Designs, Codes and Cryptography

, Volume 38, Issue 2, pp 237–257 | Cite as

A Fuzzy Vault Scheme



We describe a simple and novel cryptographic construction that we refer to as a fuzzy vault. A player Alice may place a secret value κ in a fuzzy vault and “lock” it using a set A of elements from some public universe U. If Bob tries to “unlock” the vault using a set B of similar length, he obtains κ only if B is close to A, i.e., only if A and B overlap substantially. In constrast to previous constructions of this flavor, ours possesses the useful feature of order invariance, meaning that the ordering of A and B is immaterial to the functioning of the vault. As we show, our scheme enjoys provable security against a computationally unbounded attacker. Fuzzy vaults have potential application to the problem of protecting data in a number of real-world, error-prone environments. These include systems in which personal information serves to authenticate users for, e.g., the purposes of password recovery, and also to biometric authentication systems, in which readings are inherently noisy as a result of the refractory nature of image capture and processing.


authentication cryptography error-correting codes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Alabbadi and S. B. Wicker, A digital signature scheme based on linear error-correcting block codes. In Josef Pieprzyk and Reihanah Safavi-Naini (eds.), Asiacrypt ’94, Springer-Verlag (1994) LNCS no. 917, pp. 238–248.Google Scholar
  2. 2.
    Bennett, C. H., Bessette, F., Brassard, G., Savail, G., Smolin, J. 1992Experimental quantum cryptographyJ. Cryptol.5328CrossRefGoogle Scholar
  3. 3.
    C. H. Bennett, G. Brassard, C. Crépeau and M.-H. Skubiszewska, Practical quantum oblivious transfer protocols. In J. Feigenbaum (ed.), Crypto ’91, Springer-Verlag (1991). LNCS no. 576, pp. 351–366.Google Scholar
  4. 4.
    Berlekamp, E. R. 1968Algebraic Coding TheoryMcGraw HillNew YorkGoogle Scholar
  5. 5.
    D. Bleichenbacher and P. Nyuyen, Noisy polynomial interpolation and noisy chinese remaindering. In B. Preneel (ed.), Eurocrypt ’00, (2000) LNCS no. 1807, pp. 53–69.Google Scholar
  6. 6.
    V. Boyko, P. MacKenzie, and S. Patel, Provably secure password-authenticated key exchange using Diffie-Hellman. In B. Preneel (ed.), Eurocrypt ’00, Springer-Verlag (2000) LNCS no. 1807, pp. 156–171.Google Scholar
  7. 7.
    C. Crépeau, Efficient cryptographic protocols based on noisy channels. In W. Fumy (ed.), Eurocrypt ’97, Springer-Verlag, (1997) LNCS no. 1233, pp. 306–317.Google Scholar
  8. 8.
    C. Crépeau and J. Kilian, Achieving oblivious transfer using weakened security assumptions. In Proceedings of the 29th IEEE Symposium on the Foundations of Computer Science (1988), pp. 42–52.Google Scholar
  9. 9.
    G. I. Davida, Y. Frankel and B. J. Matt, On enabling secure applications through off-line biometric identification. In IEEE Symposium on Privacy and Security (1998).Google Scholar
  10. 10.
    G. I. Davida, Y. Frankel and B. J. Matt, On the relation of error correction and cryptography to an offline biometric based identification scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography (1999).Google Scholar
  11. 11.
    I. Dumer, D. Micciancio and M. Sudan. Hardness of approximating the minimum distance of a linear code. In Proceedings of the 40th Annual Symposium on Foundations of Computer Science (FOCS), (1999), pp. 475–484.Google Scholar
  12. 12.
    Ellison, C., Hall, C., Milbert, R., Schneier, B. 2000, FebruaryProtecting Secret Keys with Personal EntropyJ. Fut. Comput. Sys.16311318Google Scholar
  13. 13.
    Electronic Frontier Foundation, Cracking DES: Secrets of encryption research, wiretap politics & chip design. O’Reilly (1998).Google Scholar
  14. 14.
    N. Frykholm and A. Juels, An error-tolerant password recovery scheme. In P. Samarati (ed.), Eighth ACM Conference on Computer and Communications Security, ACM Press (2001) pp. 1–8.Google Scholar
  15. 15.
    V. Guruswami and M. Sudan, Improved decoding of Reed–Solomon and algebraic-geometric codes, In FOCS ’98, IEEE Computer Society (1998), pp. 28–39.Google Scholar
  16. 16.
    T. Jakobsen, Cryptanalysis of block ciphers with probabilistic non-linear relations of low degree, In H. Krawczyk (ed.), Crypto ’98, Springer-Verlag (1998) LNCS no. 1462, pp. 212–222.Google Scholar
  17. 17.
    M. Jakobsson and M. Yung, Proving with knowing: On oblivious, agnostic, and blindfolded provers, In N. Koblitz (ed.), Crypto ’96, Springer-Verlag (1996), LNCS no. 1109, pp. 186–200.Google Scholar
  18. 18.
    I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter and A. D. Rubin, The design and analysis of graphical passwords, In Proceedings of the 8th USENIX Security Symposium (1999), pp. 1–14.Google Scholar
  19. 19.
    A. Juels and M. Wattenberg, A fuzzy commitment scheme, In G. Tsudik, (ed), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 28–36.Google Scholar
  20. 20.
    A. Juels and M. Sudan, A fuzzy vault scheme, In International Symposium on Information Theory (ISIT), IEEE Pressm, (2002), p. 408.Google Scholar
  21. 21.
    Massey, J. L. 1969Shift register synthesis and BCH decodingIEEE Trans. Inform. Theory15122127CrossRefMATHMathSciNetGoogle Scholar
  22. 22.
    R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, Technical Report DSN progress report 42–44, Jet Propulsion Laboratory, Pasadena (1978).Google Scholar
  23. 23.
    F. Monrose, M. K. Reiter and S. Wetzel, Password hardening based on keystroke dynamics, In G. Tsudik (ed.), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 73–82.Google Scholar
  24. 24.
    T. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. In J. Feigenbaum (ed.), Crypto ’91, Springer-Verlag (1991), LNCS no. 576, pp. 129–140.Google Scholar
  25. 25.
    W. W. Peterson, Encoding and error-correction procedures for Bose-Chaudhuri codes, IEEE Trans. Inform. Theory, Vol. IT-60 (1960) pp. 459–470.Google Scholar
  26. 26.
    Schoenmakers, B., Boudot, F., Traoré, J. 2001, JulyA fair and efficient solution to the sociaset millionaires’ problemDiscrete Appl. Math.1112336MathSciNetGoogle Scholar
  27. 27.
    Shamir, A. 1979How to share a secretCommun. ACM22612613CrossRefMATHMathSciNetGoogle Scholar
  28. 28.
    C. Soutar, Biometric encryption for secure key generation, January 1998, Presentation at the 1998 RSA Data Security Conference.Google Scholar
  29. 29.
    C. Soutar and G. J. Tomko, Secure private key generation using a fingerprint, In CardTech/SecurTech Conference Proceedings, Vol. 1, (May 1996) pp. 245–252.Google Scholar
  30. 30.
    J. Stern, A new identification scheme based on syndrome decoding, In D.R. Stinson (ed.), Crypto ’93, Springer-Verlag (1993), LNCS no. 773, pp. 13–21.Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  1. 1.RSA LaboratoriesBedfordUSA
  2. 2.Massachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations