Paper 2004/358

Reusable Cryptographic Fuzzy Extractors

Xavier Boyen

Abstract

We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret---a major shortcoming in the case of biometric applications. We propose two particularly stringent security models that specifically address the case of fuzzy secret reuse, respectively from an outsider and an insider perspective, in what we call a chosen perturbation attack. We characterize the conditions that fuzzy extractors need to satisfy to be secure, and present generic constructions from ordinary building blocks. As an illustration, we demonstrate how to use a biometric secret in a remote error tolerant authentication protocol that does not require any storage on the client's side.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. An extended abstract appears in ACM CCS 2004.
Keywords
error tolerant cryptographyidentification protocolsbiometrics
Contact author(s)
eprint @ boyen org
History
2004-12-15: revised
2004-12-15: received
See all versions
Short URL
https://ia.cr/2004/358
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/358,
      author = {Xavier Boyen},
      title = {Reusable Cryptographic Fuzzy Extractors},
      howpublished = {Cryptology ePrint Archive, Paper 2004/358},
      year = {2004},
      note = {\url{https://eprint.iacr.org/2004/358}},
      url = {https://eprint.iacr.org/2004/358}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.