Abstract
Many fuzzy extractors have been presented for discrete data; here we present a fuzzy extractor for continuous data. Our approach uses the code-offset method extended to \(\mathbb {R}^n\) by using lattice codes and Euclidean distance. This is accomplished in the Unconstrained Power Channel, a theoretical artifact especially developed for lattice codes used in scenarios other than telecommunication, in which the noise is assumed to be white Gaussian. To prove security we give a lower bound on the min-entropy of the common secret that an adversary necessarily faces; we also provide an upper bound. In addition we present a construction using Low-Density Lattice Codes. Our construction is more practical than existing proposals since it can be used with a feature of any dimension n and with some noise distributions that are not white Gaussian inherent to that feature.
This work has been supported by the Brazilian agency CAPES.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, pp. 175–179 (1984)
Bennett, C.H., Brassard, G., Crépeau, C., Skubiszewska, M.-H.: Practical quantum oblivious transfer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 351–366. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_29
Buhan, I.R., Doumen, J.M., Hartel, P.H., Veldhuis, R.N.J.: Constructing practical fuzzy extractors using QIM. Technical report TR-CTIT-07-52, Centre for Telematics and Information Technology University of Twente (2007)
Buhan, I.R., Doumen, J.M., Hartel, P.H., Veldhuis, R.N.J., Fuzzy Extractors for Continuous Distributions. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 353–355. ACM (2007)
Brassard, G., Salvail, L.: Secret-key reconciliation by public discussion. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 410–423. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_35
Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: FOCS 1988–29th Annual Symposium on Foundations of Computer Science, pp. 42–52 (1988)
Crépeau, C.: Efficient cryptographic protocols based on noisy channels. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 306–317. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_21
Conway, J.H., Sloane, N.J.A.: Sphere Packings, Lattices Groups. Springer, Heidelberg (1998). ISBN: 0387985859
Chang, Y.J., Zhang, W., Chen, T.: Biometrics-based cryptographic key generation. In: IEEE International Conference on Multimedia and Expo, vol. 3, pp. 2203–2206 (2004)
Dodis, Y., Reyzin, M., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Gallager, R.G.: Low-density parity-check codes. IRE Trans. Inf. Theory 8(1), 21–28 (1962)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proceedings of IEEE International Symposium on Information Theory, p. 408. IEEE (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 28–36. ACM (1999)
Kurkoski, B.M., Dauwels, J., Loeliger, H.-A.: Power-constrained communications using LDLC lattices. In: IEEE International Symposium on Information Theory ISIT, pp. 739–743. IEEE (2009)
Lin, D., Huang, D., Huang, P., Peng, J., Zeng, G.: High performance reconciliation for continuous-variable quantum key distribution with LDPC code. Int. J. Quantum Inf. 13(02), 1550010 (2015)
Linnartz, J.-P., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003). doi:10.1007/3-540-44887-X_47
di Pietro, N., Boutros, J.J., Zémor, G., Brunel, L.: Integer low-density lattices based on construction A. IEEE Inf. Theory Workshop (ITW) 2012, 422–426 (2012)
Poltyrev, G.: On coding without restrictions for the AWGN channel. IEEE Trans. Inf. Theory 40(2), 409–417 (1994)
Sommer, N., Feder, M., Shalvi, O.: Low-density lattice codes. IEEE Trans. Inf. Theory 54(4), 1561–1585 (2008)
Tuyls, P., Akkermans, A.H.M., Kevenaar, T.A.M., Schrijen, G.-J., Bazen, A.M., Veldhuis, R.N.J.: Practical biometric authentication with template protection. In: Kanade, T., Jain, A., Ratha, N.K. (eds.) AVBPA 2005. LNCS, vol. 3546, pp. 436–446. Springer, Heidelberg (2005). doi:10.1007/11527923_45
Verbitskiy, E.A., Tuyls, P., Obi, C., Schoenmakers, B., Škoric, B.: Key extraction from general non-discrete signals. IEEE Trans. Inf. Forensics Secur. 5(2), 269–279 (2010)
Wasserman, L.: All of Statistics: A Concise Course in Statistical Inference. Springer, Heidelberg (2004). ISBN: 0387402721
Yehia, H., Rubin, P., Bateson, E.V.: Quantitative association of vocal-tract and facial behavior. Speech Commun. 26(1), 23–43 (1998)
Zheng, G., Li, W., Zhan, C.: Cryptographic key generation from biometric data using lattice mapping. In: IEEE 18th International Conference on Pattern Recognition, vol. 4, pp. 513–516 (2006)
Škoric, B., Tuyls, P.: An efficient fuzzy extractor for limited noise. In: Symposium on Information Theory in the Benelux, pp. 193–200 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
A Proof of Theorem 1
Proof
In order to know which realization of the secret information was chosen, the adversary takes the realization of the public transmitted information q and decreases from the distribution \(\mathcal {X}_g\). This results in a translation of \(\mathcal {X}_g\). The consequence is that this translation changes the configuration of lattice points inside the domain of the distribution. Therefore, it is necessary to analyze the security for each realization of Q.
Given q, the used lattice \(\varLambda \) and because \(S = Q-\mathcal {X}_a\), the adversary knows the possible realizations of S. The probability of each realization \(S_i\) of S is that the value is inside its Voronoi cell. Therefore
where \(V_q(S_i)\) stands for the Voronoi cell of the point \(S_i\) regarding the set with the same domain of \(q-\mathcal {X}_g\) and \(\mathcal {S} =\{S_1, S_2, \cdots , S_m\}\) with \(\mathcal {S} \subseteq \varLambda \).
However, the division of the space using the domain of \(p-\mathcal {X}_g\) and the lattice \(\varLambda \) can be different. Some regions that belong to some Voronoi cell of a point of \(\mathcal {S}\) could be closer to an outside point. The set of points \(\mathcal {M} = \{M_1,M_2, \cdots , M_k\}\) is defined with the following property
with \(V'(M_j) \ne \emptyset \) and \(V(M_j)\) is its Voronoi cell regarding the lattice \(\varLambda \).
If S could be mapped to those points, then their probabilities are
The maximum value possible for \(P[M_j]\) is \(V'(M_j) = \min (V(M_j),\max (V_q(S_i))) \). In other words, when \(V(M_j) \subseteq \mathcal {P}\). Because \(\mathcal {S} \subseteq \mathcal {M}\), then
This implies that
The set \(\mathcal {M}\) is exactly the decoding of the points of \(q - \mathcal {X}_g\) without any restriction, therefore
The probability of the points of \(\mathcal {S}\) for an adversary can be seen as
By Eqs. (19), (20) and (21) we conclude that
B Proof of Theorem 2
This proof will use the same idea of the proof for the upper bound. The difference is that we will create a distribution \(\mathcal {X}_{min}\) that is just the adjustment of the distribution \(\mathcal {X}_g\) in a way that \(q- \mathcal {X}_{min}\) will always decode to a lattice point covered by the domain \(X_d\) of \(\mathcal {X}_g\). This adjustment can be seen as the decrease of the region determined by \(X_d\) or the increase of the volume of the lattice \(\varLambda \).
Proof
In order to know which realization of the secret information was chosen, the adversary takes the realization of the public transmitted information q and decreases from the distribution \(\mathcal {X}_g\). This results in a translation of \(\mathcal {X}_g\). The consequence is that this translation changes the configuration of lattice points inside the domain of the distribution. Therefore, it is necessary to analyze the security for each realization of Q.
Given q, the used lattice \(\varLambda \) and because \(S = Q-\mathcal {X}_a\), the adversary knows the possible realizations of S. The probability of each realization \(S_i\) of S is that the value is inside its Voronoi cell. Therefore
where \(V_q(S_i)\) stands for the Voronoi cell of the point \(S_i\) regarding the set with the same domain of \(q-\mathcal {X}_g\) and \(\mathcal {S} =\{S_1, S_2, \cdots , S_m\}\) with \(\mathcal {S} \subseteq \varLambda \).
However, the division of the space using the domain of \(q-\mathcal {X}_g\) and the lattice \(\varLambda \) can be different. Some regions that belong to some Voronoi cell of a point of \(\mathcal {S}\) could be closer to an outside point. Because of this, we will shrink the domain of \(q - \mathcal {X}_g\) in a way that the decoding will find only lattice points inside this region.
Finding the exactly configuration of lattice points is hard, but we know that lattice points are a linear combination of vectors of the generator matrix G and that the maximum distance between lattice point is the length \(||c_{max}||\) of the biggest vector of G. Therefore, if we decrease \(||c_{max}||\) from a lattice point, we will pass by another lattice point.
Now, assuming that \(\mathcal {X}_g = [X_1, X_2, \cdots , X_n]\) and that the domain of each \(X_i\) is \([a_i,b_i]\) with \(b_i - a_i > ||c_{max}||\), then we can transform each \(X_i\) in a way that if we choose a point inside \(X_d\) then it will decoded also to a point inside \(X_d\). If we use the interval \(\left[ a_i+\frac{||c_{max}||}{2},b_i-\frac{||c_{max}||}{2}\right] \) with \(1 \le i \le n\), all points in this region will be decoded to a lattice point that belongs to \(q - \mathcal {X}_g\). However, the fact that \(b_i - a_i \le ||c_{max}||\) may occur. In this case, we will treat \(X_i\) as a constant with \(p(\frac{a_i + b_i}{2}) =1\) and 0 otherwise. The value \(\frac{a_i + b_i}{2}\) is chosen in order to force the decoding function to find a point inside \(q-\mathcal {X}_g\). The consequence of this approach is that the variable \(X_i\) does not contribute to the overall min-entropy.
First we define a function f that transforms the random variables that have a interval of occurrence less than \(||c_{max}||\):
With this function, we have only the random variables that we can surely map to lattice points inside the domain of \(q-\mathcal {X}_g\).
It is important to notice that the decrease in the interval is just a multiplication of the random variable \(X_i\) by the constant \(c_i = \frac{b_i - a_i - ||c_{max}||}{b_i - a_i}\). The resulting probability density function is \(p_{Y_i}(y_i) = p_{X_i}(\frac{y_i}{c_i}) \frac{1}{c_i}\). We can conclude that \(c < 1\) and \(\displaystyle {\lim _{b_i - a_i \rightarrow \infty }} c_i = 1\), or in other words, if the interval is large enough the approximation will be close.
We define \(X_{tf} = [f_1(X_1),\cdots , f_n(X_n)]\) and the diagonal matrix C with elements as
Taking \(\mathcal {X}_{min} = C X_{tf}\) will give a smaller region where all points will be decoded to points of \(q-X_d\). The set \(\mathcal {M} = \{M_1,\cdots ,M_k\}\) is defined as the one with the elements that will be the outcome of \(\text {decode}(q- \mathcal {X}_{min})\). Assuming that the domain of \(q-\mathcal {X}_g\) will be a convex area, their probabilities are
with \(0 \le o \le n\) and \(V'(M_j)\) is the Voronoi cell regarding \(q - \mathcal {X}_{min}\).
Because \(\mathcal {M} \subseteq \mathcal {S}\) , then
This implies that
The set \(\mathcal {M}\) is the decoding of the points of \(q - \mathcal {X}_{min}\) without any restriction, therefore
The probability of the points of \(\mathcal {S}\) for an adversary can be seen to be
By Eqs. (26), (27) and (28) we conclude that
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Parente, V.P., van de Graaf, J. (2016). A Practical Fuzzy Extractor for Continuous Features. In: Nascimento, A., Barreto, P. (eds) Information Theoretic Security. ICITS 2016. Lecture Notes in Computer Science(), vol 10015. Springer, Cham. https://doi.org/10.1007/978-3-319-49175-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-49175-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49174-5
Online ISBN: 978-3-319-49175-2
eBook Packages: Computer ScienceComputer Science (R0)