Abstract
The goal of the bounded storage model (BSM) is to construct unconditionally secure cryptographic protocols, by only restricting the storage capacity of the adversary, but otherwise giving it unbounded computational power. Here, we consider a streaming variant of the BSM, where honest parties can stream huge amounts of data to each other so as to overwhelm the adversary’s storage, even while their own storage capacity is significantly smaller than that of the adversary. Prior works showed several impressive results in this model, including key agreement and oblivious transfer, but only as long as adversary’s storage \(m = O(n^2)\) is at most quadratically larger than the honest user storage n. Moreover, the work of Dziembowski and Maurer (DM) also gave a seemingly matching lower bound, showing that key agreement in the BSM is impossible when \(m > n^2\).
In this work, we observe that the DM lower bound only applies to a significantly more restricted version of the BSM, and does not apply to the streaming variant. Surprisingly, we show that it is possible to construct key agreement and oblivious transfer protocols in the streaming BSM, where the adversary’s storage can be significantly larger, and even exponential \(m = 2^{O(n)}\). The only price of accommodating larger values of m is that the round and communication complexities of our protocols grow accordingly, and we provide lower bounds to show that an increase in rounds and communication is necessary.
As an added benefit of our work, we also show that our oblivious transfer (OT) protocol in the BSM satisfies a simulation-based notion of security. In contrast, even for the restricted case of \(m = O(n^2)\), prior solutions only satisfied a weaker indistinguishability based definition. As an application of our OT protocol, we get general multiparty computation (MPC) in the BSM that allows for up to exponentially large gaps between m and n, while also achieving simulation-based security.
The full version of this paper is available online [13].
Y. Dodis—Supported by gifts from VMware Labs and Algorand, and NSF grants 2055578 and 1815546.
W. Quach—Part of this work was completed during an internship at NTT Research.
D. Wichs—Research supported by NSF grant CNS-1750795, CNS-2055510 and the Alfred P. Sloan Research Fellowship.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This holds generically in the case of KA. In the case of OT, where the participants can be malicious, it may not be generically safe to allow one of the parties to chose X instead of having it sampled by a trusted third party. However, it was safe to do so for all the protocols in the literature.
- 2.
For example, if local computability is demanded, parties cannot compute the parity of all the bits of X.
- 3.
Indeed, it is not true in general that their mutual information can only increase by a small amount in each round; once Alice and Bob share even a small amount of mutual information (e.g., they share a short extractor seed, perhaps even only with small probability), they may be able to leverage it to derive much more mutual information in just one additional round (e.g., send a long message and extract).
- 4.
Note that allowing Alice and Bob to be stronger makes the resulting lower bound stronger as well.
- 5.
This is optimal, as otherwise Eve is capable of storing more than n/b ciphertexts in its memory, allowing the parties to encrypt more than \(b\cdot n/b = n\) bits of information using an n-bit key, contradicting Shannon lower bound.
- 6.
We will allow ourselves to split up the protocol into rounds arbitrarily, and may have two (or more) adjacent rounds where the same party A talks to party B.
References
Aumann, Y., Ding, Y.Z., Rabin, M.: Everlasting security in the bounded storage model. IEEE Trans. Inf. Theory 48(6), 1668–1680 (2002). https://doi.org/10.1109/TIT.2002.1003845
Aumann, Y., Feige, U.: One message proof systems with known space verifiers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 85–99. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_8
Bellare, M., Kane, D., Rogaway, P.: Big-key symmetric encryption: resisting key exfiltration. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 373–402. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_14
Cachin, C., Crépeau, C., Marcil, J.: Oblivious transfer with a memory-bounded receiver. In: 39th FOCS, pp. 493–502. IEEE Computer Society Press, Palo Alto, 8–11 November 1998. https://doi.org/10.1109/SFCS.1998.743500
Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052243
Calabro, C.: The exponential complexity of satisfiability problems. Ph.D. thesis, University of California, San Diego, USA (2009). http://www.escholarship.org/uc/item/0pk5w64k
Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_30
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Ding, Y.Z.: Oblivious transfer in the bounded storage model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_9
Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. J. Cryptol. 20(2), 165–202 (2007). https://doi.org/10.1007/s00145-006-0438-1
Ding, Y.Z., Rabin, M.O.: Hyper-encryption and everlasting security. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 1–26. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45841-7_1
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008). https://doi.org/10.1137/060651380
Dodis, Y., Quach, W., Wichs, D.: Speak much, remember little: cryptography in the bounded storage model, revisited. Cryptology ePrint Archive, Paper 2021/1270 (2021). https://eprint.iacr.org/2021/1270
Dziembowski, S., Kazana, T., Zdanowicz, M.: Quasi chain rule for min-entropy. Inf. Process. Lett. 134, 62–66 (2018). https://doi.org/10.1016/j.ipl.2018.02.007. https://www.sciencedirect.com/science/article/pii/S002001901830036X
Dziembowski, S., Maurer, U.M.: Tight security proofs for the bounded-storage model. In: 34th ACM STOC, pp. 341–350. ACM Press, Montréal, 19–21 May 2002. https://doi.org/10.1145/509907.509960
Dziembowski, S., Maurer, U.: On generating the initial key in the bounded-storage model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_8
Garg, S., Raz, R., Tal, A.: Extractor-based time-space lower bounds for learning. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 990–1002. ACM Press, Los Angeles, 25–29 June 2018. https://doi.org/10.1145/3188745.3188962
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012
Guan, J., Zhandary, M.: Simple schemes in the bounded storage model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 500–524. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_17
Guan, J., Zhandry, M.: Disappearing cryptography in the bounded storage model. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 365–396. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_13
Hong, D., Chang, K.-Y., Ryu, H.: Efficient oblivious transfer in the bounded-storage model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 143–159. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_9
Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 12–24. Association for Computing Machinery, New York (1989). https://doi.org/10.1145/73007.73009
Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_32
Kamp, J., Rao, A., Vadhan, S., Zuckerman, D.: Deterministic extractors for small-space sources. J. Comput. Syst. Sci. 77(1), 191–220 (2011). https://doi.org/10.1016/j.jcss.2010.06.014. https://www.sciencedirect.com/science/article/pii/S002200001000098X. Celebrating Karp’s Kyoto Prize
Kilian, J.: Founding cryptography on oblivious transfer. In: 20th ACM STOC, pp. 20–31. ACM Press, Chicago, 2–4 May 1988. https://doi.org/10.1145/62212.62215
Kol, G., Raz, R., Tal, A.: Time-space hardness of learning sparse parities. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th ACM STOC, pp. 1067–1080. ACM Press, Montreal, 19–23 June 2017. https://doi.org/10.1145/3055399.3055430
Liu, J., Vusirikala, S.: Secure multiparty computation in the bounded storage model. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 289–325. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_14
Lu, C.-J.: Hyper-encryption against space-bounded adversaries from on-line strong extractors. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 257–271. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_17
Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptol. 5(1), 53–66 (1992). https://doi.org/10.1007/BF00191321
Moran, T., Shaltiel, R., Ta-Shma, A.: Non-interactive timestamping in the bounded-storage model. J. Cryptol. 22(2), 189–226 (2009). https://doi.org/10.1007/s00145-008-9035-9
Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP can be based on general complexity assumptions. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 196–214. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_14
Nisan, N.: Pseudorandom generators for space-bounded computations. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing, STOC 1990, pp. 204–212. Association for Computing Machinery, New York (1990). https://doi.org/10.1145/100216.100242
Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996). https://doi.org/10.1006/jcss.1996.0004
Rabin, M.O.: How to exchange secrets with oblivious transfer (1981). Harvard Aiken Computational Laboratory TR-81
Raz, R.: Fast learning requires good memory: a time-space lower bound for parity learning. In: Dinur, I. (ed.) 57th FOCS, pp. 266–275. IEEE Computer Society Press, New Brunswick, 9–11 October 2016. https://doi.org/10.1109/FOCS.2016.36
Raz, R.: A time-space lower bound for a large class of learning problems. In: Umans, C. (ed.) 58th FOCS, pp. 732–742. IEEE Computer Society Press, Berkeley, 15–17 October 2017. https://doi.org/10.1109/FOCS.2017.73
De Santis, A., Persiano, G., Yung, M.: One-message statistical zero-knowledge proofs and space-bounded verifier. In: Kuich, W. (ed.) ICALP 1992. LNCS, vol. 623, pp. 28–40. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-55719-9_61
Skorski, M.: Strong chain rules for min-entropy under few bits spoiled. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 1122–1126 (2019). https://doi.org/10.1109/ISIT.2019.8849240
Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptol. 17(1), 43–77 (2004). https://doi.org/10.1007/s00145-003-0237-x
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Dodis, Y., Quach, W., Wichs, D. (2023). Speak Much, Remember Little: Cryptography in the Bounded Storage Model, Revisited. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14004. Springer, Cham. https://doi.org/10.1007/978-3-031-30545-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-30545-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30544-3
Online ISBN: 978-3-031-30545-0
eBook Packages: Computer ScienceComputer Science (R0)