• PDF / 580,613 Bytes
• 30 Pages / 439.37 x 666.142 pts Page_size
• 7 Downloads / 166 Views

DOWNLOAD

REPORT

3

University of Connecticut, Storrs, CT, USA [email protected] 2 Boston University, Boston, MA, USA [email protected] Pennsylvania State University, University Park, PA, USA [email protected]

Abstract. Fuzzy extractors (Dodis et al., Eurocrypt 2004) convert repeated noisy readings of a high-entropy secret into the same uniformly distributed key. A minimum condition for the security of the key is the hardness of guessing a value that is similar to the secret, because the fuzzy extractor converts such a guess to the key. We define fuzzy min-entropy to quantify this property of a noisy source of secrets. Fuzzy min-entropy measures the success of the adversary when provided with only the functionality of the fuzzy extractor, that is, the ideal security possible from a noisy distribution. High fuzzy min-entropy is necessary for the existence of a fuzzy extractor. We ask: is high fuzzy min-entropy a sufficient condition for key extraction from noisy sources? If only computational security is required, recent progress on program obfuscation gives evidence that fuzzy minentropy is indeed sufficient. In contrast, information-theoretic fuzzy extractors are not known for many practically relevant sources of high fuzzy min-entropy. In this paper, we show that fuzzy min-entropy is sufficient for information theoretically secure fuzzy extraction. For every source distribution W for which security is possible we give a secure fuzzy extractor. Our construction relies on the fuzzy extractor knowing the precise distribution of the source W . A more ambitious goal is to design a single extractor that works for all possible sources. Our second main result is that this more ambitious goal is impossible: we give a family of sources with high fuzzy min-entropy for which no single fuzzy extractor is secure. We show three flavors of this impossibility result: for standard fuzzy extractors, for fuzzy extractors that are allowed to sometimes be wrong, and for secure sketches, which are the main ingredient of most fuzzy extractor constructions. Keywords: Fuzzy extractors · Secure sketches · Information theory · Biometric authentication · Error-tolerance · Key derivation · Error-correcting codes

c International Association for Cryptologic Research 2016  J.H. Cheon and T. Takagi (Eds.): ASIACRYPT 2016, Part I, LNCS 10031, pp. 277–306, 2016. DOI: 10.1007/978-3-662-53887-6 10

278

1

B. Fuller et al.

Introduction

Sources of reproducible secret random bits are necessary for many cryptographic applications. In many situations these bits are not explicitly stored for future use, but are obtained by repeating the same process (such as reading a biometric or a physically unclonable function) that generated them the first time. However, bits obtained this way present a problem: noise [4,8,12,14,19,30,31,33,37,39,43]. That is, when a secret is read multiple times, readings are close (according to some metric) but not identical. To utilize such sources, it is often necessary to remove noise, in order to derive the same value in subsequent readings

Recommend Documents

Reusable Fuzzy Extractors for Low-Entropy Distributions

153 73 443KB

Question Answering When Knowledge Bases are Incomplete

174 67 23MB

Hypothesis Testing when Data Sources are Uncertain

168 59 1MB

When histones are under glucose starvation

153 31 168KB

When to start antiretroviral therapy: as soon as possible

151 84 256KB

Sparse Representations Are Most Likely to Be the Sparsest Possible

139 55 516KB

When Family Businesses are Best The Parallel Planning Process fo

146 24 2MB

When Not All Bits Are Equal: Worth-Based Information Flow

191 71 6MB

When and How to Evaluate the Child with Possible Cerebral Palsy

136 102 96MB

Blockwise p-Tampering Attacks on Cryptographic Primitives, Extractors, and Learners

158 67 523KB

Where are the turtles when they are not? Underwater refuges used by Hydromedusa tectifera COPE, 1869 in a suburban strea

125 95 1MB

Are comparisons of mental disorders between Chinese and German students possible? An examination of measurement invarian

172 34 648KB