Abstract
Fuzzy authenticated key exchange (FAKE) enables two parties to agree on a shared key with the help of their fuzzy sources, like biometric features [3, 9], physical unclonable functions (PUFs) [16], etc. In FAKE, each user will generate public strings from its own fuzzy source, and register public strings to the system. In the interactive protocol of FAKE, the user will again employ their own fuzzy sources to accomplish key agreement and achieve authenticity and privacy for the agreed session keys. The advantage of FAKE is that users do not have to store them in the devices, hence do not worry about key leakage due to bad key management in devices.
In this paper, We propose a generic construction of FAKE from three building blocks including secure sketch (SS), key encapsulation scheme (KEM) and a digital signature (SIG). We also define authenticity for users and pseudo-randomness for session keys to formalize the security of FAKE in the multi-user multi-challenge setting. We prove the security of our FAKE construction with tight security reductions to the building blocks in the random oracle model. Given the available choices for SS, tightly secure KEM and tightly secure SIG schemes, we obtain a bunch of FAKE schemes with tight security in the multi-user multi-challenge setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bader, C.: Efficient signatures with tight real world security in the random-oracle model. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 370–383. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12280-9_24
Bader, C., Hofheinz, D., Jager, T., Kiltz, E., Li, Y.: Tightly-secure authenticated key exchange. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 629–658. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_26
Bedari, A., Wang, S., Yang, J.: A two-stage feature transformation-based fingerprint authentication system for privacy protection in IoT. IEEE Trans. Ind. Informatics 18(4), 2745–2752 (2022)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Dupont, P.-A., Hesse, J., Pointcheval, D., Reyzin, L., Yakoubov, S.: Fuzzy password-authenticated key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 393–424. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_13
Gjøsteen, K., Jager, T.: Practical and tightly-secure digital signatures and authenticated key exchange. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 95–125. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_4
Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_24
Han, S., et al.: Authenticated key exchange and signatures with tight security in the standard model. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 670–700. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_23
Im, J., Jeon, S., Lee, M.: Practical privacy-preserving face authentication for smartphones secure against malicious clients. IEEE Trans. Inf. Forensics Secur. 15, 2386–2401 (2020)
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Cryptogr. 38(2), 237–257 (2006)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, Second Edition. 2nd edn. Chapman & Hall/CRC (2014)
Lee, Y., Lee, D.H., Park, J.H.: Tightly CCA-secure encryption scheme in a multi-user setting with corruptions. Des. Codes Cryptogr. 88(11), 2433–2452 (2020)
Li, Y., Schäge, S.: No-match attacks and robust partnering definitions: Defining trivial attacks for security protocols is not trivial. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) CCS 2017, pp. 1343–1360. ACM (2017)
Liu, X., Liu, S., Gu, D., Weng, J.: Two-pass authenticated key exchange with explicit authentication and tight security. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 785–814. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_27
Pan, J., Qian, C., Ringerud, M.: Signed diffie-hellman key exchange with tight security. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 201–226. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75539-3_9
Patil, V.C., Kundu, S.: Realizing robust, lightweight strong PUFs for securing smart grids. IEEE Trans. Consumer Electron. 68(1), 5–13 (2022)
Wang, M., He, K., Chen, J., Li, Z., Zhao, W., Du, R.: Biometrics-authenticated key exchange for secure messaging. In: Kim, Y., Kim, J., Vigna, G., Shi, E. (eds.) CCS ’21, pp. 2618–2631, ACM (2021)
Wen, Y., Liu, S.: Robustly reusable fuzzy extractor from standard assumptions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 459–489. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_17
Woodage, J., Chatterjee, R., Dodis, Y., Juels, A., Ristenpart, T.: A new distribution-sensitive secure sketch and popularity-proportional hashing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 682–710. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_23
Acknowledgements
We would like to thank the anonymous reviewers for their helpful comments. Shengli Liu and Mingming Jiang were partially supported by National Natural Science Foundation of China (NSFC No. 61925207) and Guangdong Major Project of Basic and Applied Basic Research (2019B030302008). Shuai Han was partially supported by National Natural Science Foundation of China (Grant No. 62002223), Shanghai Sailing Program (20YF1421100), and Young Elite Scientists Sponsorship Program by China Association for Science and Technology (YESS20200185).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A AFigure 5: The Security Experiment \(\textsf{Exp}_{\textsf{FAKE},\mu ,\ell ,\mathcal {A}}\) for \(\textsf{FAKE}\)
The original \(\textsf{Exp}_{\textsf{FAKE},\mu ,\ell ,\mathcal {A}}\) for our \(\textsf{FAKE}\) scheme, where \(\textsf{Corrupt}(i), \textsf{StateReveal}(i,s)\) and \(\textsf{SessionKeyReveal}(i,s)\) are the same as in Fig. 3 and omitted here for conciseness.
B BFigure 6: The Security Games \(\textsf{G}_{0}\)-\(\textsf{G}_{6}\) for \(\textsf{FAKE}\)
\(\textsf{FAKE}\) security games \(\textsf{G}_{0}\)-\(\textsf{G}_{6}\).
In Fig. 6, oracles \(\textsf{Corrupt}(i), \textsf{StateReveal}(i,s)\) and \(\textsf{SessionKeyReveal}(i,s)\) are the same as in Fig. 3 and omitted here for conciseness. Note that \(\textsf{G}_{0}\) contains the plain text,
and
part. \(\textsf{G}_{1}\) contains the plain text,
and
part. \(\textsf{G}_{2}\) contains the plain text,
and
part. \(\textsf{G}_{3}\) contains the plain text,
and
part. \(\textsf{G}_{4}\) contains \(\textsf{G}_{3}\) and
part. \(\textsf{G}_{5}\) contains \(\textsf{G}_{4}\) and
part. \(\textsf{G}_{6}\) contains \(\textsf{G}_{5}\) and
part.
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, M., Liu, S., Han, S., Gu, D. (2022). Fuzzy Authenticated Key Exchange with Tight Security. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13555. Springer, Cham. https://doi.org/10.1007/978-3-031-17146-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-17146-8_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17145-1
Online ISBN: 978-3-031-17146-8
eBook Packages: Computer ScienceComputer Science (R0)