(IJCNS) International Journal of Computer and Network Security, 9

Vol. 2, No. 10, 2010

The Effect of Public String on Extracted String in A

Fuzzy Extractor
Yang Bo 1, Li Ximing 2 and Zhang Wenzheng 3
1
College of Informatics, South China Agricultural University,
Guangzhou, 510642, P.R. China
byang@scau.edu.cn
2
College of Informatics, South China Agricultural University,
Guangzhou, 510642, P.R. China
liximing@scau.edu.cn
3
National Laboratory for Modern Communications,
Chengdu, 610041, P.R. China
wzzhang@163.com

Abstract: A fuzzy extractor is designed to extract a uniformly the alphabet of a random variable is denoted by the
distributed string from a noisy input in an error-tolerant corresponding script letter, the cardinality of a set is
manner. It has two outputs for a noisy input, a uniformly denoted by . The expected value of a real-valued random
distributed string and a public string. This paper gives the effect
variable is denoted by . The uniform distribution
of public string on the entropy loss in a fuzzy extractor, and
obtains the relationship between the entropy loss and public over is denoted by .
string, and the relationship between the size of extracted string A useful bound for any real-valued variable , any
and public string. , and any ( is the set of real numbers) is
.
Keywords: Cryptography, Secure sketch, Fuzzy extractor,
Min-entropy, Entropy loss Take , we have
(1)
1. Introduction The Rényi entropy of order of a random variable with
distribution and alphabet is defined as
To securely derive cryptographic keys from a noisy input
,
such as biometric data, a fuzzy extractor is designed to
extract a uniformly distributed string from this noisy input for and .
in an error-tolerant manner [1, 2, 5, 6, 7]. A fuzzy extractor The min-entropy of is
has two outputs for a noisy input, a uniformly distributed .
string which is used as cryptographic key, and a public The conditional min-entropy of given is
string which is used to encode the information needed for .
extraction of the uniformly distributed string. The difference We have .
between the min-entropy of the input and the conditional The statistical distance between two probability
min-entropy of the input given extracted string is defined as distributions with the same alphabet is defined
the entropy loss of a fuzzy extractor. as
This paper gives the effect of public string on the entropy .
loss in a fuzzy extractor, and obtains the relationship Lemma 1 [1]: Let be two random variables, if
between the entropy loss and public string, and the has possible values, then for any random variable ,
relationship between the size of extracted string and public
string.
A metric space is a set with a distance function
A similar problem in unconditionally-secure secret-key
, satisfying if
agreement protocol was considered in [3, 4, 8], which dealt
and only if , and symmetry
with the effect of side-information, obtained by the opponent
and the triangle inequality
through an initial reconciliation step, on the size of the
.
secret-key that can be distilled safely by subsequent privacy
Definition 1. An -secure sketch is a pair of
amplification.
randomized procedures, “sketch” ( ) and “recover” ( ),
2. Preliminaries with the following properties:
(i) The sketching procedure on input returns
We repeat some fundamental definitions and conclusions in a bit string . The recovery procedure takes
this section. Random variables are denoted by capital letter,
an element and a bit string .
10 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010
(ii) Correctness: Because is an arbitrary constant, we take it big
If , then . enough such that is approximately 1, take limit
(iii) Security: For any distribution over , with , and obtain
if , then . ,
Definition 2. An -fuzzy extractor is a pair with probability approximately 1.
of randomized procedures, “generate” ( ) and Let , if is distributed uniformly, then
“reproduce” ( ), with the following properties: , ,
(i) The generation procedure on input .
outputs an extracted string and a helper string Therefore, the lemma1 is a special case of Theorem1.
.The reproduction procedure takes an Lemma2. Let be a constant, then
element and a bit string as inputs.
(ii) Correctness: If and with probability at least .
, then . Proof. From
(iii) Security: For any distribution over , if ,
and , then we have , ,
. .
From (1), it follows
3. The Effect of Public String on Extracted
String and the Size of Extracted String So
In the following two theorems, we give the relationship ,
between the entropy loss and the public string in a fuzzy with probability at least .
extractor. Because the inequality holds for each , we have
Theorem 1. In an -fuzzy extractor, let
be a random variable with alphabet , be a deterministic ,
function of , and with alphabet . Then with with probability at least .
probability approximately 1, we have Theorem2. Let be the same as theorem1,
.
be an arbitrary constant. Then for
Proof. We first consider the entropy loss of the Rényi
entropy of order . Since is a deterministic
function of , and , it follows that
with probability at least .
Proof. From

and Lemma2, we have

Interpreting as a function of , the
equation above is equivalent to with probability at least .
The variance of is

or
.
Let be an arbitrary constant,

.
From (1), we have
By chebychef inequality, we have
,
or and

with probability at least .

Divide by and obtain ,
with probability at least
 (IJCNS) International Journal of Computer and Network Security, 11
Vol. 2, No. 10, 2010
.
Combined with theorom1, it follows that
Acknowledgement
with probability at least . This work is supported by the National Natural Science
In the following theorem, we obtain the relationship Foundation of China under Grants 60973134, 60773175, the
between the size of extracted string and the public string Foundation of National Laboratory for Modern
Communications under Grant 9140c1108010606, and the
in a fuzzy extractor.
Natural Science Foundation of Guangdong Province under
Theorem 3. In a fuzzy extractor
Grants 10351806001000000 and 9151064201000058.
constructed from secure sketch and pair-
independent hashing based strong extractor , References
the length of extracted string satisfies
[1] X. Boyen, “Reusable cryptographic fuzzy extractors,”
In Eleventh ACM Conference on Computer and
with probability approximately 1. Communication Security. ACM, October 25-29 2004.
Further, let be two constants, satisfy , 82-91.
, then the length of extracted string [2] X. Boyen, Y. Dodis, J. Katz, Ostrovsky R. and A.
Smith, “Secure remote authentication using biometric
satisfies data,” In Advances in Cryptology-EUROCRYPT 2005,
Ronald Cramer, editor, Lecture Notes in Computer
Science 3494, Springer-Verlag, 2005, 147-163.
Proof. From [1], we have [3] C. Cachin, U. M. Maurer, “Linking information
. reconciliation and privacy amplification,”
EUROCRYPT’94, Lecture Notes in Computer Science,
From theorem1, it follows Vol. 950, Springer-Verlag, 1995, 266-274.
[4] C. Cachin,“Smooth entropy and Rényi entropy,” In
EUROCRYPT’97, Lecture Notes in Computer Science,
Springer Verlag, 1997, 193-208.
[5] R. Cramer, Y. Dodis, S. Fehr, C. Padró and D. Wichs,
Let , we have “Detection of Algebraic Manipulation with
Applications to Robust Secret Sharing and Fuzzy
with probability approximately 1. Extractors,” Adv. in Cryptology- EUROCRYPT 2008,
Lecture Notes in Computer Science 4965, Springer
If be two constants, satisfy , and
Berlin,2008, 471-488.
, then from [6] Y. Dodis, L. Reyzin and A. Smith, “Fuzzy Extractors:
How to Generate Strong Keys from Biometrics and
Other Noisy Data,” Adv. in Cryptology- Eurocrypt
and theorem2, we have 2004, Lecture Notes in Computer Science 3027,
Springer-Verlag, 2004, 523-540.
[7] Y. Dodis, J. Katz, L. Reyzin and A. Smith, “Robust
. Fuzzy Extractors and Authenticated Key Agreement
from Close Secrets,” In Advances in Cryptology-
Let , we have CRYPTO’06, volume 4117 of Lecture Notes in
Computer Science. Springer, 2006, 232-250.
[8] Bo Yang, Tong Zhang, Changxing Pei, “The effect of
side information on smooth entropy,” Journal of
with probability at least . Discrete Applied Mathematics, 136(2004), 151-157.
From theorem3, we have
Yang Bo received the B. S. degree from Peking University,
Beijing, China, in 1986, and the M. S. and Ph. D. degrees from
Therefore, for a fuzzy extractor to extract a uniformly Xidian University, China, in 1993 and 1999, respectively. From
July1986 to July 2005, he had been at Xidian University, from
distributed string with some length from a noisy input, it is
2002, he had been a professor of National Key Lab. of ISN in
necessary that the entropy of public string must be smaller Xidian University, supervisor of Ph.D. He has served as a Program
than some value, and the smaller the entropy of public Chair for the fourth China Conference on Information and
string, the longer the uniformly distributed string extracted Communications Security (CCICS'2005) in May 2005, vice-chair
by a fuzzy extractor. for ChinaCrypt'2009 in Nov. 2009, and general chair for the Fifth
Joint Workshop on Information Security (JWIS 2010), in Aug.
2010. He is currently dean, professor and supervisor of Ph.D. at
College of Informatics and College of Software, South China
12 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 10, 2010
Agricultural University. His research interests include information
theory and cryptography.

Li Ximing received the B.A. degree from the Shandong University

of Technology, Jinan, Shandong, China, in 1996 and M. E. degree
from Jinan University, Guangzhou, China, in 2005. He is currently
a candidate of Ph.D. degree in College of Informatics, South China
Agricultural University, His research interests include information
theory and cryptography.

Zhang Wenzheng received the B. S. degree and the M. S. degree

from University of Electronic Science and Technology of China, in
1988 and 1991, respectively. He is currently general engineer at
National Laboratory for Modern Communications.