Results 1  10
of
229
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Technical Report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006. Previous version appeared at EUROCRYPT 2004
 34 [DRS07] [DS05] [EHMS00] [FJ01] Yevgeniy Dodis, Leonid Reyzin, and Adam
, 2004
"... We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying mater ..."
Abstract

Cited by 349 (34 self)
 Add to MetaCart
We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is errortolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce errorprone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Mixed state entanglement and quantum error correction
 Phys. Rev., A
, 1996
"... Entanglement purification protocols (EPP) and quantum errorcorrecting codes (QECC) provide two ways of protecting quantum states from interaction with the environment. In an EPP, perfectly entangled pure states are extracted, with some yield D, from a bipartite mixed state M; with a QECC, an arbitra ..."
Abstract

Cited by 164 (8 self)
 Add to MetaCart
(Show Context)
Entanglement purification protocols (EPP) and quantum errorcorrecting codes (QECC) provide two ways of protecting quantum states from interaction with the environment. In an EPP, perfectly entangled pure states are extracted, with some yield D, from a bipartite mixed state M; with a QECC, an arbitrary quantum state ξ〉 can be transmitted at some rate Q through a noisy channel χ without degradation. We prove that an EPP involving oneway classical communication and acting on mixed state ˆ M(χ) (obtained by sharing halves of EPR pairs through a channel χ) yields a QECC on χ with rate Q = D, and vice versa. We compare the amount of entanglement E(M) required to prepare a mixed state M by local actions with the amounts D1(M) and D2(M) that can be locally distilled from it by EPPs using one and twoway classical communication respectively, and give an exact expression for E(M) when M is Belldiagonal. While EPPs require classical communication, quantum channel coding does not, and we prove Q is not increased by adding oneway classical communication. However, both D and Q can be increased by adding twoway communication. We show that certain noisy quantum channels, for example a 50 % depolarizing channel, can be used for reliable transmission of quantum states if twoway communication is available, but cannot be used if only oneway communication is available. We exhibit a family of codes based on universal hashing able to achieve an asymptotic Q (or D) of 1S for simple noise models, where S is the error entropy. We also obtain a specific, simple 5bit singleerrorcorrecting quantum block code. We prove that iff a QECC results in perfect fidelity for the case of the noerror error syndrome the QECC can be recast into a form where the encoder is the matrix inverse of the decoder. 1 PACS numbers: 03.65.Bz, 42.50.Dv, 89.70.+c 1
Quantum cryptography
 Rev. Mod. Phys
, 2002
"... Quantum cryptography could well be the first application of quantum mechanics at the individual quanta level. The very fast progress in both theory and experiments over the recent years are reviewed, with emphasis on open questions and technological issues. Contents I ..."
Abstract

Cited by 109 (3 self)
 Add to MetaCart
(Show Context)
Quantum cryptography could well be the first application of quantum mechanics at the individual quanta level. The very fast progress in both theory and experiments over the recent years are reviewed, with emphasis on open questions and technological issues. Contents I
Reusable cryptographic fuzzy extractors
 ACM CCS 2004, ACM
, 2004
"... We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret—a major shortcoming in the case of biometric applications. We propose two particularly stringent security models that specifically address the case of fuzzy s ..."
Abstract

Cited by 79 (2 self)
 Add to MetaCart
We show that a number of recent definitions and constructions of fuzzy extractors are not adequate for multiple uses of the same fuzzy secret—a major shortcoming in the case of biometric applications. We propose two particularly stringent security models that specifically address the case of fuzzy secret reuse, respectively from an outsider and an insider perspective, in what we call a chosen perturbation attack. We characterize the conditions that fuzzy extractors need to satisfy to be secure, and present generic constructions from ordinary building blocks. As an illustration, we demonstrate how to use a biometric secret in a remote error tolerant authentication protocol that does not require any storage on the client’s side. 1
Quantum Privacy Amplification and the Security of Quantum Cryptography Over Noisy Channels
, 1996
"... Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacyamplification techniques, the resulting schemes are difficult to analyse and have not bee ..."
Abstract

Cited by 71 (1 self)
 Add to MetaCart
Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacyamplification techniques, the resulting schemes are difficult to analyse and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an `entanglement purification' procedure which, because it requires only a few quantum ControlledNot and singlequbit operations, could be implemented using technology that is currently being developed. The scheme allows an arbitrarily small bound to be placed on the information that any eavesdropper may extract from the encrypted message. 89.70.+c, 02.50r, 03.65.Bz, 89.80.+h Typeset using REVT E X Quantum cryptography [13] allows two parties (traditionally known as Alice and Bob) to establish a secure ran...
The Gaussian Multiple Access Wiretap Channel
 IEEE TRANSACTION ON INFORMATION THEORY
, 2008
"... We consider the Gaussian multiple access wiretap channel (GMACWT). In this scenario, multiple users communicate with an intended receiver in the presence of an intelligent and informed wiretapper who receives a degraded version of the signal at the receiver. We define suitable security measures ..."
Abstract

Cited by 63 (8 self)
 Add to MetaCart
(Show Context)
We consider the Gaussian multiple access wiretap channel (GMACWT). In this scenario, multiple users communicate with an intended receiver in the presence of an intelligent and informed wiretapper who receives a degraded version of the signal at the receiver. We define suitable security measures for this multiaccess environment. Using codebooks generated randomly according to a Gaussian distribution, achievable secrecy rate regions are identified using superposition coding and timedivision multiple access (TDMA) coding schemes. An upper bound for the secrecy sumrate is derived, and our coding schemes are shown to achieve the sum capacity. Numerical results are presented showing the new rate region and comparing it with the capacity region of the Gaussian multipleaccess channel (GMAC) with no secrecy constraints, which quantifies the price paid for secrecy.
ExposureResilient Functions and AllOrNothing Transforms
, 2000
"... We study the problem of partial key exposure. Standard cryptographic de nitions and constructions do not guarantee any security even if a tiny fraction of the secret key is compromised. We show how to build cryptographic primitives that remain secure even when an adversary is able to learn almo ..."
Abstract

Cited by 62 (12 self)
 Add to MetaCart
(Show Context)
We study the problem of partial key exposure. Standard cryptographic de nitions and constructions do not guarantee any security even if a tiny fraction of the secret key is compromised. We show how to build cryptographic primitives that remain secure even when an adversary is able to learn almost all of the secret key.
Informationtheoretic key agreement: From weak to strong secrecy for free
 Lecture Notes in Computer Science
, 2000
"... Abstract. One of the basic problems in cryptography is the generation of a common secret key between two parties, for instance in order to communicate privately. In this paper we consider informationtheoretically secure key agreement. Wyner and subsequently Csiszár and Körner described and analyzed ..."
Abstract

Cited by 58 (2 self)
 Add to MetaCart
(Show Context)
Abstract. One of the basic problems in cryptography is the generation of a common secret key between two parties, for instance in order to communicate privately. In this paper we consider informationtheoretically secure key agreement. Wyner and subsequently Csiszár and Körner described and analyzed settings for secretkey agreement based on noisy communication channels. Maurer as well as Ahlswede and Csiszár generalized these models to a scenario based on correlated randomness and public discussion. In all these settings, the secrecy capacity and the secretkey rate, respectively, have been defined as the maximal achievable rates at which a highlysecret key can be generated by the legitimate partners. However, the privacy requirements were too weak in all these definitions, requiring only the ratio between the adversary’s information and the length of the key to be negligible, but hence tolerating her to obtain a possibly substantial amount of information about the resulting key in an absolute sense. We give natural stronger definitions of secrecy capacity and secretkey rate, requiring that the adversary obtains virtually no information about the entire key. We show that not only secretkey agreement satisfying the strong secrecy condition is possible, but even that the achievable keygeneration rates are equal to the previous weak notions of secrecy capacity and secretkey rate. Hence the unsatisfactory old definitions can be completely replaced by the new ones. We prove these results by a generic reduction of strong to weak key agreement. The reduction makes use of extractors, which allow to keep the required amount of communication negligible as compared to the length of the resulting key.
The general Gaussian multiple access and twoway wiretap channels: Achievable rates and cooperative jamming
 IEEE Trans. Inf. Theory
, 2008
"... We consider the General Gaussian Multiple Access WireTap Channel (GGMACWT) and the Gaussian TwoWay WireTap Channel (GTWWT) which are commonly found in multiuser wireless communication scenarios and serve as building blocks for adhoc networks. In the GGMACWT, multiple users communicate with a ..."
Abstract

Cited by 53 (24 self)
 Add to MetaCart
(Show Context)
We consider the General Gaussian Multiple Access WireTap Channel (GGMACWT) and the Gaussian TwoWay WireTap Channel (GTWWT) which are commonly found in multiuser wireless communication scenarios and serve as building blocks for adhoc networks. In the GGMACWT, multiple users communicate with an intended receiver in the presence of an intelligent and informed eavesdropper who receives their signals through another GMAC. In the GTWWT, two users communicate with each other with an eavesdropper listening through a GMAC. We consider a secrecy measure that is suitable for this multiterminal environment, and identify achievable such secrecy regions for both channels using Gaussian codebooks. In the special case where the GGMACWT is degraded, we show that Gaussian codewords achieve the strong secret key sumcapacity. For both GGMACWT and GTWWT, we find the power allocations that maximize the achievable secrecy sumrate, and find that the optimum policy may prevent some terminals from transmission in order to preserve the secrecy of the system. Inspired by this construct, we next propose a new scheme which we call cooperative jamming, where users who are not transmitting according to the sumrate maximizing power allocation can help the remaining users by “jamming ” the eavesdropper. This scheme is shown to increase the achievable secrecy sumrate, and in some cases allow a previously nontransmitting terminal to be able to transmit with secrecy. Overall,