Fuzzy Extractors are Practical: Cryptographic Strength Key Derivation from the Iris

Sohaib Ahmad; Sixia Chen; Luke Demarest; Benjamin Fuller; Caleb Manicke; Alexander Russell; Amey Shukla

Paper 2024/100

Fuzzy Extractors are Practical: Cryptographic Strength Key Derivation from the Iris

Sohaib Ahmad

, University of Connecticut

Sixia Chen, Adelphi University

Luke Demarest

, Gonzaga University

Benjamin Fuller

, University of Connecticut

Caleb Manicke

, University of Connecticut

Alexander Russell

, University of Connecticut

Amey Shukla

, University of Connecticut

Abstract

Despite decades of effort, a chasm existed between the theory and practice of device-level biometric authentication. Deployed authentication algorithms rely on data that overtly leaks private information about the biometric; thus systems rely on externalized security measures such as trusted execution environments. The authentication algorithms have no cryptographic guarantees. We close this chasm. We introduce a key derivation system with 105 bits of entropy and a 91% true accept rate for the iris. Our system advances 1) the feature extraction from the iris and 2) the fuzzy extractor used to derive keys. The fuzzy extractor builds on sample-then-lock (Canetti et al., Journal of Cryptology 2021). We 1) Introduce a new method of sampling that achieves a better TAR versus entropy tradeoff when features have different quality, 2) Correct their security proof, showing the minimum of min-entropy of subsets is the relevant security measure, and 3) Tighten their concrete analysis, nearly doubling security under reasonable assumptions. Our final feature extractor incorporates ideas from the new sampling method to produce features optimized for the sample-then-lock construction. The only statistical assumption needed to show security of our system is necessary: the accuracy of min-entropy estimation. Our quantitive level of security is well above prior work. Simhadri et al. (ISC, 2019) report $32$ bits on the iris, but they have a bug in their analysis (that we fix) that reduces their strength. Zhang et al.'s (ePrint 2021/1559) system achieves $45$ bits on the face but assumes independence between biometrics and the used error-correcting code, an assumption that cannot be easily verified. Other prior work assumes that bits of biometrics are i.i.d., an assumption that is demonstrably false. (Or that all correlation is pairwise between features (Hine et al., TIFS 2023).) Irises used to evaluate TAR and security are class disjoint from those used for training and collecting statistics (the open dataset regime).

Note: Completely new results and new title to suit the 60 bit improvement in security over the last version.

Metadata

Available format(s): PDF
Category: Applications
Publication info: Preprint.
Keywords: biometrics fuzzy extractors iris feature extractors
Contact author(s): sohaib ahmad @ uconn edu
chensixia09 @ gmail com
onlylukejohnson @ gmail com
benjamin fuller @ uconn edu
caleb manicke @ uconn edu
acr @ uconn edu
amey shukla @ uconn edu
History: 2025-04-15: last of 5 revisions; 2024-01-22: received; See all versions
Short URL: https://ia.cr/2024/100
License: CC BY

BibTeX

@misc{cryptoeprint:2024/100,
      author = {Sohaib Ahmad and Sixia Chen and Luke Demarest and Benjamin Fuller and Caleb Manicke and Alexander Russell and Amey Shukla},
      title = {Fuzzy Extractors are Practical: Cryptographic Strength Key Derivation from the Iris},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/100},
      year = {2024},
      url = {https://eprint.iacr.org/2024/100}
}