Skip to main content
SpringerLink
Log in

Speak Much, Remember Little: Cryptography in the Bounded Storage Model, Revisited

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2023 (EUROCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14004))

  • 1212 Accesses

Abstract

The goal of the bounded storage model (BSM) is to construct unconditionally secure cryptographic protocols, by only restricting the storage capacity of the adversary, but otherwise giving it unbounded computational power. Here, we consider a streaming variant of the BSM, where honest parties can stream huge amounts of data to each other so as to overwhelm the adversary’s storage, even while their own storage capacity is significantly smaller than that of the adversary. Prior works showed several impressive results in this model, including key agreement and oblivious transfer, but only as long as adversary’s storage \(m = O(n^2)\) is at most quadratically larger than the honest user storage n. Moreover, the work of Dziembowski and Maurer (DM) also gave a seemingly matching lower bound, showing that key agreement in the BSM is impossible when \(m > n^2\).

In this work, we observe that the DM lower bound only applies to a significantly more restricted version of the BSM, and does not apply to the streaming variant. Surprisingly, we show that it is possible to construct key agreement and oblivious transfer protocols in the streaming BSM, where the adversary’s storage can be significantly larger, and even exponential \(m = 2^{O(n)}\). The only price of accommodating larger values of m is that the round and communication complexities of our protocols grow accordingly, and we provide lower bounds to show that an increase in rounds and communication is necessary.

As an added benefit of our work, we also show that our oblivious transfer (OT) protocol in the BSM satisfies a simulation-based notion of security. In contrast, even for the restricted case of \(m = O(n^2)\), prior solutions only satisfied a weaker indistinguishability based definition. As an application of our OT protocol, we get general multiparty computation (MPC) in the BSM that allows for up to exponentially large gaps between m and n, while also achieving simulation-based security.

The full version of this paper is available online [13].

Y. Dodis—Supported by gifts from VMware Labs and Algorand, and NSF grants 2055578 and 1815546.

W. Quach—Part of this work was completed during an internship at NTT Research.

D. Wichs—Research supported by NSF grant CNS-1750795, CNS-2055510 and the Alfred P. Sloan Research Fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This holds generically in the case of KA. In the case of OT, where the participants can be malicious, it may not be generically safe to allow one of the parties to chose X instead of having it sampled by a trusted third party. However, it was safe to do so for all the protocols in the literature.

  2. 2.

    For example, if local computability is demanded, parties cannot compute the parity of all the bits of X.

  3. 3.

    Indeed, it is not true in general that their mutual information can only increase by a small amount in each round; once Alice and Bob share even a small amount of mutual information (e.g., they share a short extractor seed, perhaps even only with small probability), they may be able to leverage it to derive much more mutual information in just one additional round (e.g., send a long message and extract).

  4. 4.

    Note that allowing Alice and Bob to be stronger makes the resulting lower bound stronger as well.

  5. 5.

    This is optimal, as otherwise Eve is capable of storing more than n/b ciphertexts in its memory, allowing the parties to encrypt more than \(b\cdot n/b = n\) bits of information using an n-bit key, contradicting Shannon lower bound.

  6. 6.

    We will allow ourselves to split up the protocol into rounds arbitrarily, and may have two (or more) adjacent rounds where the same party A talks to party B.

References

  1. Aumann, Y., Ding, Y.Z., Rabin, M.: Everlasting security in the bounded storage model. IEEE Trans. Inf. Theory 48(6), 1668–1680 (2002). https://doi.org/10.1109/TIT.2002.1003845

    Article  MathSciNet  MATH  Google Scholar 

  2. Aumann, Y., Feige, U.: One message proof systems with known space verifiers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 85–99. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_8

    Chapter  Google Scholar 

  3. Bellare, M., Kane, D., Rogaway, P.: Big-key symmetric encryption: resisting key exfiltration. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 373–402. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_14

    Chapter  Google Scholar 

  4. Cachin, C., Crépeau, C., Marcil, J.: Oblivious transfer with a memory-bounded receiver. In: 39th FOCS, pp. 493–502. IEEE Computer Society Press, Palo Alto, 8–11 November 1998. https://doi.org/10.1109/SFCS.1998.743500

  5. Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052243

    Chapter  Google Scholar 

  6. Calabro, C.: The exponential complexity of satisfiability problems. Ph.D. thesis, University of California, San Diego, USA (2009). http://www.escholarship.org/uc/item/0pk5w64k

  7. Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_30

    Chapter  Google Scholar 

  8. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  9. Ding, Y.Z.: Oblivious transfer in the bounded storage model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_9

    Chapter  Google Scholar 

  10. Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. J. Cryptol. 20(2), 165–202 (2007). https://doi.org/10.1007/s00145-006-0438-1

    Article  MathSciNet  MATH  Google Scholar 

  11. Ding, Y.Z., Rabin, M.O.: Hyper-encryption and everlasting security. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 1–26. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45841-7_1

    Chapter  Google Scholar 

  12. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008). https://doi.org/10.1137/060651380

  13. Dodis, Y., Quach, W., Wichs, D.: Speak much, remember little: cryptography in the bounded storage model, revisited. Cryptology ePrint Archive, Paper 2021/1270 (2021). https://eprint.iacr.org/2021/1270

  14. Dziembowski, S., Kazana, T., Zdanowicz, M.: Quasi chain rule for min-entropy. Inf. Process. Lett. 134, 62–66 (2018). https://doi.org/10.1016/j.ipl.2018.02.007. https://www.sciencedirect.com/science/article/pii/S002001901830036X

  15. Dziembowski, S., Maurer, U.M.: Tight security proofs for the bounded-storage model. In: 34th ACM STOC, pp. 341–350. ACM Press, Montréal, 19–21 May 2002. https://doi.org/10.1145/509907.509960

  16. Dziembowski, S., Maurer, U.: On generating the initial key in the bounded-storage model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_8

    Chapter  MATH  Google Scholar 

  17. Garg, S., Raz, R., Tal, A.: Extractor-based time-space lower bounds for learning. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 990–1002. ACM Press, Los Angeles, 25–29 June 2018. https://doi.org/10.1145/3188745.3188962

  18. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012

  19. Guan, J., Zhandary, M.: Simple schemes in the bounded storage model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 500–524. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_17

    Chapter  MATH  Google Scholar 

  20. Guan, J., Zhandry, M.: Disappearing cryptography in the bounded storage model. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 365–396. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_13

    Chapter  MATH  Google Scholar 

  21. Hong, D., Chang, K.-Y., Ryu, H.: Efficient oblivious transfer in the bounded-storage model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 143–159. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_9

    Chapter  Google Scholar 

  22. Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 12–24. Association for Computing Machinery, New York (1989). https://doi.org/10.1145/73007.73009

  23. Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_32

    Chapter  Google Scholar 

  24. Kamp, J., Rao, A., Vadhan, S., Zuckerman, D.: Deterministic extractors for small-space sources. J. Comput. Syst. Sci. 77(1), 191–220 (2011). https://doi.org/10.1016/j.jcss.2010.06.014. https://www.sciencedirect.com/science/article/pii/S002200001000098X. Celebrating Karp’s Kyoto Prize

  25. Kilian, J.: Founding cryptography on oblivious transfer. In: 20th ACM STOC, pp. 20–31. ACM Press, Chicago, 2–4 May 1988. https://doi.org/10.1145/62212.62215

  26. Kol, G., Raz, R., Tal, A.: Time-space hardness of learning sparse parities. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th ACM STOC, pp. 1067–1080. ACM Press, Montreal, 19–23 June 2017. https://doi.org/10.1145/3055399.3055430

  27. Liu, J., Vusirikala, S.: Secure multiparty computation in the bounded storage model. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 289–325. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_14

    Chapter  Google Scholar 

  28. Lu, C.-J.: Hyper-encryption against space-bounded adversaries from on-line strong extractors. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 257–271. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_17

    Chapter  Google Scholar 

  29. Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptol. 5(1), 53–66 (1992). https://doi.org/10.1007/BF00191321

    Article  MathSciNet  MATH  Google Scholar 

  30. Moran, T., Shaltiel, R., Ta-Shma, A.: Non-interactive timestamping in the bounded-storage model. J. Cryptol. 22(2), 189–226 (2009). https://doi.org/10.1007/s00145-008-9035-9

    Article  MathSciNet  MATH  Google Scholar 

  31. Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP can be based on general complexity assumptions. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 196–214. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_14

    Chapter  Google Scholar 

  32. Nisan, N.: Pseudorandom generators for space-bounded computations. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing, STOC 1990, pp. 204–212. Association for Computing Machinery, New York (1990). https://doi.org/10.1145/100216.100242

  33. Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996). https://doi.org/10.1006/jcss.1996.0004

  34. Rabin, M.O.: How to exchange secrets with oblivious transfer (1981). Harvard Aiken Computational Laboratory TR-81

    Google Scholar 

  35. Raz, R.: Fast learning requires good memory: a time-space lower bound for parity learning. In: Dinur, I. (ed.) 57th FOCS, pp. 266–275. IEEE Computer Society Press, New Brunswick, 9–11 October 2016. https://doi.org/10.1109/FOCS.2016.36

  36. Raz, R.: A time-space lower bound for a large class of learning problems. In: Umans, C. (ed.) 58th FOCS, pp. 732–742. IEEE Computer Society Press, Berkeley, 15–17 October 2017. https://doi.org/10.1109/FOCS.2017.73

  37. De Santis, A., Persiano, G., Yung, M.: One-message statistical zero-knowledge proofs and space-bounded verifier. In: Kuich, W. (ed.) ICALP 1992. LNCS, vol. 623, pp. 28–40. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-55719-9_61

    Chapter  MATH  Google Scholar 

  38. Skorski, M.: Strong chain rules for min-entropy under few bits spoiled. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 1122–1126 (2019). https://doi.org/10.1109/ISIT.2019.8849240

  39. Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptol. 17(1), 43–77 (2004). https://doi.org/10.1007/s00145-003-0237-x

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. New York University, New York, NY, 10012, USA

    Yevgeniy Dodis

  2. Northeastern University, Boston, MA, 02115, USA

    Willy Quach

  3. NTT Research, Sunnyvale, CA, 94085, USA

    Daniel Wichs

Authors
  1. Yevgeniy Dodis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Quach
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Wichs
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Willy Quach .

Editor information

Editors and Affiliations

  1. Bar-Ilan University, Ramat Gan, Israel

    Carmit Hazay

  2. Simula UiB, Bergen, Norway

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dodis, Y., Quach, W., Wichs, D. (2023). Speak Much, Remember Little: Cryptography in the Bounded Storage Model, Revisited. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14004. Springer, Cham. https://doi.org/10.1007/978-3-031-30545-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30545-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30544-3

  • Online ISBN: 978-3-031-30545-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation