Many real-world systems rely on passwords, biometrics or other low-entropy keys for user authentication. In the case of passwords, the general user population produces passwords having an average entropy of about 20 bits. Biometrics also exhibit similarly low entropy. For example, even a high-resolution fingerprint reader has a false acceptance rate on the order of 1:1,000,000, implying less than 20 bits of entropy.
In typical online settings, an authentication server can supplement such low-entropy keys with contextual information to strengthen access-control decisions and can throttle guessing attempts by an adversary. Thus, low-entropy keys often provide adequate security in such settings. However, low-entropy keys are also used to control access to protected resources in offline settings that do not include enhanced protections of the type described above. For example, such keys may be used in encryption applications such as encryption of password vaults, documents, signing keys and other types of information. In the case of a password vault, the vault stores multiple passwords in encrypted form using a master password. Compromise of the master password gives the attacker immediate access to multiple valid passwords stored in the vault. Similar security issues can arise in other encryption contexts.
Accordingly, a need exists for encryption and decryption techniques that can provide improved security in a variety of different contexts, and particularly when utilizing low-entropy keys.