An Improved Robust Fuzzy Extractor
We consider the problem of building robust fuzzy extractors, which allow two parties holding similar random variables W, W′ to agree on a secret key R in the presence of an active adversary. Robust fuzzy extractors were defined by Dodis et al. in Crypto 2006 to be noninteractive, i.e., only one message P, which can be modified by an unbounded adversary, can pass from one party to the other. This allows them to be used by a single party at different points in time (e.g., for key recovery or biometric authentication), but also presents an additional challenge: what if R is used, and thus possibly observed by the adversary, before the adversary has a chance to modify P. Fuzzy extractors secure against such a strong attack are called post-application robust.
We construct a fuzzy extractor with post-application robustness that extracts a shared secret key of up to (2m − n)/2 bits (depending on error-tolerance and security parameters), where n is the bit-length and m is the entropy of W. The previously best known result, also of Dodis et al., extracted up to (2m − n)/3 bits (depending on the same parameters).
KeywordsHash Function Message Authentication Code Fuzzy Extractor Strong Extractor Adversarial Strategy
Unable to display preview. Download preview PDF.
- [BDK+05]Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)Google Scholar
- [DKRS08]Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. Manuscript (2008)Google Scholar
- [DS02]Dodis, Y., Spencer, J.: On the (non-)universality of the one-time pad. In: 43rd Annual Symposium on Foundations of Computer Science, pp. 376–385. IEEE, Los Alamitos (2002)Google Scholar
- [Mau93]Maurer, U.: Protocols for secret key agreement by public discussion based on common information. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 461–470. Springer, Heidelberg (1994)Google Scholar
- [Mau97]Maurer, U.: Information-theoretically secure secret-key agreement by NOT authenticated public discussion. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 209–225. Springer, Heidelberg (1997)Google Scholar
- [MS77]MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. North-Holland Elsevier Science (1977)Google Scholar
- [MW97]Maurer, U., Wolf, S.: Privacy amplification secure against active adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 307–321. Springer, Heidelberg (1997)Google Scholar
- [RW03]Renner, R., Wolf, S.: Unconditional authenticity and privacy from an arbitrarily weak secret. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 78–95. Springer, Heidelberg (2003)Google Scholar
- [RW04]Renner, R., Wolf, S.: The exact price for unconditionally secure asymmetric cryptography. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 109–125. Springer, Heidelberg (2004)Google Scholar
- [Wic08]Wichs, D.: Private Communication (2008)Google Scholar