In present-day society, information is predominantly stored in a digital manner. Digital data can be reproduced, transmitted and stored in a simple manner and thus provides great ease of use. However, this ease of use also entails a potential privacy and security risk in the form of access by unauthorized parties. In order to cope with privacy and security issues, valuable information is often encrypted.
Encryption effectively forms a barrier that blocks unauthorized persons from accessing the information while allowing authorized persons to access the information. When encrypting information, data is generally encrypted by means of an encryption key resulting in encrypted data. In order to provide security, the encrypted data should not provide an outsider with information regarding the original data. In order to recover the data from the encrypted data, it needs to be decrypted by means of a decryption key corresponding to the encryption key.
Most encryption schemes use keys to encrypt and decrypt information. Data is encrypted by means of an encryption key and the encrypted data is decrypted by means of a decryption key. Two different types of encryption can be distinguished: symmetric encryption, wherein both the encryption and decryption key are the same, and asymmetric encryption, wherein the encryption and decryption keys differ. Although the encryption and decryption keys in asymmetric cryptography are different, they form a pair of keys, hereinafter referred to as “key pair”, and use of other keys in combination with either the encryption or the decryption key will result in loss of data.
A relatively new trend is the use of biometric data as a source of key information in cryptography. Biometric data is derived from preferably unique physical features of an individual that are preferably stable over time. Examples of biometric modalities that are often used for access control are modalities such as fingerprints, palm prints, iris images, and facial characteristics. Biometric data is often used to provide individual access control.
Apart from the fact that the physical features of an individual may change, biometrics derived from such physical characteristics are acquired through measurement and/or detection. As a result, biometrics are often noisy. This noise may result from e.g. acquisition noise, the use of different sensors, different environmental conditions, and/or minor changes in the physical features of the individual. In order to reduce noise and derive more robust and more discerning data, there is a trend to derive feature vectors from the biometric measurement(s). However, feature vectors still exhibit a considerable variation and are thus inappropriate for use as key information. There has therefore been much research in order to derive robust keys from noisy data in biometrics.
“Fuzzy identity-based encryption” by A. Sahai and B. Waters published in Proceedings of EUROCRYPT, 2005 discloses a different approach that uses noisy data as a key in an Identity Based Cryptosystem. This particular scheme has the disadvantage that the noisy encryption key used to encrypt the data is also required for decrypting the encrypted data.