Skip to main content
SpringerLink
Log in
Book cover

International Colloquium on Automata, Languages, and Programming

ICALP 2006: Automata, Languages and Programming pp 192–203Cite as

On Everlasting Security in the Hybrid Bounded Storage Model

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4052))

Abstract

The bounded storage model (BSM) bounds the storage space of an adversary rather than its running time. It utilizes the public transmission of a long random string \({\cal R}\) of length r, and relies on the assumption that an eavesdropper cannot possibly store all of this string. Encryption schemes in this model achieve the appealing property of everlasting security. In short, this means that an encrypted message remains secure even if the adversary eventually gains more storage or gains knowledge of (original) secret keys that may have been used. However, if the honest parties do not share any private information in advance, then achieving everlasting security requires high storage capacity from the honest parties (storage of \(\Omega(\sqrt{r})\), as shown in [9]).

We consider the idea of a hybrid bounded storage model were computational limitations on the eavesdropper are assumed up until the time that the transmission of \({\cal R}\) has ended. For example, can the honest parties run a computationally secure key agreement protocol in order to agree on a shared private key for the BSM, and thus achieve everlasting security with low memory requirements? We study the possibility and impossibility of everlasting security in the hybrid bounded storage model. We start by formally defining the model and everlasting security for this model. We show the equivalence of two flavors of definitions: indistinguishability of encryptions and semantic security.

On the negative side, we show that everlasting security with low storage requirements cannot be achieved by black-box reductions in the hybrid BSM. This serves as a further indication to the hardness of achieving low storage everlasting security, adding to previous results of this nature [9, 15]. On the other hand, we show two augmentations of the model that allow for low storage everlasting security. The first is by adding a random oracle to the model, while the second bounds the accessibility of the adversary to the broadcast string \({\cal R}\). Finally, we show that in these two modified models, there also exist bounded storage oblivious transfer protocols with low storage requirements.

Research supported in part by a grant from the Israel Science Foundation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Transactions on Information Theory 48(6), 1668–1680 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  2. Aumann, Y., Rabin, M.O.: Information theoretically secure communication in the limited storage space model. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 65–79. Springer, Heidelberg (1999)

    Google Scholar 

  3. Cachin, C., Crépeau, C., Marcil, J.: Oblivious transfer with a memory-bound receiver. In: 39th IEEE FOCS, pp. 493–502 (1998)

    Google Scholar 

  4. Cachin, C., Maurer, U.: Unconditional security against memory-bound adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)

    Google Scholar 

  5. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. Journal of the ACM 51(4), 557–594 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  6. Ding, Y.Z.: Oblivious transfer in the bounded storage model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant round oblivious transfer in the bounded storage model. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 446–472. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Ding, Y.Z., Rabin, M.O.: Hyper-encryption and everlasting security. In: STACS, pp. 1–26 (2002)

    Google Scholar 

  9. Dziembowski, S., Maurer, U.: On generating the initial key in the bounded-storage model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Dziembowski, S., Maurer, U.: Optimal randomizer efficiency in the bounded-storage model. Journal of Cryptology 17(1), 5–26 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  11. Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)

    Article  MathSciNet  Google Scholar 

  12. Goldwasser, S., Tauman Kalai, Y.: On the (in)security of the fiat-shamir paradigm. In: 44th IEEE FOCS, pp. 102–111 (2003)

    Google Scholar 

  13. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of the ACM 28(4), 270–299 (1984)

    MATH  MathSciNet  Google Scholar 

  14. D. Harnik and M. Naor. On everlasting security in the hybrid bounded storage model, www.wisdom.weizmann.ac.il/~naor/PAPERS/hybrid_abs.html (2006)

  15. Harnik, D., Naor, M.: On the compressibility of NP instances and cryptographic applications. In: ECCC, TR06-022 (2006)

    Google Scholar 

  16. Lu, C.: Encryption against space-bounded adversaries from on-line strong extractors. Journal of Cryptology 17(1), 27–42 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  17. Maurer, U.: Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology 5(1), 53–66 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  18. Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and kdcs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999)

    Google Scholar 

  20. Rabin, M.O.: How to exchange secrets by oblivious transfer. In: TR-81, Harvard (1981)

    Google Scholar 

  21. Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded storage model. Journal of Cryptology 17(1), 43–77 (2004)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Technion, Haifa, Israel

    Danny Harnik

  2. Dept. of Computer Science and Applied Math., Weizmann Institute of Science, Rehovot, Israel

    Moni Naor

Authors
  1. Danny Harnik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moni Naor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università Ca’ Foscari, Venice,  

    Michele Bugliesi

  2. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

  3. ECS, University of Southampton, UK

    Vladimiro Sassone

  4. FB Informatik, LS2, Univ. Dortmund, 44221, Dortmund, Germany

    Ingo Wegener

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Harnik, D., Naor, M. (2006). On Everlasting Security in the Hybrid Bounded Storage Model. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_17

Download citation

  • DOI: https://doi.org/10.1007/11787006_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35907-4

  • Online ISBN: 978-3-540-35908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation