Consider two parties holding correlated random variables W and W', respectively, that are within distance t of each other in some metric space. These parties wish to agree on a uniformly distributed secret key R by sending a single message over an insecure channel controlled by an all-powerful adversary. We consider both the keyless case, where the parties share no additional secret information, and the keyed case, where the parties share a long-term secret SK that they can use to generate a sequence of session keys {Rj}using multiple pairs {(Wj, Wj′)}. The former has applications to, e.g., biometric authentication, while the latter arises in, e.g., the bounded storage model with errors. Our results improve upon previous work in several respects: - The best previous solution for the keyless case with no errors (i.e., t = 0) requires the min-entropy of W to exceed 2|W|/3. We show a solution when the min-entropy of W exceeds the minimal threshold |W|/2. - Previous solutions for the keyless case in the presence of errors (i.e., t > 0) required random oracles. We give the first constructions (for certain metrics) in the standard model. - Previous solutions for the keyed case were stateful. We give the first stateless solution. © International Association for Cryptologic Research 2006.
CITATION STYLE
Dodis, Y., Katz, J., Reyzin, L., & Smith, A. (2006). Robust fuzzy extractors and authenticated key agreement from close secrets. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4117 LNCS, pp. 232–250). Springer Verlag. https://doi.org/10.1007/11818175_14
Mendeley helps you to discover research relevant for your work.