Key Agreement from Close Secrets over Unsecured Channels
Speaker: Bhavana Kanukurthi , Boston University
Date: February 6 2009
Time: 10:30AM to 12:00PM
Location: 32-G449
Contact: be, 3-6098, imbe@mit.edu
Relevant URL: http://eprint.iacr.org/2008/494
We consider information-theoretic key agreement between two parties sharing somewhat different versions of a secret w that has relatively little entropy. This setting arises, for example, when a trusted server stores the biometric of a user, and the user subsequently uses his fresh biometric reading to authenticate himself to the server.
Such key agreement, also known as information reconciliation and privacy amplification over unsecured channels, was shown to be theoretically feasible by Renner and Wolf (Eurocrypt 2004), although no protocol that runs in polynomial time was described. We propose a protocol that is not only polynomial-time, but actually practical, requiring only a few seconds on consumer-grade computers.
Our protocol can be seen as an interactive version of robust fuzzy extractors (Dodis et al., Crypto 2006). While robust fuzzy extractors, due to their noninteractive nature, require w to have entropy at least half its length, we have no such constraint. In fact, unlike in prior solutions, in our solution the entropy loss is essentially unrelated to the length or the entropy of w, and depends only on the security parameter.
The paper appears in Eurocrypt 2009 and is available at http://eprint.iacr.org/2008/494.
This is joint work with Leonid Reyzin.
See other events that are part of CIS/Microsoft Seminars 2008/2009
See other events happening in February 2009
