Computational Fuzzy Extractors

  • Benjamin Fuller
  • Xianrui Meng
  • Leonid Reyzin
Conference paper

DOI: 10.1007/978-3-642-42033-7_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8269)
Cite this paper as:
Fuller B., Meng X., Reyzin L. (2013) Computational Fuzzy Extractors. In: Sako K., Sarkar P. (eds) Advances in Cryptology - ASIACRYPT 2013. ASIACRYPT 2013. Lecture Notes in Computer Science, vol 8269. Springer, Berlin, Heidelberg

Abstract

Fuzzy extractors derive strong keys from noisy sources. Their security is defined information-theoretically, which limits the length of the derived key, sometimes making it too short to be useful. We ask whether it is possible to obtain longer keys by considering computational security, and show the following.

  • Negative Result: Noise tolerance in fuzzy extractors is usually achieved using an information reconciliation component called a “secure sketch.” The security of this component, which directly affects the length of the resulting key, is subject to lower bounds from coding theory. We show that, even when defined computationally, secure sketches are still subject to lower bounds from coding theory. Specifically, we consider two computational relaxations of the information-theoretic security requirement of secure sketches, using conditional HILL entropy and unpredictability entropy. For both cases we show that computational secure sketches cannot outperform the best information-theoretic secure sketches in the case of high-entropy Hamming metric sources.

  • Positive Result: We show that the negative result can be overcome by analyzing computational fuzzy extractors directly. Namely, we show how to build a computational fuzzy extractor whose output key length equals the entropy of the source (this is impossible in the information-theoretic setting). Our construction is based on the hardness of the Learning with Errors (LWE) problem, and is secure when the noisy source is uniform or symbol-fixing (that is, each dimension is either uniform or fixed). As part of the security proof, we show a result of independent interest, namely that the decision version of LWE is secure even when a small number of dimensions has no error.

Keywords

Fuzzy extractors secure sketches key derivation Learning with Errors error-correcting codes computational entropy randomness extractors 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Benjamin Fuller
    • 1
    • 2
  • Xianrui Meng
    • 1
    • 2
  • Leonid Reyzin
    • 1
    • 2
  1. 1.Boston UniversityUSA
  2. 2.MIT Lincoln LaboratoryUSA

Personalised recommendations