Abstract

We provide formal definitions and efficient secure techniques for turning noisy information into keys usable for any cryptographic application, and, in particular, reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is error-tolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.

MSC codes

  1. 68P25
  2. 68P30
  3. 68Q99
  4. 94A17
  5. 94A60
  6. 94B35
  7. 94B99

Keywords

  1. fuzzy extractors
  2. fuzzy fingerprints
  3. randomness extractors
  4. error-correcting codes
  5. biometric authentication
  6. error-tolerance
  7. nonuniformity
  8. password-based systems
  9. metric embeddings

Get full access to this article

View all available purchase options and get full access to this article.

References

1.
E. Agrell, A. Vardy, and K. Zeger, Upper bounds for constant-weight codes, IEEE Trans. Inform. Theory, 46 (2000), pp. 2373–2395.
2.
A. Andoni and R. Krauthgamer, The computational hardness of estimating edit distance, in IEEE Symposium on Foundations of Computer Science (FOCS), Providence, RI, 2007, pp. 724–734.
3.
C. Barral, J.-S. Coron, and D. Naccache, Externalized Fingerprint Matching, Tech. report 2004/021, Cryptology e-print archive, http://eprint.iacr.org, 2004.
4.
C. H. Bennett, G. Brassard, and J.-M. Robert, Privacy amplification by public discussion, SIAM J. Comput., 17 (1988), pp. 210–229.
5.
C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, Generalized privacy amplification, IEEE Trans. Inform. Theory, 41 (1995), pp. 1915–1923.
6.
C. H. Bennett, G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer, in Advances in Cryptology—CRYPTO '91, 1991, Lecture Notes in Comput. Sci. 576, J. Feigenbaum, ed., Springer-Verlag, New York, 1992, pp. 351–366.
7.
R. E. Blahut, Theory and Practice of Error Control Codes, Addison Wesley Longman, Reading, MA, 1983.
8.
X. Boyen, Reusable cryptographic fuzzy extractors, in Proceedings of the 11th ACM Conference on Computer and Communication Security, ACM, New York, 2004, pp. 82–91.
9.
X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, Secure remote authentication using biometric data, in Advances in Cryptology—EUROCRYPT 2005, Lecture Notes in Comput. Sci. 3494, R. Cramer, ed., Springer-Verlag, New York, 2005, pp. 147–163.
10.
A. Broder, On the resemblence and containment of documents, in Proceedings of Compression and Complexity of Sequences, IEEE Computer Society, Washington, DC, 1997, pp. 21–29.
11.
A. E. Brouwer, J. B. Shearer, N. J. A. Sloane, and W. D. Smith, A new table of constant weight codes, IEEE Trans. Inform. Theory, 36 (1990), pp. 1334–1380.
12.
J. L. Carter and M. N. Wegman, Universal classes of hash functions, J. Comput. System Sci., 18 (1979), pp. 143–154.
13.
E.-C. Chang, V. Fedyukovych, and Q. Li, Secure Sketch for Multi-Sets, Tech. report 2006/ 090, Cryptology e-print archive, http://eprint.iacr.org, 2006.
14.
E.-C. Chang and Q. Li, Hiding secret points amidst chaff, in Advances in Cryptology—EUROCRYPT 2006, Lecture Notes in Comput. Sci. 4004, S. Vaudenay, ed., Springer-Verlag, New York, 2006, pp. 59–72.
15.
V. Chauhan and A. Trachtenberg, Reconciliation puzzles, in Proceedings of IEEE Globecom, Dallas, TX, 2004. pp. 600–604.
16.
B. Chor and O. Goldreich, Unbiased bits from sources of weak randomness and probabilistic communication complexity, SIAM J. Comput., 17 (1988), pp. 230–261.
17.
G. Cohen and G. Zémor, Generalized coset schemes for the wire-tap channel: Application to biometrics, in Proceedings of the IEEE International Symposium on Information Theory, Chicago, IL, 2004, p. 46.
18.
C. Crépeau, Efficient cryptographic protocols based on noisy channels, in Advances in Cryptology—EUROCRYPT 97, 1997, Lecture Notes in Comput. Sci. 1233, W. Fumy, ed., Springer-Verlag, New York, pp. 306–317.
19.
L. Csirmaz and G. O. H. Katona, Geometrical cryptography, in Proceedings of the International Workshop on Coding and Cryptography, Versailles, France, 2003, pp. 578–599.
20.
G. I. Davida, Y. Frankel, B. J. Matt, and R. Peralta, On the relation of error correction and cryptography to an off line biometric based identification scheme, in Proceedings of the International Workshop on Coding and Cryptography, Paris, France, 1999; also available online from http://citeseer.ist.psu.edu/389295.html and http://www.cs.yale.edu/homes/peralta/papers/iris.ps.
21.
Y. Z. Ding, Error correction in the bounded storage model, in Theory of Cryptology, Lecture Notes in Comput. Sci. 3378, Springer-Verlag, Berlin, 2005, pp. 578–599.
22.
Y. Z. Ding, P. Gopalan, and R. J. Lipton, Error Correction against Computationally Bounded Adversaries, manuscript, 2004.
23.
Y. Dodis, J. Katz, L. Reyzin, and A. Smith, Robust fuzzy extractors and authenticated key agreement from close secrets, in Advances in Cryptology—CRYPTO 2006, Lecture Notes in Comput. Sci. 4117, C. Dwork, ed., Springer-Verlag, Berlin, 2006, pp. 232–250.
24.
Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, Tech. report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006.
25.
Y. Dodis, L. Reyzin, and A. Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, in Advances in Cryptology—EUROCRYPT 2004, Lecture Notes in Comput. Sci. 3027, C. Cachin and J. Camenisch, eds., Springer-Verlag, Berlin, 2004, pp. 523–540.
26.
Y. Dodis, L. Reyzin, and A. Smith, Fuzzy extractors, in Security with Noisy Data, Springer-Verlag, Berlin, 2007, pp. 79–100.
27.
Y. Dodis and A. Smith, Correcting errors without leaking partial information, in Proceedings of the ACM Symposium on Theory of Computing, H. N. Gabow and R. Fagin, eds., ACM, New York, 2005, pp. 654–663.
28.
C. Ellison, C. Hall, R. Milbert, and B. Schneier, Protecting keys with personal entropy, Future Generation Computer Systems, 16 (2000), pp. 311–318.
29.
G. D. Forney, Concatenated Codes, Ph.D. thesis, MIT, Cambridge, MA, 1966.
30.
N. Frykholm, Passwords: Beyond the Terminal Interaction Model, Master's thesis, Umeå University, Umeå, Sweden, 2000.
31.
N. Frykholm and A. Juels, Error-tolerant password recovery, in Proceedings of the 8th ACM Conference on Computer and Communication Security, ACM, New York, 2001, pp. 1–8.
32.
V. Guruswami, List Decoding of Error-Correcting Codes, Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, 2001.
33.
V. Guruswami, List decoding with side information, in Proceedings of the IEEE Conference on Computational Complexity, IEEE Computer Society, Washington, DC, 2003, p. 300.
34.
V. Guruswami and A. Rudra, Explicit capacity-achieving list-decodable codes, in Proceedings of the ACM Symposium on Theory of Computing, J. M. Kleinberg, ed., ACM, New York, 2006, pp. 1–10.
35.
V. Guruswami and M. Sudan, List decoding algorithms for certain concatenated codes, in Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, Portland, OR, 2000, pp. 181–190.
36.
K. Harmon, S. Johnson, and L. Reyzin, An Implementation of Syndrome Encoding and Decoding for Binary BCH Codes, Secure Sketches and Fuzzy Extractors, available at http:// www.cs.bu.edu/$\!_{^{\sim}}\!$reyzin/code/fuzzy.html (2006).
37.
J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby, A pseudorandom generator from any one-way function, SIAM J. Comput., 28 (1999), pp. 1364–1396.
38.
A. Juels and M. Sudan, A fuzzy vault scheme, Des. Codes Cryptogr., 38 (2006), pp. 237–257.
39.
A. Juels and M. Wattenberg, A fuzzy commitment scheme, in Proceedings of the 6th ACM Conference on Computer and Communication Security, ACM, New York, 1999, pp. 28–36.
40.
E. Kaltofen and V. Shoup, Subquadratic-time factoring of polynomials over finite fields, in Proceedings of the 27th Annual ACM Symposium on the Theory of Computing, Las Vegas, NV, 1995, pp. 398–406.
41.
A. A. Karatsuba and Y. Ofman, Multiplication of multidigit numbers on automata, Soviet Physics Doklady, 7 (1963), pp. 595–596.
42.
J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure applications of low-entropy keys, in ISW, Lecture Notes in Comput. Sci. 1396, E. Okamoto, G. I. Davida, and M. Mambo, eds., Springer-Verlag, Berlin, 1997, pp. 121–134.
43.
M. Langberg, Private codes or succinct random codes that are (almost) perfect, in Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS'04), IEEE Computer Society, Washington, DC, 2004, pp. 325–334.
44.
Q. Li, Y. Sutcu, and N. Memon, Secure sketch for biometric templates, in Advances in Cryptology—ASIACRYPT 2006, Lecture Notes in Comput. Sci. 4284, Springer-Verlag, Berlin, 2006, pp. 99–113.
45.
J.-P. M. G. Linnartz, and P. Tuyls, New shielding functions to enhance privacy and prevent misuse of biometric templates, in AVBPA 2003, Lecture Notes in Comput. Sci. 2688, Springer-Verlag, Berlin, 2003, pp. 393–402.
46.
R. J. Lipton, A new approach to information theory, in STACS, Lecture Notes in Comput. Sci. 775, P. Enjalbert, E. W. Mayr, and K. W. Wagner, eds., Springer-Verlag, Berlin, 1994, pp. 699–708.
47.
U. Maurer, Secret key agreement by public discussion from common information, IEEE Trans. Inform. Theory, 39 (1993), pp. 733–742.
48.
S. Micali, C. Peikert, M. Sudan, and D. Wilson, Optimal error correction against computationally bounded noise, in Theory of Cryptology, Lecture Notes in Comput. Sci. 3378, Springer-Verlag, Berlin, 2005, pp. 1–16.
49.
Y. Minsky, The SKS OpenPGP Key Server, Version $1.0.5$, http://www.nongnu.org/sks (March, 2004).
50.
Y. Minsky and A. Trachtenberg, Scalable set reconciliation, in 40th Annual Allerton Conference on Communication, Control and Computing, Monticello, IL, 2002, pp. 1607–1616.
51.
Y. Minsky, A. Trachtenberg, and R. Zippel, Set reconciliation with nearly optimal communication complexity, IEEE Trans. Inform. Theory, 49 (2003), pp. 2213–2218.
52.
F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel, Cryptographic key generation from voice, in Proceedings of the IEEE Symposium on Security and Privacy, M. Abadi and R. Needham, eds., IEEE Computer Society, Washington, DC, 2001, pp. 202–213.
53.
F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel, Using voice to generate cryptographic keys, in A Speaker Odyssey: The Speaker Recognition Workshop, Crete, Greece, 2001, pp. 237–242.
54.
F. Monrose, M. K. Reiter, and S. Wetzel, Password hardening based on keystroke dynamics, in Proceedings of the 6th ACM Conference on Computer and Communication Security, ACM, New York, 1999, pp. 73–82.
55.
R. Morris and K. Thomson, Password security: A case history, Communications of the ACM, 22 (1979), pp. 594–597.
56.
N. Nisan and D. Zuckerman, Randomness is linear in space, J. Comput. System Sci., 52 (1996), pp. 43–53.
57.
R. Ostrovsky and Y. Rabani, Low distortion embeddings for edit distance, in Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, 2005, pp. 218–224.
58.
F. Parvaresh and A. Vardy, Correcting errors beyond the Guruswami-Sudan radius in polynomial time, in Proceedings of the IEEE International Symposium on Foundations of Computer Science, IEEE Computer Society, Washington, DC, 2005, pp. 285–294.
59.
J. Radhakrishnan and A. Ta-Shma, Bounds for dispersers, extractors, and depth-two superconcentrators, SIAM J. Discrete Math., 13 (2000), pp. 2–24.
60.
R. Renner and S. Wolf, Smooth Rényi entropy and applications, in Proceedings of the IEEE International Symposium on Information Theory, Chicago, IL, 2004, p. 233.
61.
R. Renner and S. Wolf, Simple and tight bounds for information reconciliation and privacy amplification, in Advances in Cryptology—ASIACRYPT 2005, Lecture Notes in Comput. Sci. 3788, B. Roy, ed., Springer-Verlag, Berlin, 2005, pp. 199–216.
62.
L. Reyzin, Entropy Loss is Maximal for Uniform Inputs, Tech. report BUCS-TR-2007-011, CS Department, Boston University, Boston, MA, 2007; available online from http://www.cs.bu.edu/techreports/.
63.
R. Shaltiel, Recent developments in explicit constructions of extractors, Bull. EATCS, 77 (2002), pp. 67–95.
64.
C. E. Shannon, A mathematical theory of communication, Bell System Technical Journal, 27 (1948), pp. 379–423, 623–656.
65.
V. Shoup, A Proposal for an ISO Standard for Public Key Encryption, http:// eprint.iacr.org/2001/112 (2001).
66.
V. Shoup, A Computational Introduction to Number Theory and Algebra, Cambridge University Press, Cambridge, UK, 2005; available online from http://shoup.net.
67.
A. Smith, Scrambling adversarial errors using few random bits, in ACM–SIAM Symposium on Discrete Algorithms (SODA), H. Gabow, ed., ACM, New York, SIAM, Philadelphia, 2007.
68.
D. Starobinski, A. Trachtenberg, and S. Agarwal, Efficient PDA synchronization, IEEE Trans. Mobile Computing, 2 (2003), pp. 40–51.
69.
M. Sudan, Lecture Notes for an Algorithmic Introduction to Coding Theory, course taught at MIT, Cambridge, MA, 2001.
70.
Y. Sugiyama, M. Kasahara, S. Hirasawa, and T. Namekawa, A method for solving key equation for decoding Goppa codes, Inform. and Control, 27 (1975), pp. 87–99.
71.
P. Tuyls and J. Goseling, Capacity and examples of template-protecting biometric authentication systems, in ECCV Workshop BioAW, Lecture Notes in Comput. Sci. 3087, D. Maltoni and A. K. Jain, eds., Springer-Verlag, Berlin, 2004, pp. 158–170.
72.
J. H. van Lint, Introduction to Coding Theory, Springer-Verlag, Berlin, 1992.
73.
E. Verbitskiy, P. Tuyls, D. Denteneer, and J.-P. Linnartz, Reliable biometric authentication with privacy protection, in Proceedings of the 24th Benelux Symposium on Information Theory, Society for Information Theory, The Benelux, 2003.
74.
J. von zur Gathen and J. Gerhard, Modern Computer Algebra, Cambridge University Press, Cambridge, UK, 2003.
75.
M. N. Wegman and J. L. Carter, New hash functions and their use in authentication and set equality, J. Comput. System Sci., 22 (1981), pp. 265–279.

Information & Authors

Information

Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 97 - 139
ISSN (online): 1095-7111

History

Submitted: 2 February 2006
Accepted: 21 September 2007
Published online: 28 March 2008

MSC codes

  1. 68P25
  2. 68P30
  3. 68Q99
  4. 94A17
  5. 94A60
  6. 94B35
  7. 94B99

Keywords

  1. fuzzy extractors
  2. fuzzy fingerprints
  3. randomness extractors
  4. error-correcting codes
  5. biometric authentication
  6. error-tolerance
  7. nonuniformity
  8. password-based systems
  9. metric embeddings

Authors

Affiliations

Metrics & Citations

Metrics

Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By

View Options

View options

PDF

View PDF

Media

Figures

Other

Tables

Share

Share

Copy the content Link

Share with email

Email a colleague

Share on social media