Fuzzy extractors convert noisy signals from the physical world into reliable cryptographic keys. Fuzzy min-entropy measures the limit of the length of key that a fuzzy extractor can derive from a distribution (Fuller et al. in IEEE Trans Inf Theory 66(8):5282–5298, 2020). In general, fuzzy min-entropy that is superlogarithmic in the security parameter is required for a noisy distribution to be suitable for key derivation. There is a wide gap between what is possible with respect to computational and information-theoretic adversaries. Under the assumption of general-purpose obfuscation, keys can be securely derived from all distributions with superlogarithmic entropy. Against information-theoretic adversaries, however, it is impossible to build a single fuzzy extractor that works for all distributions (Fuller et al. 2020). A weaker information-theoretic goal is building a fuzzy extractor for each probability distribution. This is the approach taken by Woodage et al. (in: Advances in Cryptology—CRYPTO, Springer, pp 682–710, 2017). Prior approaches use the full description of the probability mass function and are inefficient. We show this is inherent: for a quarter of distributions with fuzzy min-entropy and \(2^k\) points there is no secure fuzzy extractor that uses less \(2^{\Theta (k)}\) bits of information about the distribution. We show an analogous result with stronger parameters for information-theoretic secure sketches. Secure sketches are frequently used to construct fuzzy extractors.

模糊提取器将来自物理世界的噪声信号转换为可靠的加密密钥。模糊最小熵测量模糊提取器可以从分布中导出的密钥长度的限制（Fuller 等人，IEEE Trans Inf Theory 66(8):5282–5298, 2020）。一般来说，噪声分布需要安全参数中超对数的模糊最小熵才能适合密钥推导。计算对手和信息论对手之间存在着巨大的差距。在通用混淆的假设下，可以从所有具有超对数熵的分布中安全地导出密钥。然而，针对信息论对手，不可能构建适用于所有分布的单一模糊提取器（Fuller et al. 2020）。较弱的信息论目标是为每个概率分布构建一个模糊提取器。这是 Woodage 等人采取的方法。（摘自：密码学进展 — CRYPTO，Springer，第 682-710 页，2017 年）。先前的方法使用概率质量函数的完整描述并且效率低下。我们证明这是固有的：对于具有模糊最小熵和\(2^k\)点的四分之一分布，不存在使用较少\(2^{\Theta (k)}\)位信息的安全模糊提取器关于分布。我们为信息论安全草图展示了具有更强参数的类似结果。安全草图经常用于构造模糊提取器。