Paper 2023/284

Robust and Reusable Fuzzy Extractors and their Application to Authentication from Iris Data

Somnath Panja, University of Calgary
Nikita Tripathi, University of Calgary
Shaoquan Jiang, University of Windsor
Reihaneh Safavi-Naini, University of Calgary

Fuzzy extractors (FE) are cryptographic primitives that establish a shared secret between two parties who have similar samples of a random source, and can communicate over a public channel. An example for this is that Alice has a stored biometric at a server and wants to have authenticated communication using a new reading of her biometric on her device. Reusability and robustness of FE, respectively, guarantee that security holds when FE is used with multiple samples, and the communication channel is tamperable. Fuzzy extractors have been studied in information theoretic and computational setting. Contributions of this paper are two-fold. First, we define a strongly robust and reusable FE that combines the strongest security requirements of FEs, and give three constructions. Construction 1 has computational security, and Constructions 2 and 3 provide information theoretic (IT) security, in our proposed model. Construction 1 provides a solution to the open question of Canetti et al. (Eurocrypt 2014), by achieving robustness and reusability (post-quantum) security in standard model for their construction. Constructions 2 and 3 offer a new approach to the construction of IT-secure FE. Construction 3 is the first robust and reusable FE with IT-security without assuming random oracle. Our robust FEs use a new IT-secure MAC with security against key-shift attack which is of independent interest. Our constructions are for structured sources which for Construction 1, matches Canetti et al.’s source. We then use our Construction 1 for biometric authentication using iris data. We use a widely used iris data set to find the system parameters of the construction for the data set, and implement it. We compare our implementation with an implementation of Canetti et al.’s reusable FE on the same data set, showing the cost of post-quantum security without using random oracle, and robustness in standard model.

Available format(s)
Cryptographic protocols
Publication info
Reusable and robust fuzzy extractorPost-quantum securityBiomertic authenticationIris authentication
Contact author(s)
somn math2007 @ gmail com
nikita tripathi @ ucalgary ca
shaoquan jiang @ gmail com
rei @ ucalgary ca
2023-02-27: approved
2023-02-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Somnath Panja and Nikita Tripathi and Shaoquan Jiang and Reihaneh Safavi-Naini},
      title = {Robust and Reusable Fuzzy Extractors and their Application to Authentication from Iris Data},
      howpublished = {Cryptology ePrint Archive, Paper 2023/284},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.