Abstract: A shared cryptographic key enables strong authentication. Candidate sources for creating such a shared key include biometrics and physically unclonable functions. However, these sources come with a substantial problem: noise in repeated readings.
A fuzzy extractor produces a stable key from a noisy source. For many sources of practical importance, traditional fuzzy extractors provide no meaningful security guarantee. We improve key derivation from noisy sources in three lessons.
First, we show how to incorporate structural information about the physical source to facilitate key derivation. Second, most fuzzy extractors work by first recovering the initial reading from the noisy reading. We improve key derivation by producing a consistent key without recovering the original reading. Third, traditional fuzzy extractors provide information-theoretic security. We build fuzzy extractors achieving new properties by only providing security against computational bounded adversaries. The above lessons are supported by negative results and constructions.