Abstract
We provide formal definitions and efficient secure techniques for
-
turning biometric information into keys usable for any cryptographic application, and
-
reliably and securely authenticating biometric data.
Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor extracts nearly uniform randomness R from its biometric input; the extraction is error-tolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in any cryptographic application. A secure sketch produces public information about its biometric input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them.
In addition to formally introducing our new primitives, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Chapter PDF
Similar content being viewed by others
References
Agrell, E., Vardy, A., Zeger, K.: Upper bounds for constant-weight codes. IEEE Transactions on Information Theory 46(7), 2373–2395 (2000)
Andoni, A., Deza, M., Gupta, A., Indyk, P., Raskhodnikova, S.: Lower bounds for embedding edit distance into normed spaces. In: Proc. ACM Symp. on Discrete Algorithms, pp. 523–526 (2003)
Bennett, C., Brassard, G., Robert, J.: Privacy Amplification by Public Discussion. SIAM J. on Computing 17(2), 210–229 (1988)
Bennett, C., Brassard, G., Crépeau, C., Maurer, U.: Generalized Privacy Amplification. IEEE Transactions on Information Theory 41(6), 1915–1923 (1995)
Broder, A.: On the resemblence and containment of documents. In: Compression and Complexity of Sequences (1997)
Brouwer, E., Shearer, J.B., Sloane, N.J.A., Smith, W.D.: A new table of constant weight codes. IEEE Transactions on Information Theory 36, 1334–1380 (1990)
Crépeau, C.: Efficient Cryptographic Protocols Based on Noisy Channels. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 306–317. Springer, Heidelberg (1997)
Davida, G., Frankel, Y., Matt, B.: On enabling secure applications through offline biometric identification. In: Proc. IEEE Symp. on Security and Privacy, pp. 148–157 (1998)
Ding, Y.Z.: Manuscript
Ellison, C., Hall, C., Milbert, R., Schneier, B.: Protecting Keys with Personal Entropy. Future Generation Computer Systems 16, 311–318 (2000)
Frykholm, N.: Passwords: Beyond the Terminal Interaction Model. Master’s Thesis, Umea University
Frykholm, N., Juels, A.: Error-Tolerant Password Recovery. In: Proc. ACM Conf. Computer and Communications Security, pp. 1–8 (2001)
Guruswami, V., Sudan, M.: Improved Decoding of Reed-Solomon and Algebraic- Geometric Codes. In: Proc. 39th IEEE Symp. on Foundations of Computer Science, pp. 28–39 (1998)
Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom generator from any one-way function. In: Proc. 21st ACM Symp. on Theory of Computing (1989)
Juels, A., Wattenberg, M.: A Fuzzy Commitment Scheme. In: Proc. ACM Conf. Computer and Communications Security, pp. 28–36 (1999)
Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: IEEE International Symposium on Information Theory (2002)
Kelsey, J., Schneier, B., Hall, C., Wagner, D.: Secure Applications of Low-Entropy Keys. In: Proc. of Information Security Workshop, pp. 121–134 (1997)
Linnartz, J.-P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)
van Lint, J.H.: Introduction to Coding Theory, p. 183. Springer, Heidelberg (1992)
Monrose, F., Reiter, M., Wetzel, S.: Password Hardening Based on Keystroke Dynamics. In: Proc. ACM Conf. Computer and Communications Security, pp. 73–82 (1999)
Monrose, F., Reiter, M., Li, Q., Wetzel, S.: Cryptographic key generation from voice. In: Proc. IEEE Symp. on Security and Privacy (2001)
Monrose, F., Reiter, M., Li, Q., Wetzel, S.: Using voice to generate cryptographic keys. In: Proc. of Odyssey 2001, The Speaker Verification Workshop (2001)
Nisan, N., Ta-Shma, A.: Extracting Randomness: a survey and new constructions. JCSS 58(1), 148–173 (1999)
Nisan, N., Zuckerman, D.: Randomness is Linear in Space. JCSS 52(1), 43–52 (1996)
Radhakrishnan, J., Ta-Shma, A.: Tight bounds for depth-two superconcentrators. In: Proc. 38th IEEE Symp. on Foundations of Computer Science, pp. 585–594 (1997)
Shaltiel, R.: Recent developments in Explicit Constructions of Extractors. Bulletin of the EATCS 77, 67–95 (2002)
Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption (2001), Available at http://eprint.iacr.org/2001/112
Verbitskiy, E., Tyls, P., Denteneer, D., Linnartz, J.-P.: Reliable Biometric Authentication with Privacy Protection. In: Proc. 24th Benelux Symposium on Information theory (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dodis, Y., Reyzin, L., Smith, A. (2004). Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds) Advances in Cryptology - EUROCRYPT 2004. EUROCRYPT 2004. Lecture Notes in Computer Science, vol 3027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24676-3_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-24676-3_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21935-4
Online ISBN: 978-3-540-24676-3
eBook Packages: Springer Book Archive