Paper 2012/608

On the (Non-)Reusability of Fuzzy Sketches and Extractors and Security Improvements in the Computational Setting

Marina Blanton and Mehrdad Aliasgari

Abstract

Secure sketches and fuzzy extractors enable the use of biometric data in cryptographic applications by correcting errors in noisy biometric readings and producing cryptographic materials suitable for authentication, encryption, and other purposes. Such constructions work by producing a public sketch, which is later used to reproduce the original biometric and all derived information exactly from a noisy biometric reading. It has been previously shown that release of multiple sketches associated with a single biometric presents security problems for certain constructions. We continue the analysis to demonstrate that all other constructions in the literature are also prone to similar problems and cannot be safely reused. To mitigate the problem, we propose for each user to store one short secret string for all possible uses of her biometric, and show that simple constructions in the computational setting have numerous advantageous security and usability properties under standard hardness assumptions. Our constructions are generic in that they can be used with any existing secure sketch as a black box.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. extended and corrected version of SECRYPT'11 paper
Contact author(s)
mblanton @ nd edu
History
2012-10-30: last of 2 revisions
2012-10-29: received
See all versions
Short URL
https://ia.cr/2012/608
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/608,
      author = {Marina Blanton and Mehrdad Aliasgari},
      title = {On the (Non-)Reusability of Fuzzy Sketches and Extractors and Security Improvements in the Computational Setting},
      howpublished = {Cryptology ePrint Archive, Paper 2012/608},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/608}},
      url = {https://eprint.iacr.org/2012/608}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.