A Fuzzy Vault Scheme
 Ari Juels,
 Madhu Sudan
 … show all 2 hide
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Get AccessAbstract
We describe a simple and novel cryptographic construction that we refer to as a fuzzy vault. A player Alice may place a secret value κ in a fuzzy vault and “lock” it using a set A of elements from some public universe U. If Bob tries to “unlock” the vault using a set B of similar length, he obtains κ only if B is close to A, i.e., only if A and B overlap substantially. In constrast to previous constructions of this flavor, ours possesses the useful feature of order invariance, meaning that the ordering of A and B is immaterial to the functioning of the vault. As we show, our scheme enjoys provable security against a computationally unbounded attacker. Fuzzy vaults have potential application to the problem of protecting data in a number of realworld, errorprone environments. These include systems in which personal information serves to authenticate users for, e.g., the purposes of password recovery, and also to biometric authentication systems, in which readings are inherently noisy as a result of the refractory nature of image capture and processing.
 M. Alabbadi and S. B. Wicker, A digital signature scheme based on linear errorcorrecting block codes. In Josef Pieprzyk and Reihanah SafaviNaini (eds.), Asiacrypt ’94, SpringerVerlag (1994) LNCS no. 917, pp. 238–248.
 Bennett, C. H., Bessette, F., Brassard, G., Savail, G., Smolin, J. (1992) Experimental quantum cryptography. J. Cryptol. 5: pp. 328 CrossRef
 C. H. Bennett, G. Brassard, C. Crépeau and M.H. Skubiszewska, Practical quantum oblivious transfer protocols. In J. Feigenbaum (ed.), Crypto ’91, SpringerVerlag (1991). LNCS no. 576, pp. 351–366.
 Berlekamp, E. R. (1968) Algebraic Coding Theory. McGraw Hill, New York
 D. Bleichenbacher and P. Nyuyen, Noisy polynomial interpolation and noisy chinese remaindering. In B. Preneel (ed.), Eurocrypt ’00, (2000) LNCS no. 1807, pp. 53–69.
 V. Boyko, P. MacKenzie, and S. Patel, Provably secure passwordauthenticated key exchange using DiffieHellman. In B. Preneel (ed.), Eurocrypt ’00, SpringerVerlag (2000) LNCS no. 1807, pp. 156–171.
 C. Crépeau, Efficient cryptographic protocols based on noisy channels. In W. Fumy (ed.), Eurocrypt ’97, SpringerVerlag, (1997) LNCS no. 1233, pp. 306–317.
 C. Crépeau and J. Kilian, Achieving oblivious transfer using weakened security assumptions. In Proceedings of the 29th IEEE Symposium on the Foundations of Computer Science (1988), pp. 42–52.
 G. I. Davida, Y. Frankel and B. J. Matt, On enabling secure applications through offline biometric identification. In IEEE Symposium on Privacy and Security (1998).
 G. I. Davida, Y. Frankel and B. J. Matt, On the relation of error correction and cryptography to an offline biometric based identification scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography (1999).
 I. Dumer, D. Micciancio and M. Sudan. Hardness of approximating the minimum distance of a linear code. In Proceedings of the 40th Annual Symposium on Foundations of Computer Science (FOCS), (1999), pp. 475–484.
 Ellison, C., Hall, C., Milbert, R., Schneier, B. (2000, February) Protecting Secret Keys with Personal Entropy. J. Fut. Comput. Sys. 16: pp. 311318
 Electronic Frontier Foundation, Cracking DES: Secrets of encryption research, wiretap politics & chip design. O’Reilly (1998).
 N. Frykholm and A. Juels, An errortolerant password recovery scheme. In P. Samarati (ed.), Eighth ACM Conference on Computer and Communications Security, ACM Press (2001) pp. 1–8.
 V. Guruswami and M. Sudan, Improved decoding of Reed–Solomon and algebraicgeometric codes, In FOCS ’98, IEEE Computer Society (1998), pp. 28–39.
 T. Jakobsen, Cryptanalysis of block ciphers with probabilistic nonlinear relations of low degree, In H. Krawczyk (ed.), Crypto ’98, SpringerVerlag (1998) LNCS no. 1462, pp. 212–222.
 M. Jakobsson and M. Yung, Proving with knowing: On oblivious, agnostic, and blindfolded provers, In N. Koblitz (ed.), Crypto ’96, SpringerVerlag (1996), LNCS no. 1109, pp. 186–200.
 I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter and A. D. Rubin, The design and analysis of graphical passwords, In Proceedings of the 8th USENIX Security Symposium (1999), pp. 1–14.
 A. Juels and M. Wattenberg, A fuzzy commitment scheme, In G. Tsudik, (ed), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 28–36.
 A. Juels and M. Sudan, A fuzzy vault scheme, In International Symposium on Information Theory (ISIT), IEEE Pressm, (2002), p. 408.
 Massey, J. L. (1969) Shift register synthesis and BCH decoding. IEEE Trans. Inform. Theory 15: pp. 122127 CrossRef
 R. J. McEliece, A publickey cryptosystem based on algebraic coding theory, Technical Report DSN progress report 42–44, Jet Propulsion Laboratory, Pasadena (1978).
 F. Monrose, M. K. Reiter and S. Wetzel, Password hardening based on keystroke dynamics, In G. Tsudik (ed.), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 73–82.
 T. Pedersen, Noninteractive and informationtheoretic secure verifiable secret sharing. In J. Feigenbaum (ed.), Crypto ’91, SpringerVerlag (1991), LNCS no. 576, pp. 129–140.
 W. W. Peterson, Encoding and errorcorrection procedures for BoseChaudhuri codes, IEEE Trans. Inform. Theory, Vol. IT60 (1960) pp. 459–470.
 Schoenmakers, B., Boudot, F., Traoré, J. (2001, July) A fair and efficient solution to the sociaset millionaires’ problem. Discrete Appl. Math. 111: pp. 2336
 Shamir, A. (1979) How to share a secret. Commun. ACM 22: pp. 612613 CrossRef
 C. Soutar, Biometric encryption for secure key generation, January 1998, Presentation at the 1998 RSA Data Security Conference.
 C. Soutar and G. J. Tomko, Secure private key generation using a fingerprint, In CardTech/SecurTech Conference Proceedings, Vol. 1, (May 1996) pp. 245–252.
 J. Stern, A new identification scheme based on syndrome decoding, In D.R. Stinson (ed.), Crypto ’93, SpringerVerlag (1993), LNCS no. 773, pp. 13–21.
 Title
 A Fuzzy Vault Scheme
 Journal

Designs, Codes and Cryptography
Volume 38, Issue 2 , pp 237257
 Cover Date
 20060201
 DOI
 10.1007/s106230056343z
 Print ISSN
 09251022
 Online ISSN
 15737586
 Publisher
 Kluwer Academic Publishers
 Additional Links
 Topics
 Keywords

 authentication
 cryptography
 errorcorreting codes
 Industry Sectors
 Authors

 Ari Juels ^{(1)}
 Madhu Sudan ^{(2)}
 Author Affiliations

 1. RSA Laboratories, 174 Middlesex Turnpike, Bedford, MA, 01730, USA
 2. Massachusetts Institute of Technology, 32 Vassar street, Cambridge, MA, 02139, USA