Fuzzy Vector Signature and Its Application to Privacy-Preserving Authentication

Abstract

Fuzzy authentication uses non-deterministic or noisy data, like biometrics, as an authentication factor. Although the data is extracted from the same individual or source, it can be different for each measurement. As a result, one of the main issues in fuzzy authentication is the effective processing of the fuzziness, while guaranteeing the privacy of the fuzzy data. Biometric data is a typical user-generated fuzzy data and the fuzzy extractor is one of the most promising primitives for biometric authentication these days. In 2016, Canetti et al. proposed the reusable fuzzy extractor, in which multiple keys can be generated with the same biometric data. It can also handle some outliers which occur unexpectedly (owing to an external interference when acquiring the fuzzy data, for example, the presence of dust on a fingerprint image). However, the size of the user's helper data in the reusable fuzzy extractor is quite large. This makes the network bandwidth usage required in the online authentication phase (or the storage required on the user side) considerable, which inconveniences the user. In this paper, we present a new primitive for fuzzy authentication, called a fuzzy vector signature (FVS) scheme, which significantly alleviates the burden on the user side. This means that the network bandwidth usage (or the amount of storage required on the user side) is significantly reduced. The proposed FVS scheme is reusable and robust to outliers as well. Finally, we provide a privacy-preserving fuzzy authentication protocol based on the FVS scheme.