A fuzzy extractor (FE) enables reproducible generation of high-quality randomness from noisy inputs having sufficient min-entropy. FEs have been proposed for deriving cryptographic keys from biometric data. FEs rely in their operation on a public "helper string" that is guaranteed not to leak too much information about the original input. Unfortunately, this guarantee may not hold when multiple independent helper strings are generated from correlated inputs; reusable FEs are needed in that case. Although the notion of reusable FEs was introduced in 2004, it has received little attention since then. In this paper, we first analyze an FE proposed by Fuller et al. (Asiacrypt 2013) based on the learning-with-errors (LWE) assumption, and show that it is not reusable. This is interesting as the first natural example of a non-reusable FE. We then show how to adapt their construction to obtain reusable FEs. Of independent interest, we show a generic technique for strengthening the notion of reusability achieved by an FE in the random-oracle model.
展开▼
