Traditionally, to achieve cryptographic security, we require that users generate long perfectly random keys, store them on a perfectly reliable and secure device, and perfectly shield this device to prevent an attacker from observing or tampering its internals. This talk will survey some of my recent work on achieving equally strong security guarantees under imperfect conditions, where some of the above assumptions may not hold. For example, this includes the use of biometrics as cryptographic keys. Such keys come from an unstructured
(weak) source of randomness and each fresh scan of a biometric usually introduces some noise. It also includes virtually any scenario where a cryptographic scheme is executed on physical hardware, since such executions can often leak various side-channel information about their internals (e.g. timing information, radiation, acoustics etc.). More generally, this line of research explores the minimal conditions under which cryptographic security can be achieved.