<p>Robust (fuzzy) extractors are very useful for, e.g., authenticated exchange from shared weak secret and remote biometric authentication against active adversaries. They enable two parties to extract the same uniform randomness with the “helper” string. More importantly, they have an authentication mechanism built in that will detect tampering of the “helper” string. Unfortunately, as shown by Dodis and Wichs, in the information-theoretic setting, a robust extractor for an (<i>n</i>,&#xa0;<i>k</i>)-source requires <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(k&gt;n/2\)</EquationSource> <EquationSource Format="MATHML"><math> <mrow> <mi>k</mi> <mo>&gt;</mo> <mi>n</mi> <mo stretchy="false">/</mo> <mn>2</mn> </mrow> </math></EquationSource> </InlineEquation>, which is in sharp contrast with randomness extractors which only require <InlineEquation ID="IEq2"> <EquationSource Format="TEX">\(k=\omega (\log n)\)</EquationSource> <EquationSource Format="MATHML"><math> <mrow> <mi>k</mi> <mo>=</mo> <mi>ω</mi> <mo stretchy="false">(</mo> <mo>log</mo> <mi>n</mi> <mo stretchy="false">)</mo> </mrow> </math></EquationSource> </InlineEquation>. Existing work either relies on random oracles or introduces CRS and works only for CRS-independent sources (even in the computational setting). In this work, we give a systematic study of robust (fuzzy) extractors for general CRS <i>dependent</i> sources. We show in the information-theoretic setting that the same entropy lower bound holds even in the CRS model; we then show we <i>can</i> have robust extractors in the computational setting for general CRS-dependent source that is only with minimal entropy. At the heart of our construction lies a new primitive called <InlineEquation ID="IEq3"> <EquationSource Format="TEX">\(\kappa \)</EquationSource> <EquationSource Format="MATHML"><math> <mi>κ</mi> </math></EquationSource> </InlineEquation>-MAC that is unforgeable with a weak key and hides all partial information about the key (both against auxiliary input), by which we can compile any conventional randomness extractor into a robust one. We further augment <InlineEquation ID="IEq4"> <EquationSource Format="TEX">\(\kappa \)</EquationSource> <EquationSource Format="MATHML"><math> <mi>κ</mi> </math></EquationSource> </InlineEquation>-MAC to defend against “key manipulation" attacks, which yields a robust fuzzy extractor for CRS-dependent sources.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Computational Robust (Fuzzy) Extractors for CRS-dependent Sources with Minimal Min-entropy

  • Hanwen Feng,
  • Qiang Tang

摘要

Robust (fuzzy) extractors are very useful for, e.g., authenticated exchange from shared weak secret and remote biometric authentication against active adversaries. They enable two parties to extract the same uniform randomness with the “helper” string. More importantly, they have an authentication mechanism built in that will detect tampering of the “helper” string. Unfortunately, as shown by Dodis and Wichs, in the information-theoretic setting, a robust extractor for an (nk)-source requires \(k>n/2\) k > n / 2 , which is in sharp contrast with randomness extractors which only require \(k=\omega (\log n)\) k = ω ( log n ) . Existing work either relies on random oracles or introduces CRS and works only for CRS-independent sources (even in the computational setting). In this work, we give a systematic study of robust (fuzzy) extractors for general CRS dependent sources. We show in the information-theoretic setting that the same entropy lower bound holds even in the CRS model; we then show we can have robust extractors in the computational setting for general CRS-dependent source that is only with minimal entropy. At the heart of our construction lies a new primitive called \(\kappa \) κ -MAC that is unforgeable with a weak key and hides all partial information about the key (both against auxiliary input), by which we can compile any conventional randomness extractor into a robust one. We further augment \(\kappa \) κ -MAC to defend against “key manipulation" attacks, which yields a robust fuzzy extractor for CRS-dependent sources.