUROCRYPT 97, 1997, Lecture Notes in Comput. Sci. 1233, W. Fumy, ed., Springer-Verlag, New York, pp. 306-317.
19. L. CSIRMAZ AND G. O. H. KATONA, Geometrical cryptography, in Proceedings of the International Workshop on Coding and Cryptography, Versailles, France, 2003, pp. 578-599.
20. G. I. DAVIDA, Y. FRANKEL, B. J. MATT, AND R. PERALTA, On the relation of error correction and cryptography to an off line biometric based identification scheme, in Proceedings of the International Workshop on Coding and Cryptography, Paris, France, 1999; also available online from http://citeseer.ist.psu.edu/389295.html and http://www.cs.yale.edu/homes/peralta/papers/iris.ps.
21. Y. Z. DING, Error correction in the bounded storage model, in Theory of Cryptology, Lecture Notes in Comput. Sci. 3378, Springer-Verlag, Berlin, 2005, pp. 578-599.
22. Y. Z. DING, P. GOPALAN, AND R. J. LIPTON, Error Correction against Computationally Bounded Adversaries, manuscript, 2004.
23. Y. DODIS, J. KATZ, L. REYZIN, AND A. SMITH, Robust fuzzy extractors and authenticated key agreement from close secrets, in Advances in Cryptology-CRYPTO 2006, Lecture Notes in Comput. Sci. 4117, C. Dwork, ed., Springer-Verlag, Berlin, 2006, pp. 232-250.
24. Y. DODIS, R. OSTROVSKY, L. REYZIN, AND A. SMITH, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, Tech. report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006.
25. Y. DODIS, L. REYZIN, AND A. SMITH, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, in Advances in Cryptology-EUROCRYPT 2004, Lecture Notes in Comput. Sci. 3027, C. Cachin and J. Camenisch, eds., Springer-Verlag, Berlin, 2004, pp. 523-540.
26. Y. DODIS, L. REYZIN, AND A. SMITH, Fuzzy extractors, in Security with Noisy Data, Springer-Verlag, Berlin, 2007, pp. 79-100.
27. Y. DODIS AND A. SMITH, Correcting errors without leaking partial information, in Proceedings of the ACM Symposium on Theory of Computing, H. N. Gabow and R. Fagin, eds., ACM, New York, 2005, pp. 654-663.
28. C. ELLISON, C. HALL, R. MILBERT, AND B. SCHNEIER, Protecting keys with personal entropy, Future Generation Computer Systems, 16 (2000), pp. 311-318.
29. G. D. FORNEY, Concatenated Codes, Ph.D. thesis, MIT, Cambridge, MA, 1966.
30. N. FRYKHOLM, Passwords: Beyond the Terminal Interaction Model, Master's thesis, Umeå University, Umeå, Sweden, 2000.
31. N. FRYKHOLM AND A. JUELS, Error-tolerant password recovery, in Proceedings of the 8th ACM Conference on Computer and Communication Security, ACM, New York, 2001, pp. 1-8.
32. V. GURUSWAMI, List Decoding of Error-Correcting Codes, Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, 2001.
33. V. GURUSWAMI, List decoding with side information, in Proceedings of the IEEE Conference on Computational Complexity, IEEE Computer Society, Washington, DC, 2003, p. 300.
34. V. GURUSWAMI AND A. RUDRA, Explicit capacity-achieving list-decodable codes, in Proceedings of the ACM Symposium on Theory of Computing, J. M. Kleinberg, ed., ACM, New York, 2006, pp. 1-10.
35. V. GURUSWAMI AND M. SUDAN, List decoding algorithms for certain concatenated codes, in Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, Portland, OR, 2000, pp. 181-190.
36. K. HARMON, S. JOHNSON, AND L. REYZIN, An Implementation of Syndrome Encoding and Decoding for Binary BCH Codes, Secure Sketches and Fuzzy Extractors, available at http://www.cs.bu.edu/ ̃reyzin/code/fuzzy.html (2006).
37. J. HÅSTAD, R. IMPAGLIAZZO, L. A. LEVIN, AND M. LUBY, A pseudorandom generator from any one-way function, SIAM J. Comput., 28 (1999), pp. 1364-1396.
38. A. JUELS AND M. SUDAN, A fuzzy vault scheme, Des. Codes Cryptogr., 38 (2006), pp. 237-257.
39. A. JUELS AND M. WATTENBERG, A fuzzy commitment scheme, in Proceedings of the 6th ACM Conference on Computer and Communication Security, ACM, New York, 1999, pp. 28-36.
40. E. KALTOFEN AND V. SHOUP, Subquadratic-time factoring of polynomials over finite fields, in Proceedings of the 27th Annual ACM Symposium on the Theory of Computing, Las Vegas, NV, 1995, pp. 398-406.
41. A. A. KARATSUBA AND Y. OFMAN, Multiplication of multidigit numbers on automata, Soviet Physics Doklady, 7 (1963), pp. 595-596.
42. J. KELSEY, B. SCHNEIER, C. HALL, AND D. WAGNER, Secure applications of low-entropy keys, in ISW, Lecture Notes in Comput. Sci. 1396, E. Okamoto, G. I. Davida, and M. Mambo, eds., Springer-Verlag, Berlin, 1997, pp. 121-134.
43. M. LANGBERG, Private codes or succinct random codes that are (almost) perfect, in Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS'04), IEEE Computer Society, Washington, DC, 2004, pp. 325-334.
44. Q. LI, Y. SUTCU, AND N. MEMON, Secure sketch for biometric templates, in Advances in Cryptology-ASIACRYPT 2006, Lecture Notes in Comput. Sci. 4284, Springer-Verlag, Berlin, 2006, pp. 99-113.
45. J.-P. M. G. LINNARTZ, AND P. TUYLS, New shielding functions to enhance privacy and prevent misuse of biometric templates, in AVBPA 2003, Lecture Notes in Comput. Sci. 2688, Springer-Verlag, Berlin, 2003, pp. 393-402.
46. R. J. LIPTON, A new approach to information theory, in STAGS, Lecture Notes in Comput. Sci. 775, P. Enjalbert, E. W. Mayr, and K. W. Wagner, eds., Springer-Verlag, Berlin, 1994, pp. 699-708.
47. U. MAURER, Secret key agreement by public discussion from common information, IEEE Trans. Inform. Theory, 39 (1993), pp. 733-742.
48. S. MICALI, C. PEIKERT, M. SUDAN, AND D. WILSON, Optimal error correction against computationally bounded noise, in Theory of Cryptology, Lecture Notes in Comput. Sci. 3378, Springer-Verlag, Berlin, 2005, pp. 1-16.
49. Y. MINSKY, The SKS OpenPGP Key Server, Version 1.0.5, http://www.nongnu.org/sks (March, 2004).
50. Y. MINSKY AND A. TRACHTENBERG, Scalable set reconciliation, in 40th Annual Allerton Conference on Communication, Control and Computing, Monticello, IL, 2002, pp. 1607-1616.
51. Y. MINSKY, A. TRACHTENBERG, AND R. ZIPPEL, Set reconciliation with nearly optimal communication complexity, IEEE Trans. Inform. Theory, 49 (2003), pp. 2213-2218.
52. F. MONROSE, M. K. REITER, Q. LI, AND S. WETZEL, Cryptographic key generation from voice, in Proceedings of the IEEE Symposium on Security and Privacy. M. Abadi and R. Needham, eds., IEEE Computer Society, Washington, DC, 2001, pp. 202-213.
53. F. MONROSE, M. K. REITER, Q. LI, AND S. WETZEL, Using voice to generate cryptographic keys, in A Speaker Odyssey: The Speaker Recognition Workshop, Crete, Greece, 2001, pp. 237-242.
54. F. MONROSE, M. K. REITER, AND S. WETZEL, Password hardening based on keystroke dynamics, in Proceedings of the 6th ACM Conference on Computer and Communication Security, ACM, New York, 1999, pp. 73-82.
55. R. MORRIS AND K. THOMSON, Password security: A case history, Communications of the ACM, 22 (1979), pp. 594-597.
56. N. NISAN AND D. ZUCKERMAN, Randomness is linear in space, J. Comput. System Sci., 52 (1996), pp. 43-53.
57. R. OSTROVSKY AND Y. RABANI, LOW distortion embeddings for edit distance, in Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, 2005, pp. 218-224.
58. F. PARVARESH AND A. VARDY, Correcting errors beyond the Guruswami-Sudan radius in polynomial time, in Proceedings of the IEEE International Symposium on Foundations of Computer Science, IEEE Computer Society, Washington, DC, 2005, pp. 285-294.
59. J. RADHAKRISHNAN AND A. TA-SHMA, Bounds for dispersers, extractors, and depth-two super-concentrators, SIAM J. Discrete Math., 13 (2000), pp. 2-24.
60. R. RENNER AND S. WOLF, Smooth Rényi entropy and applications, in Proceedings of the IEEE International Symposium on Information Theory, Chicago, IL, 2004, p. 233.
61. R. RENNER AND S. WOLF, Simple and tight bounds for information reconciliation and privacy amplification, in Advances in Cryptology - ACRYPT 2005, Lecture Notes in Comput. Sci. 3788, B. Roy, ed., Springer-Verlag, Berlin, 2005, pp. 199-216.
62. L. REYZIN, Entropy Loss is Maximal for Uniform Inputs, Tech. report BUCS-TR-2007-011, CS Department, Boston University, Boston, MA, 2007; available online horn http://www.cs.bu.edu/techreports/.
63. R. SHALTIEL, Recent developments in explicit constructions of extractors, Bull. EATCS, 77 (2002), pp 67-95.
64. C. E. SHANNON, A mathematical theory of communication, Bell System Technical Journal, 27 (1948), pp. 379-423, 623-656.
65. V. SHOUP, A Proposal for an ISO Standard for Public Key Encryption, http:// eprint.iacr.org/2001/112 (2001).
66. V. SHOUP, A Computational Introduction to Number Theory and Algebra, Cambridge University Press, Cambridge, UK, 2005; available online from http://shoup.net.
67. A. SMITH, Scrambling adversarial errors using few random bits, in ACM-SIAM Symposium on Discrete Algorithms (SODA), H. Gabow, ed., ACM, New York, SIAM, Philadelphia, 2007.
68. D. STAROBINSKI, A. TRACHTENBERG, AND S. AGARWAL, Efficient PDA synchronization, IEEE Trans. Mobile Computing, 2 (2003), pp. 40-51.
69. M. SUDAN, Lecture Notes for an Algorithmic Introduction to Coding Theory, course taught at MIT, Cambridge, MA, 2001.
70. Y. SUGIYAMA, M. KASAHARA, S. HIRASAWA, AND T. NAMEKAWA, A method for solving key equation for decoding Goppa codes, Inform. and Control, 27 (1975), pp. 87-99.
71. P. TUYLS AND J. GOSELING, Capacity and examples of template-protecting biometric authentication systems, in ECCV Workshop BioAW, Lecture Notes in Comput. Sci. 3087, D. Maltoni and A. K. Jain, eds., Springer-Verlag, Berlin, 2004, pp. 158-170.
72. J. H. VAN LINT, Introduction to Coding Theory, Springer-Verlag, Berlin, 1992.
73. E. VERBITSKIY, P. TUYLS, D. DENTENEER, AND J.-P. LINNARTZ, Reliable biometric authentication with privacy protection, in Proceedings of the 24th Benelux Symposium on Information Theory, Society for Information Theory, The Benelux, 2003.
74. J. VON ZUR GATHEN AND J. GERHARD, Modern Computer Algebra, Cambridge University Press, Cambridge, UK, 2003.
75. M. N. WEGMAN AND J. L. CARTER, New hash functions and their use in authentication and set equality, J. Comput. System Sci., 22 (1981), pp. 265-279.