Abstract
We present substantial extensions of works [1], [2], and all previous works, on encryption in the bounded storage model introduced by Maurer in [25]. The major new result is that the shared secret key employed by the sender Alice andthe receiver Bob can be re-used to send an exponential number of messages, against strong adaptive attacks. This essential step enhances the usability of the encryption method, and also allows strong authentication andnon-malleability described below.
We give an encryption scheme that is provably secure against adaptive attacks by a computationally unbounded adversary in the bounded storage model. In the model, a sender Alice and a receiver Bob have access to a public random string α, and share a secret key s. Alice and Bob observe α on the fly, andb y use of s extract bits from which they create a one-time pad X used to encrypt M as C = X⊕M. The size of the secret key s is ∣s∣ = klog2 ∣α∣, where k is a security parameter. An Adversary AD can compute andstore any function A 1(α) = η, subject to the bound on storage ∣η∣ ≤γ. ·∣α∣, γ < 1, and captures C. Even if AD later gets the key s and is computationally unbounded, the encryption is provably secure. Assume that the key s is repeatedly used with successive strings α1, α2, ... to produce encryptions C 1, C 2, ... of messagesM 1,M 2, .... AD computes η1 = A 1(α1), obtains C 1, and gets to see the first message M 1. Using these he computes andstores η2 = A 1(α2, α1, C 1,M 1), and so on. When he has stored ηl andcaptured C l, he gets the key s (but not M l). The main result is that the encryption C l is provably secure against this adaptive attack, where l, the number of time the secret key s is re-used, is exponentially large in the security parameter k. On this we base non-interactive protocols for authentication and non-malleability. Again, the shared secret key used in these protocols can be securely re-usedan exponential number of times against adaptive attacks. The method of proof is stronger than the one in [1], [2], and yields ergodic results of independent interest. We discuss in the Introduction the feasibility of the bounded storage model, and outline a solution. Furthermore, the existence of an encryption scheme with the provable strong security properties presented here, may prompt other implementations of the bounded storage model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Y. Aumann and M. O. Rabin. Information Theoretically Secure Communication in the LimitedStorage Space Model. In Advances in Cryptology — Crypto’ 99, pages 65–79, 1999.
Y. Aumann, Y. Z. Ding, and M. O. Rabin. Everlasting Security in the Bounded Storage Model. Accepted to IEEE Transactions on Information Theory, 2000.
Y. Aumann and U. Feige. One message proof systems with known space verifier. In Advances in Cryptology-Crypto’ 93, 1993.
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. In Advances in Cryptology — Crypto’ 98, 1998.
M. Bellare and A. Sahai. Non-Malleable Encryption: Equivalence between Two Notions, andan Indistinguishability-BasedCharacterization. In Advances in Cryptology — Crypto’ 99, 1999.
C. H. Bennett, G. Brassard, C. Crepeau, and U. Maurer. Generalizedpriv acy amplification. IEEE Transactions on Information Theory, 41(6), 1995.
C. Cachin, C. Crépeau, and J. Marcil. Oblivious transfer with a memory-bounded receiver. In Proc. 39th IEEE Symposium on Foundations of Computer Science, 1998.
C. Cachin and U. Maurer. Unconditional security against memory bounded adversaries. In Advances in Cryptology — Crypto’ 97, 1997.
A. Condon. Bounded Space Probabilistic Games. In Proc. Annual Conference on Structure in Complexity Theory, 1988.
A. Condon, and R. Ladner. Probabilistic Game Automata. In Proc. Annual Conference on Structure in Complexity Theory, 1986.
A. De-Santis, G. Persiano, and M. Yung. One-message statistical zero-knowledge proofs with space-bounded verifier. In Proc. 19th ICALP, 1992.
Y. Z. Ding. Oblivious Transfer in the Bounded Storage Model. In Advances in Cryptology — Crypto’ 01, 2001.
D. Dolev, C. Dwork, and M. Naor. Non-malleable Cryptography. SIAM J. Comp., 30(2): 391–437, 2000.
C. Dwork and L. J. Stockmeyer. Finite State Verifiers I: The Power of Interaction. JACM 39(4): 800–828, 1992
C. Dwork and L. J. Stockmeyer. Finite State Verifiers II: Zero Knowledge. JACM 39(4): 829–858, 1992.
R. G. Gallager. Low-Density Parity-Check Codes. MIT Press, 1963.
E. Gilbert, F. MacWilliams, and N. Sloane. Codes which detect deception. Bell Sys. Tech. J., 53(3): 405–424, 1974.
S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS 28: 270–299, 1984.
R. L. Graham, D. E. Knuth, and O. Patashnik. Concrete Mathematics. Addison Wesley, 1989.
J. Katz and M. Yung. Complete characterization of security notations for probabilistic private-key encryption. In Proc. 32nd ACM Symposium on Theory of Computing, 2000.
J.T. Kohl, B.C. Neuman, and T. Tso. The Evolution of the Kerberos Authentication System. Distributed Open Systems, IEEE Computer Soceity Press, 1994, pp. 78–94.
E. Kushilevitz and N. Nisan. Communication complexity. Cambridge University Press, New York, 1997.
J. Kilian. Zero-knowledge with Log-Space Verifiers. In Proc. 29th IEEE Symposium on the Foundations of Computer Science, 1988.
N. Linial, Y. Mansour, and N. Nisan. Constant Depth Circuits, Fourier Transform, andLearnability. JACM 40(3): 607–620, July 1993.
U. Maurer. Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology, 5: 53–66, 1992.
U. Maurer. Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory, 39: 733–742, 1993.
U. Maurer. A unifiedandgeneralizedtreatmen t of authentication theory. In STACS’96, 1996.
U. Maurer. Information-theoretically secure secret-key agreement by NOT authenticatedpublic discussion. In Advances in Cryptology — EUROCRYPT’ 97, 1997.
U. Maurer. Information-Theoretic Cryptography. In Advances in Cryptology — CRYPTO’ 99, 1999.
U. Maurer and S. Wolf. Towardc haracterizing when information-theoretic secret key agreement is possible. In Advances in Cryptology — ASIACRYPT’96, 1996.
U. Maurer and S. Wolf. Privacy amplification secure against active adversaries. In Advances in Cryptology — Crypto’ 97, 1997.
U. Maurer and S. Wolf. Unconditional secure key agreement andthe intrinsic conditional information. IEEE Transaction on Information Theory, 45(2): 499–514, 1999.
U. Maurer and S. Wolf. Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free. In Advances in Cryptology — EUROCRYPT’ 00, 2000.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
N. Nisan. Pseudorandom generators for space-bounded computation. In Proc. 22rd ACM Symposium on Theory of Computing, 1990.
N. Nisan and D. Zuckerman. Randomness is linear in space. JCSS 52(1): 43–52, 1996.
J. Naor and M. Naor. Small-bias Probabilistic Spaces: Efficient Constructions and Applications. In Proc. 22rd ACM Symposium on Theory of Computing, 1990.
M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. 22nd ACM Symposium on Theory of Computing, 1990.
M. O. Rabin. Transaction Protection by Beacons. JCSS 27(2): 256–267, 1983.
T. Rabin and M. Ben-Or. Verifiable Secret Sharing andMultiparty Protocols with Honest Majority. In Proc. 21st ACM Symposium on Theory of Computing, 1989.
C. Racko. and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attacks. In Advances in Cryptology — CRYPTO’91, 1991.
A. Sahai. Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In Proc. 40th IEEE Symposium on Foundations of Computer Science, 1999.
C. E. Shannon. Communication theory of secrecy systems. Bell Sys. Tech. J., 28: 656–715, 1949.
J.G. Steiner, B.C. Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In USENIX Conference Proceedings, Feb 1988, pp. 191–202.
D. Stinson and R. Wei. Bibliography on Authentication Codes, 1998. http://www.cacr.math.uwaterloo.ca/dstinson/acbib.htm
U. V. Vazirani. Randomness, Adversaries and Computation EECS, UC Berkeley, 1986.
G. S. Vernam. Cipher printing telegraph systems for secret wire andrad io telegraphic communications, 1926. Journal of the American Institute for Electrical Engineers 22: 109–115, 1926.
N. M. Wegman and J. L. Carter. New hash functions andtheir use in authentication andset equality. JCSS 22(3): 265–279, 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ding, Y.Z., Rabin, M.O. (2002). Hyper-Encryption and Everlasting Security. In: Alt, H., Ferreira, A. (eds) STACS 2002. STACS 2002. Lecture Notes in Computer Science, vol 2285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45841-7_1
Download citation
DOI: https://doi.org/10.1007/3-540-45841-7_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43283-8
Online ISBN: 978-3-540-45841-8
eBook Packages: Springer Book Archive