Cryptology ePrint Archive: Report 2004/358

Reusable Cryptographic Fuzzy Extractors

Xavier Boyen

Abstract: We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret---a major shortcoming in the case of biometric applications. We propose two particularly stringent security models that specifically address the case of fuzzy secret reuse, respectively from an outsider and an insider perspective, in what we call a chosen perturbation attack. We characterize the conditions that fuzzy extractors need to satisfy to be secure, and present generic constructions from ordinary building blocks. As an illustration, we demonstrate how to use a biometric secret in a remote error tolerant authentication protocol that does not require any storage on the client's side.

Category / Keywords: foundations / error tolerant cryptography, identification protocols, biometrics

Publication Info: An extended abstract appears in ACM CCS 2004.

Date: received 14 Dec 2004, last revised 15 Dec 2004

Contact author: eprint at boyen org

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20041215:202217 (All versions of this report)

Discussion forum: Show discussion | Start new discussion