TY - GEN
T1 - Robust fuzzy extractors and authenticated key agreement from close secrets
AU - Dodis, Yevgeniy
AU - Katz, Jonathan
AU - Reyzin, Leonid
AU - Smith, Adam
PY - 2006
Y1 - 2006
N2 - Consider two parties holding correlated random variables W and W', respectively, that are within distance t of each other in some metric space. These parties wish to agree on a uniformly distributed secret key R by sending a single message over an insecure channel controlled by an all-powerful adversary. We consider both the keyless case, where the parties share no additional secret information, and the keyed case, where the parties share a long-term secret SK that they can use to generate a sequence of session keys {Rj}using multiple pairs {(Wj, Wj′)}. The former has applications to, e.g., biometric authentication, while the latter arises in, e.g., the bounded storage model with errors. Our results improve upon previous work in several respects: - The best previous solution for the keyless case with no errors (i.e., t = 0) requires the min-entropy of W to exceed 2|W|/3. We show a solution when the min-entropy of W exceeds the minimal threshold |W|/2. - Previous solutions for the keyless case in the presence of errors (i.e., t > 0) required random oracles. We give the first constructions (for certain metrics) in the standard model. - Previous solutions for the keyed case were stateful. We give the first stateless solution.
AB - Consider two parties holding correlated random variables W and W', respectively, that are within distance t of each other in some metric space. These parties wish to agree on a uniformly distributed secret key R by sending a single message over an insecure channel controlled by an all-powerful adversary. We consider both the keyless case, where the parties share no additional secret information, and the keyed case, where the parties share a long-term secret SK that they can use to generate a sequence of session keys {Rj}using multiple pairs {(Wj, Wj′)}. The former has applications to, e.g., biometric authentication, while the latter arises in, e.g., the bounded storage model with errors. Our results improve upon previous work in several respects: - The best previous solution for the keyless case with no errors (i.e., t = 0) requires the min-entropy of W to exceed 2|W|/3. We show a solution when the min-entropy of W exceeds the minimal threshold |W|/2. - Previous solutions for the keyless case in the presence of errors (i.e., t > 0) required random oracles. We give the first constructions (for certain metrics) in the standard model. - Previous solutions for the keyed case were stateful. We give the first stateless solution.
UR - http://www.scopus.com/inward/record.url?scp=33749541274&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749541274&partnerID=8YFLogxK
U2 - 10.1007/11818175_14
DO - 10.1007/11818175_14
M3 - Conference contribution
AN - SCOPUS:33749541274
SN - 3540374329
SN - 9783540374329
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 232
EP - 250
BT - Advances in Cryptology - CRYPTO 2006 - 26th Annual International Cryptology Conference, Proceedings
PB - Springer Verlag
T2 - 26th Annual International Cryptology Conference, CRYPTO 2006
Y2 - 20 August 2006 through 24 August 2006
ER -