Seminario Interdipartimentale di Algoritmica  

Monday, March 14, 2005, 12:00 noon
Basing Cryptography on Biometrics and Other Noisy Data
Yevgeniy Dodis
New York University

DIS - Department of Computer and System Sciences
C3 Room, second floor

Abstract:

We provide formal definitions and efficient secure techniques for - turning biometric and other noisy data into keys usable for *any* cryptographic application, and - reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two new primitives. A *fuzzy extractor* extracts nearly uniform randomness R from its biometric input; the extraction is error-tolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in any cryptographic application. A *secure sketch* produces public information about its biometric input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them. In addition to formally introducing our new primitives, we provide nearly optimal constructions of both primitives for various measures of "closeness" of input data, such as Hamming distance, edit metric, permutation distance and set difference. If time permits, some follow-up work will be mentioned. The talk will be introductory and self-contained.

Original paper can be found at http://eprint.iacr.org/2003/235