Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Robust and Reusable Fuzzy Extractors for Low-entropy Rate Randomness Sources

Somnath Panja, Shaoquan Jiang, Reihaneh Safavi-Naini

TL;DR

The paper tackles extracting stable cryptographic keys from low-entropy, noisy sources using information-theoretic fuzzy extractors (FEs), formalizing strong reusability and robustness through the srrFE notion. It introduces two constructions for structured $(\alpha,m,N)$-sources: Construction 1 delivers a reusable FE, and Construction 2 achieves IT-secure, strongly robust, reusable FE without relying on random oracles by employing a CRS and an IT-secure MAC. The core advancement is the first IT-secure strongly robust and reusable FE in the standard model for structured sources, enabling robustness against active tampering while supporting multiple uses of the same source. This work has practical implications for biometric/key-derivation pipelines by enabling secure reuse across multiple enrollments without RO assumptions, while maintaining computational efficiency.

Abstract

Fuzzy extractors (FE) are cryptographic primitives that extract reliable cryptographic key from noisy real world random sources such as biometric sources. The FE generation algorithm takes a source sample, extracts a key and generates some helper data that will be used by the reproduction algorithm to recover the key. Reusability of FE guarantees that security holds when FE is used multiple times with the same source, and robustness of FE requires tampering with the helper data be detectable. In this paper, we consider information theoretic FEs, define a strong notion of reusability, and propose strongly robust and reusable FEs (srrFE) that provides the strongest combined notion of reusability and robustness for FEs. We give two constructions, one for reusable FEs and one for srrFE with information theoretic (IT) security for structured sources. The constructions are for structured sources and use sample-then-lock approach. We discuss each construction and show their unique properties in relation to existing work. Construction 2 is the first robust and reusable FE with IT-security without assuming random oracle. The robustness is achieved by using an IT-secure MAC with security against key-shift attack, which can be of independent interest.

Robust and Reusable Fuzzy Extractors for Low-entropy Rate Randomness Sources

TL;DR

The paper tackles extracting stable cryptographic keys from low-entropy, noisy sources using information-theoretic fuzzy extractors (FEs), formalizing strong reusability and robustness through the srrFE notion. It introduces two constructions for structured -sources: Construction 1 delivers a reusable FE, and Construction 2 achieves IT-secure, strongly robust, reusable FE without relying on random oracles by employing a CRS and an IT-secure MAC. The core advancement is the first IT-secure strongly robust and reusable FE in the standard model for structured sources, enabling robustness against active tampering while supporting multiple uses of the same source. This work has practical implications for biometric/key-derivation pipelines by enabling secure reuse across multiple enrollments without RO assumptions, while maintaining computational efficiency.

Abstract

Fuzzy extractors (FE) are cryptographic primitives that extract reliable cryptographic key from noisy real world random sources such as biometric sources. The FE generation algorithm takes a source sample, extracts a key and generates some helper data that will be used by the reproduction algorithm to recover the key. Reusability of FE guarantees that security holds when FE is used multiple times with the same source, and robustness of FE requires tampering with the helper data be detectable. In this paper, we consider information theoretic FEs, define a strong notion of reusability, and propose strongly robust and reusable FEs (srrFE) that provides the strongest combined notion of reusability and robustness for FEs. We give two constructions, one for reusable FEs and one for srrFE with information theoretic (IT) security for structured sources. The constructions are for structured sources and use sample-then-lock approach. We discuss each construction and show their unique properties in relation to existing work. Construction 2 is the first robust and reusable FE with IT-security without assuming random oracle. The robustness is achieved by using an IT-secure MAC with security against key-shift attack, which can be of independent interest.
Paper Structure (15 sections, 8 theorems, 19 equations, 4 figures, 1 table, 1 algorithm)

This paper contains 15 sections, 8 theorems, 19 equations, 4 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Our work
  3. Related work
  4. Background and Definitions
  5. Fuzzy extractors
  6. Construction \ref{['const1']} & \ref{['const2:cca']}: IT-secure fuzzy extractor for structured sources
  7. A strongly robust and reusable FE
  8. Concluding remarks
  9. Message Authentication Code
  10. Security proof of the MAC
  11. Proof of Theorem \ref{['THM:FUZZYEXTOTCONST1']}
  12. Proof of Theorem \ref{['THM:FUZZYEXTOTCONST2']}
  13. Robustness Proof for Theorem \ref{['THM:FUZZYEXTOTCONST2']}
  14. Proofs of Basic Results in Section \ref{['construction:const1']}
  15. Figure for construction \ref{['const2:cca']}

Key Result

Lemma 1

Let $h: \mathcal{X} \times \mathcal{S} \rightarrow \{0,1\}^{\ell}$ be a universal hash family. Then for any two random variables $A \in \mathcal{X}$ and $B \in \mathcal{Y}$, applying $h$ on $A$ can extract a uniform random variable with length $\ell$ satisfying: $\Delta(h(A, S), S, B; U_\ell, S, B)\

Figures (4)

  • Figure 1: Security experiments for reusability (LHS) and robustness (RHS) for rFE and srrFE, respectively.
  • Figure 2: Construction \ref{['const1']}. $\ell, t, \lambda, \xi, n, m, L$ are public parameters. The randomness $Z$ is shared through an authenticated channel. $(\rho)_{i\cdots j}$ denotes the substring starting at bit $i$ and ending at bit $j$ of $\rho.$ In line $(i)$ of $Gen(W)$, $A_i \xleftarrow{\$} [n]$ denotes choosing $A_i=\{i_i,\cdots,i_m\}, i_j \xleftarrow{\$} [n], \forall j \in [1,m]$.
  • Figure 3: srrFE $Gen$ and $Rep$ algorithms. $\ell, t, \lambda, \xi, n, m, L$ are system public parameters. $E$ is an average $(m, \alpha, \nu, \epsilon)-$extractor. The subsets $A_i$ and $Z$ are obtained from CRS. $Eval(\cdot)$ is defined in Algorithm \ref{['alg:compufuzzygeneration11']}.
  • Figure 4: High level diagram of fuzzy extractor construction \ref{['const2:cca']}. Both $Gen(W)$ and $Rep(W')$ procedure are split into two parts. \ref{['fig:gen1']}: The first part of $Gen(W)$. This part iterates $\ell$ times. \ref{['fig:gen2']}: The second part of $Gen(W)$. This step is executed after completion of $\ell$ iterations of \ref{['fig:gen1']}. \ref{['fig:rep1']}: The First part of $Rep(W')$. This step is executed at most $\ell$ times until one match $(T'_i==0^t)$ is found. \ref{['fig:rep2']}: The second part of $Rep(W')$. This part is executed after one match in \ref{['fig:rep1']}. If verification of $(T'==T)$ fails, the algorithm continues from the part \ref{['fig:rep1']} again. The upper line of each extractor represents higher order $\xi+2\lambda$ bits of its output i.e. $(E(.))_{t+1...\nu}$. The lower line of each extractor represents lower order $t$ bits of its output i.e. $(E(.))_{1...t}$. Extracted key is $R$. Randomness $Z$ is public

Theorems & Definitions (17)

  • Definition 1: Strong (average case) randomness extractor dodis2006robust
  • Definition 2: Universal hash family
  • Lemma 1: Generalized Leftover Hash Lemma DodisORS08
  • Definition 3: Fuzzy extractor
  • Definition 4: Reusable fuzzy extractors Canetti2020
  • Definition 5: Strongly robust of reusable fuzzy extractor
  • Definition 6: $(\alpha, m, N)$-source
  • Theorem 1: Reusable fuzzy extractor
  • proof
  • Theorem 2: Robust and reusable FE
  • ...and 7 more