A Signature Scheme with a Fuzzy Private Key

Takahashi, Kazutoshi; Matsuda, Takahiro; Murakami, Takao; Hanaoka, Goichiro; Nishigaki, Masakatsu

doi:10.1007/978-3-319-28166-7_6

Cited by 22 publications

(43 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The rest of the paper is organized as follows: -In Sect. 1.5, we explain the relations between this paper and our earlier papers [19,33]. -In Sect.…”

Section: Paper Organizationmentioning

confidence: 71%

“…As the information society grows rapidly, the public key infrastructure (PKI) plays a more significant role as an infrastructure for managing digital certificates. It is also expected This is the merged full version of the earlier papers that appeared in the proceedings of ACNS 2015 [33] and the proceedings of ACNS 2016 [19]. 1 Hitachi Ltd., Yokohama, Japan 2 National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan 3 Shizuoka University, Hamamatsu, Japan to be widely used for personal use such as national IDs and e-government services.…”

Section: Background and Motivationmentioning

confidence: 99%

“…This paper is the merged full version of our earlier papers [19,33]. Here, we first explain the overview of these papers and then clarify the correspondences of the contents between this paper and [19,33] and the additional contributions from them. (The reader who has not read our earlier papers [19,33] could skip this subsection.…”

Section: Relation To Earlier Versionsmentioning

confidence: 99%

See 2 more Smart Citations

Signature schemes with a fuzzy private key

Takahashi

Matsuda

Murakami

et al. 2019

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

In this paper, we introduce a new concept of digital signature that we call fuzzy signature, which is a signature scheme that uses a noisy string such as biometric data as a private key, but does not require user-specific auxiliary data (which is also called a helper string in the context of fuzzy extractors), for generating a signature. Our technical contributions are threefold:(1) we first give the formal definition of fuzzy signature, together with a formal definition of a "setting" that specifies some necessary information for fuzzy data. (2) We give a generic construction of a fuzzy signature scheme based on a signature scheme that has certain homomorphic properties regarding keys and satisfies a kind of related key attack security with respect to addition, and a new tool that we call linear sketch. (3) We specify two concrete settings for fuzzy data, and for each of the settings give a concrete instantiation of these building blocks for our generic construction, leading to two concrete fuzzy signature schemes. We also discuss how fuzzy signature schemes can be used to realize a biometric-based PKI that uses biometric data itself as a cryptographic key, which we call the public biometric infrastructure.

show abstract

“…The rest of the paper is organized as follows: -In Sect. 1.5, we explain the relations between this paper and our earlier papers [19,33]. -In Sect.…”

Section: Paper Organizationmentioning

confidence: 71%

Section: Background and Motivationmentioning

confidence: 99%

Section: Relation To Earlier Versionsmentioning

confidence: 99%

See 1 more Smart Citation

Signature schemes with a fuzzy private key

Takahashi

Matsuda

Murakami

et al. 2019

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The concept of fuzzy signature was proposed in [37]. It uses biometric data as private key, such as iris scan and fingerprint, to generate the signature.…”

Section: A Fuzzy Signaturementioning

confidence: 99%

Data Integrity Auditing without Private Key Storage for Secure Cloud Storage

Shen

Qin

et al. 2021

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Using cloud storage services, users can store their data in the cloud to avoid the expenditure of local data storage and maintenance. To ensure the integrity of the data stored in the cloud, many data integrity auditing schemes have been proposed. In most, if not all, of the existing schemes, a user needs to employ his private key to generate the data authenticators for realizing the data integrity auditing. Thus, the user has to possess a hardware token (e.g. USB token, smart card) to store his private key and memorize a password to activate this private key. If this hardware token is lost or this password is forgotten, most of the current data integrity auditing schemes would be unable to work. In order to overcome this problem, we propose a new paradigm called data integrity auditing without private key storage and design such a scheme. In this scheme, we use biometric data (e.g. iris scan, fingerprint) as the user's fuzzy private key to avoid using the hardware token. Meanwhile, the scheme can still effectively complete the data integrity auditing. We utilize a linear sketch with coding and error correction processes to confirm the identity of the user. In addition, we design a new signature scheme which not only supports blockless verifiability, but also is compatible with the linear sketch. The security proof and the performance analysis show that our proposed scheme achieves desirable security and efficiency.

show abstract

“…Fuzzy signature uses the user's biometric data as a signing key. The concept of fuzzy signature was first proposed by Takahashi et al in [39] and has since been improved by relaxing the requirements for construction or increasing efficiency [40]. However, all the fuzzy signature schemes proposed so far are not robust since the user's biometric data can be directly recovered from the (public) verification key or signature [41].…”

Section: Related Workmentioning

confidence: 99%

Construction of a New Biometric-Based Key Derivation Function and Its Application

Seo

Park

Kim

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Biometric data is user-identifiable and therefore methods to use biometrics for authentication have been widely researched. Biometric cryptosystems allow for a user to derive a cryptographic key from noisy biometric data and perform a cryptographic task for authentication or encryption. The fuzzy extractor is known as a prominent biometric cryptosystem. However, the fuzzy extractor has a drawback in that a user is required to store user-specific helper data or receive it online from the server with additional trusted channel, to derive a correct key. In this paper, we present a new biometric-based key derivation function (BB-KDF) to address the issues. In our BB-KDF, users are able to derive cryptographic keys solely from their own biometric data: users do not need any other user-specific helper information. We introduce a security model for the BB-KDF. We then construct the BB-KDF and prove its security in our security model. We then propose an authentication protocol based on the BB-KDF. Finally, we give experimental results to analyze the performance of the BB-KDF. We show that our proposed BB-KDF is computationally efficient and can be deployed on many different kinds of devices.

show abstract

A Signature Scheme with a Fuzzy Private Key

Cited by 22 publications

References 16 publications

Signature schemes with a fuzzy private key

Signature schemes with a fuzzy private key

Data Integrity Auditing without Private Key Storage for Secure Cloud Storage

Construction of a New Biometric-Based Key Derivation Function and Its Application

Contact Info

Product

Resources

About