You are looking at a specific version 20170601:035542 of this paper. See the latest version.

Paper 2017/493

Robust Fuzzy Extractors and Helper Data Manipulation Attacks Revisited: Theory vs Practice

Georg T. Becker

Abstract

Fuzzy extractors have been proposed in 2004 by Dodis et al. as a secure way to generate cryptographic keys from noisy sources. Originally, biometrics were the main motivation for fuzzy extractors but in recent years their practical relevance stems mainly from their use in secure key generation based on Physical Unclonable Functions (PUFs). Fuzzy extractors are provably secure against passive attackers, i.e., attackers that can observe the helper data. A year later, robust fuzzy extractors were introduced which are also provably secure against an active attacker, i.e., attackers that can manipulate the helper data. Hence, the problem of how to build provably secure robust fuzzy extractors appears to have been solved a long time ago. However, in this paper we show that from a practical perspective the problem of building a provably secure fuzzy extractor is actually not solved yet. The originally proposed robust fuzzy extractors based on BCH codes either do not have the required error-correction rates for practical applications or violate the parameters in the security proof. Since no helper data manipulation attacks on linear codes are known which work in the robust fuzzy extractor construction, it might be tempting to simply ignore the parameters of the proof. However, we present new helper data manipulation attacks on several decoding strategies for linear codes which set a key as opposed to recovering the key. These new attacks show that helper data manipulation attacks are indeed feasible against such constructions if the parameters in the proof are ignored. Robust fuzzy extractors therefore need to be revisited by both engineers and cryptographers to solve the problem of building both provably secure as well as practical robust fuzzy extractors.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Fuzzy ExtractorPhysical Unclonable FunctionsImplementation Attacks
Contact author(s)
georg becker @ ruhr-uni-bochum de
History
2017-10-16: revised
2017-06-01: received
See all versions
Short URL
https://ia.cr/2017/493
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.