Computational Fuzzy Extractors
Fuzzy extractors derive strong keys from noisy sources. Their security is defined information-theoretically, which limits the length of the derived key, sometimes making it too short to be useful. We ask whether it is possible to obtain longer keys by considering computational security, and show the following.
Negative Result: Noise tolerance in fuzzy extractors is usually achieved using an information reconciliation component called a “secure sketch.” The security of this component, which directly affects the length of the resulting key, is subject to lower bounds from coding theory. We show that, even when defined computationally, secure sketches are still subject to lower bounds from coding theory. Specifically, we consider two computational relaxations of the information-theoretic security requirement of secure sketches, using conditional HILL entropy and unpredictability entropy. For both cases we show that computational secure sketches cannot outperform the best information-theoretic secure sketches in the case of high-entropy Hamming metric sources.
Positive Result: We show that the negative result can be overcome by analyzing computational fuzzy extractors directly. Namely, we show how to build a computational fuzzy extractor whose output key length equals the entropy of the source (this is impossible in the information-theoretic setting). Our construction is based on the hardness of the Learning with Errors (LWE) problem, and is secure when the noisy source is uniform or symbol-fixing (that is, each dimension is either uniform or fixed). As part of the security proof, we show a result of independent interest, namely that the decision version of LWE is secure even when a small number of dimensions has no error.
KeywordsFuzzy extractors secure sketches key derivation Learning with Errors error-correcting codes computational entropy randomness extractors
Unable to display preview. Download preview PDF.
- 2.Applebaum, B., Ishai, Y., Kushilevitz, E.: On pseudorandom generators with linear stretch in NC 0. Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques, pp. 260–271 (2006)Google Scholar
- 4.Barak, B., Shaltiel, R., Wigderson, A.: Computational analogues of entropy. In: 11th International Conference on Random Structures and Algorithms, pp. 200–215 (2003)Google Scholar
- 8.Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Proceedings of the 45th Annual ACM Symposium on Symposium on Theory of Computing, pp. 575–584. ACM (2013)Google Scholar
- 9.Brostoff, S., Sasse, M.: Are passfaces more usable than passwords?: A field trial investigation. People and Computers, 405–424 (2000)Google Scholar
- 10.Castelluccia, C., Mutaf, P.: Shake them up!: A movement-based pairing protocol for CPU-constrained devices. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 51–64. ACM (2005)Google Scholar
- 12.Cover, T.M., Thomas, J.A.: Elements of information theory, 2nd edn. Wiley Interscience (2006)Google Scholar
- 18.Fuller, B., Meng, X., Reyzin, L.: Computational fuzzy extractors. Cryptology ePrint Archive (2013), http://eprint.iacr.org/2013/416
- 19.Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC, pp. 99–108. ACM, New York (2011)Google Scholar
- 20.Guruswami, V.: Introduction to coding theory - lecture 2: Gilbert-Varshamov bound. University Lecture (2010)Google Scholar
- 23.Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Sixth ACM Conference on Computer and Communication Security, pp. 28–36. ACM (November 1999)Google Scholar
- 28.Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences, 43–52 (1993)Google Scholar
- 31.Regev, O.: The learning with errors problem (invited survey). In: Annual IEEE Conference on Computational Complexity, pp. 191–204 (2010)Google Scholar
- 33.Shannon, C.E., Weaver, W., Blahut, R.E., Hajek, B.: The mathematical theory of communication, vol. 117. University of Illinois press Urbana (1949)Google Scholar
- 34.Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14. ACM (2007)Google Scholar
- 36.Vadhan, S.: Pseudorandomness. Foundations and Trends in Theoretical Computer Science. Now Publishers (2012)Google Scholar