Secure Authentication from a Weak Key, without Leaking Information

Consider two parties holding samples from correlated distributions W and W , respectively, where these samples are within distance t of each other in some metric space. The parties wish to agree on a close-to-uniformly distributed secret key R by sending a single message over an insecure channel controlled by an all-powerful adversary who may read and modify anything sent over the channel. We consider both the keyless case, where the parties share no additional secret information, and the keyed case, where the parties share a long-term secret SK Ext that they can use to generate a sequence of session keys {R j } using multiple pairs {(W j , W j )}. The former has applications to, e.g., biometric authentication, while the latter arises in, e.g., the bounded-storage model with errors.We show solutions that improve upon previous work in several respects:• The best prior solution for the keyless case with no errors (i.e., t = 0) requires the minentropy of W to exceed 2n/3, where n is the bit-length of W . Our solution applies whenever the min-entropy of W exceeds the minimal threshold n/2, and yields a longer key.• Previous solutions for the keyless case in the presence of errors (i.e., t > 0) required random oracles. We give the first constructions (for certain metrics) in the standard model.• Previous solutions for the keyed case were stateful. We give the first stateless solution.

show abstract

“…This additional security condition was subsequently explored in the setting of interactive key agreement [7].…”

Section: Correctnessmentioning

confidence: 99%

Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets

Dodis

Kanukurthi

Katz

et al. 2012

IEEE Trans. Inform. Theory

107

102

View full text Add to dashboard Cite

show abstract

A Quantum-Proof Non-malleable Extractor

Aggarwal

Chung

Lin

et al. 2019

Advances in Cryptology – EUROCRYPT 2019

View full text Add to dashboard Cite

In privacy amplification, two mutually trusted parties aim to amplify the secrecy of an initial shared secret X in order to establish a shared private key K by exchanging messages over an insecure communication channel. If the channel is authenticated the task can be solved in a single round of communication using a strong randomness extractor; choosing a quantum-proof extractor allows one to establish security against quantum adversaries.In the case that the channel is not authenticated, Dodis and Wichs (STOC'09) showed that the problem can be solved in two rounds of communication using a non-malleable extractor, a stronger pseudo-random construction than a strong extractor.We give the first construction of a non-malleable extractor that is secure against quantum adversaries. The extractor is based on a construction by Li (FOCS'12), and is able to extract from source of minentropy rates larger than 1/2. Combining this construction with a quantum-proof variant of the reduction of Dodis and Wichs, shown by Cohen and Vidick (unpublished), we obtain the first privacy amplification protocol secure against active quantum adversaries.

show abstract

Amplifying Privacy in Privacy Amplification

Aggarwal

Dodis

Jafargholi

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve.Despite being extensively studied in the literature, the problem of designing "optimal" efficient privacy amplification protocols is still open, because there are several optimization goals. The first of them is (1) minimizing the entropy loss L = k − m (it is known that the optimal value for L = O(λ), where ε = 2 −λ is the desired security of the protocol). Other important considerations include (2) minimizing the number of communication rounds, (3) maintaining security even after the secret key is used (this is called post-application robustness), and (4) ensuring that the protocol P does not leak some "useful information" about the source X (this is called source privacy). Additionally, when dealing with a very long source X, as happens in the so-called Bounded Retrieval Model (BRM), extracting as long a key as possible is no longer the goal. Instead, the goals are (5) to touch as little of X as possible (for efficiency), and (6) to be able to run the protocol many times on the same X, extracting multiple secure keys.Achieving goals (1)-(4) (or (2)-(6) in BRM) simultaneously has remained open, and, indeed, all known protocols fail to achieve at least two of them. In this work we improve upon the current state-of-the-art, by designing a variety of new privacy amplification protocols, in several cases achieving optimal parameters for the first time. Moreover, in most cases we do it by giving relatively general transformations which convert a given protocol P into a "better" protocol P . In particular, as special cases of these transformations (applied to best known prior protocols), we achieve the following privacy amplification protocols for the first time:• 4-round (resp. 2-round) source-private protocol with optimal entropy loss L = O(λ), whenever k = Ω(λ 2 ) (resp. k > n 2 (1 − α) for some universal constant α > 0). Best previous constant round source-private protocols achieved L = Ω(λ 2 ).• 3-round post-application-robust protocols with optimal entropy loss L = O(λ), whenever k = Ω(λ 2 ) or k > n 2 (1−α) (the latter is also source-private). Best previous post-application robust protocols achieved L = Ω(λ 2 ).• The first BRM protocol capable of extracting the optimal number Θ(k/λ) of session keys, improving upon the previously best bound Θ(k/λ 2 ). (Additionally, our BRM protocol is post-application-robust, takes 2 rounds, and can be made source-private by increasing the number of rounds to 4.) *

show abstract

Secure Authentication from a Weak Key, without Leaking Information

Cited by 4 publications

References 17 publications

Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets

Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets

A Quantum-Proof Non-malleable Extractor

Amplifying Privacy in Privacy Amplification

Contact Info

Product

Resources

About