Strong Key Derivation from Noisy Sources
A shared cryptographic key enables strong authentication. Biometrics are one candidate source for creating such a shared key. However, biometrics come with a substantial problem: noise in repeated readings.
A fuzzy extractor produces a stable key from a noisy source of entropy. The iris is believed to be the strongest biometric. However, traditional fuzzy extractors provide no meaningful security guarantee for the iris. We challenge common ideas about fuzzy extractors to provide key derivation for practical sources.
First, we show how to incorporate structural information about the biometric. Second, traditional fuzzy extractors provide information-theoretic security. We show this notion places unnecessary roadblocks to securing practical sources. We build fuzzy extractors achieving new properties by only providing security against computational bounded adversaries.