Skip to main content
SpringerLink
Log in

A Fuzzy Vault Scheme

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We describe a simple and novel cryptographic construction that we refer to as a fuzzy vault. A player Alice may place a secret value κ in a fuzzy vault and “lock” it using a set A of elements from some public universe U. If Bob tries to “unlock” the vault using a set B of similar length, he obtains κ only if B is close to A, i.e., only if A and B overlap substantially. In constrast to previous constructions of this flavor, ours possesses the useful feature of order invariance, meaning that the ordering of A and B is immaterial to the functioning of the vault. As we show, our scheme enjoys provable security against a computationally unbounded attacker. Fuzzy vaults have potential application to the problem of protecting data in a number of real-world, error-prone environments. These include systems in which personal information serves to authenticate users for, e.g., the purposes of password recovery, and also to biometric authentication systems, in which readings are inherently noisy as a result of the refractory nature of image capture and processing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. M. Alabbadi and S. B. Wicker, A digital signature scheme based on linear error-correcting block codes. In Josef Pieprzyk and Reihanah Safavi-Naini (eds.), Asiacrypt ’94, Springer-Verlag (1994) LNCS no. 917, pp. 238–248.

  2. C. H. Bennett F. Bessette G. Brassard G. Savail J. Smolin (1992) ArticleTitleExperimental quantum cryptography J. Cryptol. 5 IssueID1 3–28 Occurrence Handle10.1007/BF00191318

    Article  Google Scholar 

  3. C. H. Bennett, G. Brassard, C. Crépeau and M.-H. Skubiszewska, Practical quantum oblivious transfer protocols. In J. Feigenbaum (ed.), Crypto ’91, Springer-Verlag (1991). LNCS no. 576, pp. 351–366.

  4. E. R. Berlekamp (1968) Algebraic Coding Theory McGraw Hill New York

    Google Scholar 

  5. D. Bleichenbacher and P. Nyuyen, Noisy polynomial interpolation and noisy chinese remaindering. In B. Preneel (ed.), Eurocrypt ’00, (2000) LNCS no. 1807, pp. 53–69.

  6. V. Boyko, P. MacKenzie, and S. Patel, Provably secure password-authenticated key exchange using Diffie-Hellman. In B. Preneel (ed.), Eurocrypt ’00, Springer-Verlag (2000) LNCS no. 1807, pp. 156–171.

  7. C. Crépeau, Efficient cryptographic protocols based on noisy channels. In W. Fumy (ed.), Eurocrypt ’97, Springer-Verlag, (1997) LNCS no. 1233, pp. 306–317.

  8. C. Crépeau and J. Kilian, Achieving oblivious transfer using weakened security assumptions. In Proceedings of the 29th IEEE Symposium on the Foundations of Computer Science (1988), pp. 42–52.

  9. G. I. Davida, Y. Frankel and B. J. Matt, On enabling secure applications through off-line biometric identification. In IEEE Symposium on Privacy and Security (1998).

  10. G. I. Davida, Y. Frankel and B. J. Matt, On the relation of error correction and cryptography to an offline biometric based identification scheme. In Proceedings of WCC99, Workshop on Coding and Cryptography (1999).

  11. I. Dumer, D. Micciancio and M. Sudan. Hardness of approximating the minimum distance of a linear code. In Proceedings of the 40th Annual Symposium on Foundations of Computer Science (FOCS), (1999), pp. 475–484.

  12. C. Ellison C. Hall R. Milbert B. Schneier (2000, February) ArticleTitleProtecting Secret Keys with Personal Entropy J. Fut. Comput. Sys. 16 IssueID4 311–318

    Google Scholar 

  13. Electronic Frontier Foundation, Cracking DES: Secrets of encryption research, wiretap politics & chip design. O’Reilly (1998).

  14. N. Frykholm and A. Juels, An error-tolerant password recovery scheme. In P. Samarati (ed.), Eighth ACM Conference on Computer and Communications Security, ACM Press (2001) pp. 1–8.

  15. V. Guruswami and M. Sudan, Improved decoding of Reed–Solomon and algebraic-geometric codes, In FOCS ’98, IEEE Computer Society (1998), pp. 28–39.

  16. T. Jakobsen, Cryptanalysis of block ciphers with probabilistic non-linear relations of low degree, In H. Krawczyk (ed.), Crypto ’98, Springer-Verlag (1998) LNCS no. 1462, pp. 212–222.

  17. M. Jakobsson and M. Yung, Proving with knowing: On oblivious, agnostic, and blindfolded provers, In N. Koblitz (ed.), Crypto ’96, Springer-Verlag (1996), LNCS no. 1109, pp. 186–200.

  18. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter and A. D. Rubin, The design and analysis of graphical passwords, In Proceedings of the 8th USENIX Security Symposium (1999), pp. 1–14.

  19. A. Juels and M. Wattenberg, A fuzzy commitment scheme, In G. Tsudik, (ed), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 28–36.

  20. A. Juels and M. Sudan, A fuzzy vault scheme, In International Symposium on Information Theory (ISIT), IEEE Pressm, (2002), p. 408.

  21. J. L. Massey (1969) ArticleTitleShift register synthesis and BCH decoding IEEE Trans. Inform. Theory 15 IssueID1 122–127 Occurrence Handle10.1109/TIT.1969.1054260 Occurrence Handle0167.18101 Occurrence Handle39 #3887

    Article  MATH  MathSciNet  Google Scholar 

  22. R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, Technical Report DSN progress report 42–44, Jet Propulsion Laboratory, Pasadena (1978).

  23. F. Monrose, M. K. Reiter and S. Wetzel, Password hardening based on keystroke dynamics, In G. Tsudik (ed.), Sixth ACM Conference on Computer and Communications Security, ACM Press (1999), pp. 73–82.

  24. T. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing. In J. Feigenbaum (ed.), Crypto ’91, Springer-Verlag (1991), LNCS no. 576, pp. 129–140.

  25. W. W. Peterson, Encoding and error-correction procedures for Bose-Chaudhuri codes, IEEE Trans. Inform. Theory, Vol. IT-60 (1960) pp. 459–470.

  26. B. Schoenmakers F. Boudot J. Traoré (2001, July) ArticleTitleA fair and efficient solution to the sociaset millionaires’ problem Discrete Appl. Math. 111 23–36 Occurrence Handle2002k:68049

    MathSciNet  Google Scholar 

  27. A. Shamir (1979) ArticleTitleHow to share a secret Commun. ACM 22 612–613 Occurrence Handle10.1145/359168.359176 Occurrence Handle0414.94021 Occurrence Handle80g:94070

    Article  MATH  MathSciNet  Google Scholar 

  28. C. Soutar, Biometric encryption for secure key generation, January 1998, Presentation at the 1998 RSA Data Security Conference.

  29. C. Soutar and G. J. Tomko, Secure private key generation using a fingerprint, In CardTech/SecurTech Conference Proceedings, Vol. 1, (May 1996) pp. 245–252.

  30. J. Stern, A new identification scheme based on syndrome decoding, In D.R. Stinson (ed.), Crypto ’93, Springer-Verlag (1993), LNCS no. 773, pp. 13–21.

Download references

Author information

Authors and Affiliations

  1. RSA Laboratories, 174 Middlesex Turnpike, Bedford, MA, 01730, USA

    Ari Juels

  2. Massachusetts Institute of Technology, 32 Vassar street, Cambridge, MA, 02139, USA

    Madhu Sudan

Authors
  1. Ari Juels
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madhu Sudan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ari Juels.

Additional information

Communicated by: P. Wild

Rights and permissions

Reprints and permissions

About this article

Cite this article

Juels, A., Sudan, M. A Fuzzy Vault Scheme. Des Codes Crypt 38, 237–257 (2006). https://doi.org/10.1007/s10623-005-6343-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-005-6343-z

Keywords

Search

Navigation