Paper 2023/284

Robust and Reusable Fuzzy Extractors and their Application to Authentication from Iris Data

Somnath Panja, University of Calgary
Nikita Tripathi, University of Calgary
Shaoquan Jiang, University of Windsor
Reihaneh Safavi-Naini, University of Calgary
Abstract

Fuzzy extractors (FE) are cryptographic primitives that establish a shared secret between two parties who have similar samples of a random source, and can communicate over a public channel. An example for this is that Alice has a stored biometric at a server and wants to have authenticated communication using a new reading of her biometric on her device. Reusability and robustness of FE, respectively, guarantee that security holds when FE is used with multiple samples, and the communication channel is tamperable. Fuzzy extractors have been studied in information theoretic and computational setting. Contributions of this paper are two-fold. First, we define a strongly robust and reusable FE that combines the strongest security requirements of FEs, and give three constructions. Construction 1 has computational security, and Constructions 2 and 3 provide information theoretic (IT) security, in our proposed model. Construction 1 provides a solution to the open question of Canetti et al. (Eurocrypt 2014), by achieving robustness and reusability (post-quantum) security in standard model for their construction. Constructions 2 and 3 offer a new approach to the construction of IT-secure FE. Construction 3 is the first robust and reusable FE with IT-security without assuming random oracle. Our robust FEs use a new IT-secure MAC with security against key-shift attack which is of independent interest. Our constructions are for structured sources which for Construction 1, matches Canetti et al.’s source. We then use our Construction 1 for biometric authentication using iris data. We use a widely used iris data set to find the system parameters of the construction for the data set, and implement it. We compare our implementation with an implementation of Canetti et al.’s reusable FE on the same data set, showing the cost of post-quantum security without using random oracle, and robustness in standard model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Reusable and robust fuzzy extractorPost-quantum securityBiomertic authenticationIris authentication
Contact author(s)
somn math2007 @ gmail com
nikita tripathi @ ucalgary ca
shaoquan jiang @ gmail com
rei @ ucalgary ca
History
2023-02-27: approved
2023-02-25: received
See all versions
Short URL
https://ia.cr/2023/284
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/284,
      author = {Somnath Panja and Nikita Tripathi and Shaoquan Jiang and Reihaneh Safavi-Naini},
      title = {Robust and Reusable Fuzzy Extractors and their Application to Authentication from Iris Data},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/284},
      year = {2023},
      url = {https://eprint.iacr.org/2023/284}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.