Reusable Fuzzy Extractor from Isogeny-Based Assumptions
Abstract
1. Introduction
1.1. Fuzzy Extractor and Reusable Fuzzy Extractor
1.1.1. Fuzzy Extractor
1.1.2. Reusable Fuzzy Extractor
1.2. Isogeny-Based Cryptography and Isogeny-Based Assumptions
1.2.1. Linear Hidden Shift Assumption
1.2.2. Group Action Decisional Diffie–Hellman Assumption
Is it feasible to construct an RFE utilizing either the LHS assumption or the GA-DDH assumption?
1.3. Our Contributions
- –
- First, we extend the assumption to the assumption via a hybrid argument. Similar to [13], we redefine the reusable fuzzy extractor and introduce an extra initialization algorithm to make it more adaptable to isogeny-based assumptions.
- –
- We give two constructions of RFE from isogeny-based assumptions. Our first construction is the first reusable fuzzy extractor based on the LHS assumption over isogeny-based group actions. Our second construction is the first reusable fuzzy extractor built upon the GA-DDH assumption. Furthermore, we instantiate both constructions based on specific instances of the underlying building blocks.
- –
- Both of our constructions are straightforward and resilient to the linear proportion of errors. In addition, compared with some previous works on reusable fuzzy extractor, our constructions impose no additional requirements (i.e., homomorphism or key-offset security) on the building blocks.
1.4. Challenges and Our Approaches
1.4.1. Construction 1: RFE from LHS Assumption
1.4.2. Construction 2: RFE from GA-DDH Assumption
2. Preliminaries
2.1. Basic Notation
2.2. Metric Spaces
2.3. Min-Entropy and Statistical Distance
2.4. Universal Hashing
2.5. Secure Sketch and Average-Case Strong Extractor
- –
- takes as input and outputs a sketch ;
- –
- takes and a sketch as input and outputs .
- –
- Correctness: If , then
- –
- Security: For any distribution W over ,
2.6. Group Action, LHS Assumption, and GA-DDH Assumption
- 1.
- Identity: For the identity element e of , for all ;
- 2.
- Compatibility: For all and , we have .
- 1.
- Abelian: The group is abelian;
- 2.
- Transitive: For any , there is a group element satisfying ;
- 3.
- Free: A group element is the identity element if for some .
- 1.
- is a finite group, and efficient algorithms are available for membership testing, equality testing, random sampling, group operation, and inversion;
- 2.
- is a finite set, and known algorithms efficiently handle membership testing and compute the unique bit-string representation for every element in ;
- 3.
- There is a distinguished element , known as the origin, whose bit-string representation is available;
- 4.
- For any and , efficient algorithms can compute .
- 1.
- The finite group is generated by a set , and ;
- 2.
- The set is finite, and known algorithms efficiently handle membership testing and compute the unique bit-string representation for every element in ;
- 3.
- There exists a distinguished element called the origin whose bit-string representation is known;
- 4.
- There exists an efficient algorithm that, when given in the generating set and any , outputs and where .
3. Reusable Fuzzy Extractor
3.1. Definition of Reusable Fuzzy Extractor
- –
- inputs the security parameter λ and generates a ;
- –
- takes and an element from the set as input, and then generates the initial public string ;
- –
- takes , , and as input and generates a public helper string and an extracted string ;
- –
- takes the , , , and as input, and then returns .
- –
- For with , , if , , , , then ;
- –
- For any distribution W over metric space satisfying and for any adversary , the following holds
3.2. Construction of RFE from LHS Assumption
- –
- An -secure sketch SS = , where .
- –
- An EGA equipped with , which outputs .
- –
- A family of universal hash functions , as defined in Equation (3). Let such that .
- Challenger selects , samples , and then calls to generate and sets crs:=(pp, ); it sends to .
- selects according to W, calculates , and then sets , returning to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , calculates , , and then samples , ; it calculates and sets ; if , ; otherwise, , and it returns to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
- 2.
- chooses according to W, calculates , , and then sets , returning to .
- 3.
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , and then samples , , calculates , and sets ; if , ; otherwise, , and it returns to .
- 2.
- chooses according to W, calculates , , and then sets , returning to .
- Algorithm samples , calls to generate , sets crs:=(pp, ), and returns to .
- sets and and sends to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , samples , , calculates , and sets if , ; otherwise, , and it returns to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
- 3.
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for ., sets , samples , , and , sets , and sets ; if , ; otherwise, , and it returns to .
- Algorithm parses , and , selects , samples , and then calls to generate , setting crs:=(pp, ) and sending to .
- chooses according to W, calculates , and then sets , returning to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets and , , and sets ; if , ; otherwise, , returning to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
3.3. Construction of RFE from GA-DDH Assumption
- –
- An -secure sketch SS = .
- –
- A REGA equipped with , which outputs with order .
- –
- An average-case -strong extractor. Let such that .
- –
- A family of universal hash functions (While our GA-DDH-based construction requires the seed of the universal hash function to be sampled with high min-entropy (ideally uniformly at random), the design is tolerant to minor imperfections due to the entropy gap between the source and the output. However, for practical implementations, we recommend using a cryptographically secure pseudo-random number generator or high-entropy physical source to ensure robust security).
- Challenger selects , samples , and then calls to generate , selecting , , setting crs:=(pp, k, x, ), and returning to .
- chooses according to W, calculates , and then sets , returning to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , computes , , and , samples , computes , and then calculates , setting ; if , ; otherwise, , and it returns to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
- 2.
- chooses according to W, calculates , , , and then sets , returning to .
- 3.
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , , samples , computes , and then calculates , setting ; if , ; otherwise, , returning to .
- 2.
- chooses according to W, calculates , , , and then sets , returning to .
- Algorithm selects , samples , and then calls to generate ; it samples , sets crs:=(pp, k, x, ), and returns to .
- sets , , , and returns to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , , samples , computes , , and sets ; if , ; otherwise, , returning to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
- 2.
- chooses according to W, calculates , , , and then sets , returning to .
- 3.
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , , samples , computes , samples , and then calculates , setting ; if , ; otherwise, , returning to .
- Challenger selects , samples , and then calls to generate , selecting and ; then, it sets crs:=(pp, k, x, ) and returns to .
- chooses according to W, calculates , , , sets , and returns to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , , samples , computes . If , samples , and then sets ; otherwise, it sets . Then, it sets ; if , ; otherwise, , returning to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, the outputs 0.
- Algorithm selects , samples , and then calls to generate ; it samples , sets crs:=(pp, k, x, ), and sends to .
- chooses according to W, calculates and , implicitly sets , and then sets , returning to .
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets , implicitly sets , samples , and computes . If , it samples and sets ; if , it sets , ; if , it sets . Then, it sets ; if , ; otherwise, , returning to .
- finally outputs a guessing bit ; when , the game outputs 1; otherwise, it outputs 0.
- 3.
- may request up to queries from the generation oracle. Upon obtaining an offset satisfying for , sets and , samples , computes , samples , and then sets , setting ; if , ; otherwise, , returning to .
4. Instantiation
4.1. Instantiation of Building Blocks
4.1.1. Syndrome-Based Secure Sketch
- –
- ;
- –
- .
4.1.2. Universal Hash Functions and Strong Extractor
4.1.3. (Restricted) Effective Group Action
- EGA from CSI-FiSh. As stated in [13], we can derive a regular and abelian effective group action (EGA) from isogeny via CSI-FiSh, which precomputes the group structure of CSIDH-512 (to optimize sampling from the ideal class group , one can precompute its group structure, typically making cyclic. Uniform sampling from then becomes efficient. Sampling from can be realized by applying a random group element to a fixed representative, leveraging the regularity of the group action. This strategy is used in prior isogeny-based works such as CSI-FiSh.).
- , where p specifies the prime field, N denotes the order of the ideal class group , is a generator of , and is the base elliptic curve defined by .
- Define , , and set the origin . The group supports efficient group operations, including equality checking, random sampling, addition, and inversion.
- REGA from CSIDH. As stated in [41], let p be a large prime of the form , where each is a small distinct odd prime. We consider the elliptic curve over , which is supersingular. The endomorphism ring of this curve over is , where is the Frobenius endomorphism. is the set of elliptic curves defined over whose endomorphism ring is . The ideal class group acts on this set, which is formalized by a map.
4.2. Instantiations of Our Construction 1 and Construction 2
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Dodis, Y.; Reyzin, L.; Smith, A.D. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Advances in Cryptology—EUROCRYPT 2004, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004; Cachin, C., Camenisch, J., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2004; Volume 3027, pp. 523–540. [Google Scholar] [CrossRef]
- Tan, J.; Bauer, L.; Bonneau, J.; Cranor, L.F.; Thomas, J.; Ur, B. Can Unicorns Help Users Compare Crypto Key Fingerprints? In Proceedings of the CHI’17: 2017 CHI Conference on Human Factors in Computing Systems, Denver, CO, USA, 6–11 May 2017; Association for Computing Machinery: New York, NY, USA, 2017; pp. 3787–3798. [Google Scholar] [CrossRef]
- Yoon, S.; Jain, A.K. Longitudinal study of fingerprint recognition. Proc. Natl. Acad. Sci. USA 2015, 112, 8555–8560. [Google Scholar] [CrossRef] [PubMed]
- Gao, Y.; Al-Sarawi, S.F.; Abbott, D. Physical unclonable functions. Nat. Electron. 2020, 3, 81–91. [Google Scholar] [CrossRef]
- Lu, H.; Liscidini, M.; Gaeta, A.L.; Weiner, A.M.; Lukens, J.M. Frequency-bin photonic quantum information. Optica 2023, 10, 1655–1671. [Google Scholar] [CrossRef]
- Boyen, X. Reusable cryptographic fuzzy extractors. In Proceedings of the CCS 2004, 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, 25–29 October 2004; Atluri, V., Pfitzmann, B., McDaniel, P.D., Eds.; ACM: New York, NY, USA, 2004; pp. 82–91. [Google Scholar] [CrossRef]
- Canetti, R.; Fuller, B.; Paneth, O.; Reyzin, L.; Smith, A.D. Reusable fuzzy extractors for low-entropy distributions. In Advances in Cryptology—EUROCRYPT 2016, Proceedings of the 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, 8–12 May 2016; Fischlin, M., Coron, J., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2016; Volume 9665, pp. 117–146. [Google Scholar] [CrossRef]
- Wen, Y.; Liu, S.; Han, S. Reusable fuzzy extractor from the decisional Diffie-Hellman assumption. Des. Codes Cryptogr. 2018, 86, 2495–2512. [Google Scholar] [CrossRef]
- Wen, Y.; Liu, S. Reusable fuzzy extractor from LWE. In Proceedings of the ACISP 2018, Wollongong, Australia, 11–13 July 2018; Susilo, W., Yang, G., Eds.; LNCS. Springer: Berlin/Heidelberg, Germany, 2018; Volume 10946, pp. 13–27. [Google Scholar] [CrossRef]
- Wen, Y.; Liu, S. Robustly reusable fuzzy extractor from standard assumptions. In Advances in Cryptology—ASIACRYPT 2018, Proceedings of the 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, Australia, 2–6 December 2018; Peyrin, T., Galbraith, S., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2018; Volume 11274, pp. 459–489. [Google Scholar] [CrossRef]
- Wen, Y.; Liu, S.; Gu, D. Generic constructions of robustly reusable fuzzy extractor. In Public-Key Cryptography—PKC 2019, Proceedings of the 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Beijing, China, 14–17 April 2019; Lin, D., Sako, K., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2019; Volume 11443, pp. 349–378. [Google Scholar] [CrossRef]
- Li, Y.; Liu, S.; Gu, D.; Chen, K. Reusable fuzzy extractor based on the LPN assumption. Comput. J. 2020, 63, 1826–1834. [Google Scholar] [CrossRef]
- Zhou, Y.; Liu, S.; Han, S. Robustly Reusable Fuzzy Extractor from Isogeny. Theor. Comput. Sci. 2024, 1008, 114677. [Google Scholar] [CrossRef]
- Zhou, Y.; Liu, S.; Han, S. Reusable Fuzzy Extractor from Isogeny. In Proceedings of the International Conference on Provable Security, Gold Coast, Australia, 25–27 September 2024; Liu, J.K., Chen, L., Sun, S., Liu, X., Eds.; LNCS. Springer: Berlin/Heidelberg, Germany, 2024; Volume 14904, pp. 246–256. [Google Scholar] [CrossRef]
- Beullens, W.; Kleinjung, T.; Vercauteren, F. CSI-FiSh: Efficient isogeny based signatures through class group computations. In Advances in Cryptology—ASIACRYPT 2019, Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 8–12 December 2019; Galbraith, S., Moriai, S., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2019; Volume 11921, pp. 227–247. [Google Scholar] [CrossRef]
- Bernstein, D.J.; Lange, T. Post-quantum cryptography. Nature 2017, 549, 188–194. [Google Scholar] [CrossRef] [PubMed]
- Dam, D.; Tran, T.; Hoang, V.; Pham, C.; Hoang, T. A survey of post-quantum cryptography: Start of a new race. Cryptography 2023, 7, 40. [Google Scholar] [CrossRef]
- Liu, H.; Wang, X.; Yang, K.; Yu, Y. The hardness of LPN over any integer ring and field for PCG applications. In Advances in Cryptology—EUROCRYPT 2024, Proceedings of the 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zurich, Switzerland, 26–30 May 2024; Joye, M., Leander, G., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2024; pp. 149–179. [Google Scholar] [CrossRef]
- Rosca, M.; Stehlé, D.; Wallet, A. On the ring-LWE and polynomial-LWE problems. In Advances in Cryptology – EUROCRYPT 2018, Proceedings of the 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, 29 April–3 May 2018; Nielsen, J., Rijmen, V., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2018; Volume 10820, pp. 146–173. [Google Scholar] [CrossRef]
- Peikert, C. A decade of lattice cryptography. Found. Trends® Theor. Comput. Sci. 2016, 10, 283–424. [Google Scholar] [CrossRef]
- Alamati, N.; De Feo, L.; Montgomery, H.; Patranabis, S. Cryptographic group actions and applications. In Advances in Cryptology—ASIACRYPT 2020, Proceedings of the 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, Republic of Korea, 7–11 December 2020; Moriai, S., Wang, H., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2020; Volume 12492, pp. 411–439. [Google Scholar] [CrossRef]
- De Feo, L.; Fouotsa, T.B.; Panny, L. Isogeny problems with level structure. In Advances in Cryptology—EUROCRYPT 2024, Proceedings of the 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zurich, Switzerland, 26–30 May 2024; Joye, M., Leander, G., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2024; Volume 14657, pp. 181–204. [Google Scholar] [CrossRef]
- Leroux, A. A new isogeny representation and applications to cryptography. In Advances in Cryptology–ASIACRYPT 2022, Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 5–9 December 2022; Agrawal, S., Lin, D., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2022; Volume 13792, pp. 3–35. [Google Scholar] [CrossRef]
- Jao, D.; De Feo, L. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In Post-Quantum Cryptography, Proceedings of the PQCrypto 2011, Taipei, Taiwan, 29 November–2 December 2011; Yang, B.Y., Ed.; LNCS; Springer: Berlin/Heidelberg, Germany, 2011; Volume 7071, pp. 19–34. [Google Scholar] [CrossRef]
- Castryck, W.; Decru, T. An efficient key recovery attack on SIDH. In Advances in Cryptology—EUROCRYPT 2023, Proceedings of the 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, 23–27 April 2023; Hazay, C., Stam, M., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2023; Volume 14008, pp. 423–447. [Google Scholar] [CrossRef]
- Fouotsa, T.B.; Petit, C. A new adaptive attack on SIDH. In Topics in Cryptology—CT-RSA 2022, Proceedings of the RSA Conference 2022, Virtual, 1–2 March 2022; Galbraith, S.D., Ed.; LNCS; Springer: Berlin/Heidelberg, Germany, 2022; Volume 13161, pp. 322–344. [Google Scholar] [CrossRef]
- Basso, A.; Fouotsa, T.B. New SIDH countermeasures for a more efficient key exchange. In Advances in Cryptology—ASIACRYPT 2023, Proceedings of the 29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, 4–8 December 2023; Guo, J., Steinfeld, R., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2023; Volume 14445, pp. 208–233. [Google Scholar] [CrossRef]
- Castryck, W.; Lange, T.; Martindale, C.; Panny, L.; Renes, J. CSIDH: An efficient post-quantum commutative group action. In Advances in Cryptology—ASIACRYPT 2018, Proceedings of the 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, Australia, 2–6 December 2018; Peyrin, T., Galbraith, S., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2018; Volume 11274, pp. 395–427. [Google Scholar] [CrossRef]
- Alamati, N.; Malavolta, G.; Rahimi, A. Candidate trapdoor claw-free functions from group actions with applications to quantum protocols. In Theory of Cryptography, Proceedings of the 20th International Conference, TCC 2022, Chicago, IL, USA, 7–10 November 2022; Kiltz, E., Vaikuntanathan, V., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2022; Volume 13747, pp. 266–293. [Google Scholar] [CrossRef]
- Alamati, N.; Patranabis, S. Cryptographic Primitives with Hinting Property. J. Cryptol. 2024, 37, 21. [Google Scholar] [CrossRef]
- Stolbunov, A. Cryptographic Schemes Based on Isogenies. Ph.D. Thesis, Norwegian University of Science and Technology, Trondheim, Norway, 2012. [Google Scholar]
- Castryck, W.; Sotáková, J.; Vercauteren, F. Breaking the decisional Diffie-Hellman problem for class group actions using genus theory. In Advances in Cryptology—CRYPTO 2020, Proceedings of the 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, 17–21 August 2020; Micciancio, D., Ristenpart, T., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2020; Volume 12171, pp. 92–120. [Google Scholar] [CrossRef]
- Lyu, Y.; Liu, S.; Han, S. Universal composable password authenticated key exchange for the post-quantum world. In Advances in Cryptology—EUROCRYPT 2024, Proceedings of the 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zurich, Switzerland, 26–30 May 2024; Joye, M., Leander, G., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2024; Volume 10820, pp. 120–150. [Google Scholar] [CrossRef]
- Lai, Y. CAPYBARA and TSUBAKI: Verifiable random functions from group actions and isogenies. Cryptology ePrint Archive. 2023. Volume 1. Available online: https://cic.iacr.org/p/1/3/1 (accessed on 1 July 2025). [CrossRef]
- Heimberger, L.; Hennerbichler, T.; Meisingseth, F.; Ramacher, S.; Rechberger, C. OPRFs from isogenies: Designs and analysis. In Proceedings of the ASIA CCS ’24: 19th ACM Asia Conference on Computer and Communications Security, Singapore, 1–5 July 2024; Association for Computing Machinery: New York, NY, USA, 2024; pp. 575–588. [Google Scholar] [CrossRef]
- Duman, J.; Hartmann, D.; Kiltz, E.; Kunzweiler, S.; Lehmann, J.; Riepel, D. Group action key encapsulation and non-interactive key exchange in the QROM. In Advances in Cryptology—ASIACRYPT 2022, Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 5–9 December 2022; Agrawal, S., Lin, D., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2022; Volume 13792, pp. 36–66. [Google Scholar] [CrossRef]
- Apon, D.; Cho, C.; Eldefrawy, K.; Katz, J. Efficient, reusable fuzzy extractors from LWE. In Proceedings of the CSCML 2017, Beer-Sheva, Israel, 29–30 June 2017; Dolev, S., Lodha, S., Eds.; LNCS. Springer: Berlin/Heidelberg, Germany, 2017; Volume 10332, pp. 1–18. [Google Scholar] [CrossRef]
- Regev, O. On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 2009, 56, 1–40. [Google Scholar] [CrossRef]
- Boneh, D.; Kogan, D.; Woo, K. Oblivious pseudorandom functions from isogenies. In Advances in Cryptology—ASIACRYPT 2020, Proceedings of the 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, Republic of Korea, 7–11 December 2020; Moriai, S., Wang, H., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2020; Volume 12492, pp. 520–550. [Google Scholar] [CrossRef]
- Kawashima, T.; Takashima, K.; Aikawa, Y.; Takagi, T. An efficient authenticated key exchange from random self-reducibility on CSIDH. In Proceedings of the Information Security and Cryptology—ICISC 2020, Seoul, Republic of Korea, 2–4 December 2020; Hong, D., Ed.; LNCS. Springer: Berlin/Heidelberg, Germany, 2021; Volume 12593, pp. 58–84. [Google Scholar] [CrossRef]
- Abdalla, M.; Eisenhofer, T.; Kiltz, E.; Kunzweiler, S.; Riepel, D. Password-authenticated key exchange from group actions. In Advances in Cryptology—CRYPTO 2022, Proceedings of the 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, 15–18 August 2022; Dodis, Y., Shrimpton, T., Eds.; LNCS; Springer: Berlin/Heidelberg, Germany, 2022; Volume 13508, pp. 699–728. [Google Scholar] [CrossRef]
Constructions | Reuse | Err. Rate | Assump. | H -KS -Free | Src. Entropy | Comp. Cost | PQ -Res. |
---|---|---|---|---|---|---|---|
WLG191 [11] | strong | LWE | ✗ | – | ✔ | ||
CFPRS16 [7] | strong | sublinear | Strong DDH | ✔ | – | ✗ | |
ACEK17 [37] | strong | LWE | ✔ | – | ✔ | ||
Boy04 [6] | weak | IT | ✔ | – | ✔ | ||
WL18 [9] | strong | LWE | ✗ | – | ✔ | ||
WL18 * [10] | strong | DDH +DLIN | ✗ | ✗ | |||
WLH18 [8] | strong | DDH | ✗ | – | ✗ | ||
WLG192 [11] | strong | linear | DDH | ✗ | ✗ | ||
LLGC20 [12] | strong | LPN | ✗ | – | ✔ | ||
ZLH24 [13] | strong | EGA -WPR | ✔ | ✔ | |||
ZLH24 * [14] | strong | EGA -WPR | ✗ | ✔ | |||
our scheme 1 | strong | LHS | ✔ | ✔ | |||
our scheme 2 | strong | GA -DDH | ✔ | ✔ |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wen, Y.; Jin, T.; Li, W. Reusable Fuzzy Extractor from Isogeny-Based Assumptions. Symmetry 2025, 17, 1065. https://doi.org/10.3390/sym17071065
Wen Y, Jin T, Li W. Reusable Fuzzy Extractor from Isogeny-Based Assumptions. Symmetry. 2025; 17(7):1065. https://doi.org/10.3390/sym17071065
Chicago/Turabian StyleWen, Yunhua, Tianlong Jin, and Wei Li. 2025. "Reusable Fuzzy Extractor from Isogeny-Based Assumptions" Symmetry 17, no. 7: 1065. https://doi.org/10.3390/sym17071065
APA StyleWen, Y., Jin, T., & Li, W. (2025). Reusable Fuzzy Extractor from Isogeny-Based Assumptions. Symmetry, 17(7), 1065. https://doi.org/10.3390/sym17071065