Article

Correcting errors without leaking partial information

Authors:
Yevgeniy Dodis

New York University, New York, NY

New York University, New York, NY
View Profile

,
Adam Smith

Weizmann Institute of Science, Rehovot, Israel

Weizmann Institute of Science, Rehovot, Israel
View Profile

STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computingMay 2005Pages 654–663https://doi.org/10.1145/1060590.1060688

Published:22 May 2005Publication History

STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing

Pages 654–663

ABSTRACT

This paper explores what kinds of information two parties must communicate in order to correct errors which occur in a shared secret string W. Any bits they communicate must leak a significant amount of information about W --- that is, from the adversary's point of view, the entropy of W will drop significantly. Nevertheless, we construct schemes with which Alice and Bob can prevent an adversary from learning any useful information about W. Specifically, if the entropy of W is sufficiently high, then there is no function f(W) which the adversary can learn from the error-correction information with significant probability.This leads to several new results: (a) the design of noise-tolerant "perfectly one-way" hash functions in the sense of Canetti et al. [7], which in turn leads to obfuscation of proximity queries for high entropy secrets W; (b) private fuzzy extractors [11], which allow one to extract uniformly random bits from noisy and nonuniform data W, while also insuring that no sensitive information about W is leaked; and (c) noise tolerance and stateless key re-use in the Bounded Storage Model, resolving the main open problem of Ding [10].The heart of our constructions is the design of strong randomness extractors with the property that the source W can be recovered from the extracted randomness and any string W' which is close to W.

References

B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, K. Yang. On the (Im)possibility of Obfuscating Programs. In Advances in Cryptology -- CRYPTO 2001, pp. 1--18.]] Google ScholarDigital Library
C. Bennett, G. Brassard, and J. Robert. Privacy Amplification by Public Discussion. SIAM J. on Computing, 17 (2), pp. 210--229, 1988.]] Google ScholarDigital Library
Eli Ben-Sasson, Madhu Sudan, Salil P. Vadhan, Avi Wigderson: Randomness-efficient low degree tests and short PCPs via epsilon-biased sets. STOC 2003: 612-621]] Google ScholarDigital Library
Gilles Brassard, Louis Salvail. Secret-Key Reconciliation by Public Discussion. In Advances in Cryptology -- EUROCRYPT 1993, p. 410--423.]] Google ScholarDigital Library
Christian Cachin, Ueli M. Maurer. Linking Information Reconciliation and Privacy Amplification. In J. Cryptology, 10 (2), 97--110, 1997.]]Google ScholarDigital Library
R. Canetti. Towards realizing random oracles: Hash functions that hide all partial information. In Advances in Cryptology -- CRYPTO 1997.]] Google ScholarDigital Library
R. Canetti, D. Micciancio, O. Reingold. Perfectly One-Way Probabilistic Hash Functions. In Proc. 30th ACM Symp. on Theory of Computing, 1998, pp. 131--140.]] Google ScholarDigital Library
V. Chauhan and A. Trachtenberg. Reconciliation puzzles. IEEE Globecom 2004.]]Google Scholar
Graham Cormode, Mike Paterson, S. uleyman Cenk Sahinalp, Uzi Vishkin. Communication complexity of document exchange. Proc. ACM Symp. on Discrete Algorithms, 2000, p. 197--206.]] Google ScholarDigital Library
Y.Z. Ding. Error Correction in the Bounded Storage Model. In Theory of Cryptography 2005.]] Google ScholarDigital Library
Y. Dodis, L. Reyzin and A. Smith. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In Advances in Cryptology -- EUROCRYPT 2004.]]Google Scholar
Y. Dodis and A. Smith. Entropic Security and the Encryption of High-Entropy Messages. In Theory of Cryptography 2005.]] Google ScholarDigital Library
S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, 28 (2), pp. 270--299, April 1984.]]Google ScholarCross Ref
R. Impagliazzo and D. Zuckerman. How to Recycle Random Bits. In Proc. 30th IEEE Symp. on Foundations of Computer Science, 1989.]]Google ScholarDigital Library
A. Juels, M. Wattenberg. A Fuzzy Commitment Scheme. In Proc. ACM Conf. Computer and Communications Security, 1999, pp. 28--36.]] Google ScholarDigital Library
A. Juels and M. Sudan. A Fuzzy Vault Scheme. In IEEE International Symposium on Information Theory, 2002.]]Google ScholarCross Ref
Shengli Liu and Henk C. A. Van Tilborg and Marten Van Dijk. Practical Protocol for Advantage Distillation and Information Reconciliation. Des. Codes Cryptography, 30 (1), 39--62, 2003.]] Google ScholarDigital Library
Chi-Jen Lu. Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors. J. Cryptology, 17(1): 27--42 (2004).]] Google ScholarDigital Library
Ben Lynn, Manoj Prabhakaran, Amit Sahai. Positive Results and Techniques for Obfuscation. Advances in Cryptology -- EUROCRYPT 2004, p. 20-39.]]Google Scholar
F. J. MacWilliams and N. J. A. Sloane. The Theory of Error-Correcting Codes, North-Holland, Amsterdam, New York, Oxford, 1978.]]Google Scholar
U. Maurer. Secret Key Agreement by Public Discussion. IEEE Trans. on Info. Theory, 39(3):733-742, 1993.]]Google ScholarDigital Library
J. Naor, M. Naor. Small-Bias Probability Spaces: Efficient Constructions and Applications.SIAM J. Comput. 22(4): 838--856 (1993).]] Google ScholarDigital Library
N. Nisan, D. Zuckerman. Randomness is Linear in Space. In JCSS, 52 (1), pp. 43--52, 1996.]] Google ScholarDigital Library
A. Russell and Wang. How to Fool an Unbounded Adversary with a Short Key. In Advances in Cryptology -- EUROCRYPT 2002.]] Google ScholarDigital Library
R. Shaltiel. Recent developments in Explicit Constructions of Extractors. Bulletin of the EATCS, 77 , pp. 67--95, 2002.]]Google Scholar
A. Smith. Maintaining Secrecy When Information Leakage is Unavoidable. Ph.D. Thesis, Massachusetts Institute of Technology, 2004.]] Google ScholarDigital Library
Salil P. Vadhan. Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model. J. Cryptology 17(1): 43--77 (2004).]] Google ScholarDigital Library
Hoeteck Wee. On Obfuscating Point Functions. (These Proceedings.) Proc. 37th ACM Symp. on Theory of Computing, 2005.]] Google ScholarDigital Library

Index Terms

Correcting errors without leaking partial information

Recommendations

On cryptography with auxiliary input
STOC '09: Proceedings of the forty-first annual ACM symposium on Theory of computing

We study the question of designing cryptographic schemes which are secure even if an arbitrary function f(sk) of the secret key is leaked, as long as the secret key sk is still (exponentially) hard to compute from this auxiliary input. This setting of ...
Read More
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Read More
Designated verifier proxy signature scheme without random oracles

In a designated verifier proxy signature scheme, one can delegate his or her signing capability to another user in such a way that the latter can sign messages on behalf of the former, but the validity of the resulting signatures can only be verified by ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
May 2005
778 pages
ISBN:1581139608
DOI:10.1145/1060590
General Chair:
Hal Gabow
University of Colorado
,
Program Chair:
Ronald Fagin
IBM Almaden Research Center
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 May 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
bounded storage model
code obfuscation
cryptography
entropic security
error-correcting codes
information reconciliation
randomness extractors
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate1,469of4,586submissions,32%
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 111
  Total Citations
  View Citations
- 817
  Total Downloads
- Downloads (Last 12 months)41
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Correcting errors without leaking partial information

STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

On cryptography with auxiliary input

Public-Key encryption from ID-Based encryption without one-time signature

Designated verifier proxy signature scheme without random oracles