Abstract
Fuzzy extractors convert noisy signals from the physical world into reliable cryptographic keys. Fuzzy min-entropy measures the limit of the length of key that a fuzzy extractor can derive from a distribution (Fuller et al. in IEEE Trans Inf Theory 66(8):5282–5298, 2020). In general, fuzzy min-entropy that is superlogarithmic in the security parameter is required for a noisy distribution to be suitable for key derivation. There is a wide gap between what is possible with respect to computational and information-theoretic adversaries. Under the assumption of general-purpose obfuscation, keys can be securely derived from all distributions with superlogarithmic entropy. Against information-theoretic adversaries, however, it is impossible to build a single fuzzy extractor that works for all distributions (Fuller et al. 2020). A weaker information-theoretic goal is building a fuzzy extractor for each probability distribution. This is the approach taken by Woodage et al. (in: Advances in Cryptology—CRYPTO, Springer, pp 682–710, 2017). Prior approaches use the full description of the probability mass function and are inefficient. We show this is inherent: for a quarter of distributions with fuzzy min-entropy and \(2^k\) points there is no secure fuzzy extractor that uses less \(2^{\Theta (k)}\) bits of information about the distribution. We show an analogous result with stronger parameters for information-theoretic secure sketches. Secure sketches are frequently used to construct fuzzy extractors.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Fuzzy extractors were first designed as an information-theoretic primitive because of strong connections to randomness extraction and coding theory. An important application is in quantum key agreement which does not allow computational assumptions. Many computational constructions use an information-theoretic secure sketch [35, 36]. (Exceptions exist such as the universal constructions listed above and constructions for distributions with statistical properties beyond fuzzy min-entropy [1, 2, 9, 16].)
Our result for secure sketches requires them to retain at least 5 bits of min-entropy about the input in comparison with [16] which required the sketch to maintain 3 bits of entropy.
As in Sect. 3.3 the additional constraint that \( \gamma \le \beta - \textsf{log}\!\left( 2e\right) \) imposes an additive \(\textsf{log}\!\left( 2e\right) \) impact on the maximal fuzzy min-entropy that can be supported.
References
Alamélou Q., Berthier P.-E., Cachet C., Cauchie S., Fuller B., Gaborit P., Simhadri S.: Pseudoentropic isometries: a new framework for fuzzy extractor reusability. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 673–684 (2018).
Apon D., Cho C., Eldefrawy K., Katz J.: Efficient, reusable fuzzy extractors from LWE. In: International Conference on Cyber Security Cryptography and Machine Learning, pp. 1–18. Springer (2017).
Ash R.B.: Information Theory, 1st edn Dover Publications, New York (1965).
Barak B., Bitansky N., Canetti R., Kalai Y.T., Paneth O., Sahai A.: Obfuscation for evasive functions. In: Theory of Cryptography Conference, pp. 26–51. Springer (2014).
Barak B., Dodis Y., Krawczyk H., Pereira O., Pietrzak K., Standaert F.-X., Yu Y.: Leftover hash lemma, revisited. In: Annual Cryptology Conference, pp. 1–20. Springer (2011).
Bennett C.H., Brassard G., Robert J.-M.: Privacy amplification by public discussion. SIAM J. Comput. 17(2), 210–229 (1988).
Bitansky N., Canetti R., Kalai Y.T., Paneth O.: On virtual grey box obfuscation for general circuits. In: Advances in Cryptology—CRYPTO 2014 (2014).
Bitansky N., Canetti R., Kalai Y.T., Paneth O.: On virtual grey box obfuscation for general circuits. Algorithmica 79(4), 1014–1051 (2017).
Canetti R., Fuller B., Paneth O., Reyzin L., Smith A.: Reusable fuzzy extractors for low-entropy distributions. J. Cryptol. 34(1), 1–33 (2021).
Carter J.L., Wegman M.N.: Universal classes of hash functions. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing, pp. 106–112 (1977).
Demarest L., Fuller B., Russell A.: Code offset in the exponent. In: 2nd Conference on Information-Theoretic Cryptography (2021).
Dodis Y., Ostrovsky R., Reyzin L., Smith A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008).
Fuller B., Peng L.: Continuous-source fuzzy extractors: source uncertainty and insecurity. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 2952–2956. IEEE (2019).
Fuller B., Reyzin L., Smith A.: When are fuzzy extractors possible? In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 277–306. Springer (2016).
Fuller B., Reyzin L., Smith A.: When are fuzzy extractors possible? IEEE Trans. Inf. Theory 66(8), 5282–5298 (2020).
Fuller B., Meng X., Reyzin L.: Computational fuzzy extractors. Inf. Comput. 275, 104602 (2020).
Galbraith S.D., Zobernig L.: Obfuscated fuzzy hamming distance and conjunctions from subset product problems. In: Theory of Cryptography Conference, pp. 81–110. Springer (2019).
Gentry C., Wichs D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the Forty-third Annual ACM Symposium on Theory of Computing, pp. 99–108 (2011).
Harper L.H.: Optimal numberings and isoperimetric problems on graphs. J. Comb. Theory 1(3), 385–393 (1966).
Håstad J., Impagliazzo R., Levin L.A., Luby M.: Construction of a pseudo-random generator from any one-way function. SIAM J. Comput. 28, 1364 (1993).
Hayashi M., Tyagi H., Watanabe S.: Secret key agreement: general capacity and second-order asymptotics. In: 2014 IEEE International Symposium on Information Theory, pp. 1136–1140. IEEE (2014).
Hayashi M., Tyagi H., Watanabe S.: Secret key agreement: general capacity and second-order asymptotics. IEEE Trans. Inf. Theory 62(7), 3796–3810 (2016).
Hiller M., Merli D., Stumpf F., Sigl G.: Complementary IBS: application specific error correction for PUFs. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6. IEEE (2012).
Li C.T., Anantharam V.: One-shot variable-length secret key agreement approaching mutual information. CoRR (2018). arXiv:1809.01793.
Maes R., Tuyls P., Verbauwhede I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Cryptographic Hardware and Embedded Systems—CHES 2009, pp. 332–347. Springer, Heidelberg (2009).
Maurer U.M., Wolf S.: Towards characterizing when information-theoretic secret key agreement is possible. In: Kim K., Matsumoto T. (eds.) Advances in Cryptology—ASIACRYPT ’96, International Conference on the Theory and Applications of Cryptology and Information Security, Kyongju, Korea, November 3–7, 1996, Proceedings. Lecture Notes in Computer Science, vol. 1163, pp. 196–209. Springer, Berlin (1996). https://doi.org/10.1007/BFb0034847
Maurer U.M.: Secret key agreement by public discussion from common information. IEEE Trans. Inf. Theory 39(3), 733–742 (1993). https://doi.org/10.1109/18.256484.
Nisan N., Zuckerman D.: Randomness is linear in space. J. Comput. Syst. Sci. 52, 43–52 (1993).
Renner R., Wolf S.: Simple and tight bounds for information reconciliation and privacy amplification. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 199–216. Springer (2005).
Reyzin L.: Some notions of entropy for cryptography: (invited talk). In: Information Theoretic Security: 5th International Conference, ICITS 2011, Amsterdam, The Netherlands, May 21–24, 2011. Proceedings 5, pp. 138–142. Springer (2011).
Simhadri S., Steel J., Fuller B.: Cryptographic authentication from the iris. In: International Conference on Information Security, pp. 465–485. Springer (2019).
Skoric B., Tuyls P.: An efficient fuzzy extractor for limited noise. Cryptology ePrint Archive (2009).
Tyagi H., Watanabe S.: Universal multiparty data exchange and secret key agreement. IEEE Trans. Inf. Theory 63(7), 4057–4074 (2017).
Tyagi H., Viswanath P., Watanabe S.: Interactive communication for data exchange. IEEE Trans. Inf. Theory 64(1), 26–37 (2018). https://doi.org/10.1109/TIT.2017.2769124.
Wen Y., Liu S., Gu D.: Generic constructions of robustly reusable fuzzy extractor. In: IACR International Workshop on Public Key Cryptography, pp. 349–378. Springer (2019).
Wen Y., Liu S.: Robustly reusable fuzzy extractor from standard assumptions. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 459–489. Springer (2018).
Woodage J., Chatterjee R., Dodis Y., Juels A., Ristenpart T.: A new distribution-sensitive secure sketch and popularity-proportional hashing. In: Advances in Cryptology—CRYPTO, pp. 682–710. Springer (2017).
Yu M.-D., Devadas S.: Secure and robust error correction for physical unclonable functions. IEEE Des. Test Comput. 27(1), 48–65 (2010).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The author thanks the reviewers for their helpful feedback and Luke Demarest and Alexander Russell for their helpful discussions. B.F. is supported by National Science Foundation Grants #2232813 and #2141033 and the Office of Naval Research. This manuscript has no associated data.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Fuller, B. Impossibility of efficient information-theoretic fuzzy extraction. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01376-z
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10623-024-01376-z