Bounded-Retrieval Model with Keys Derived from Private Data

  • Konrad Durnoga
  • Stefan Dziembowski
  • Tomasz Kazana
  • Michał ZającEmail author
  • Maciej Zdanowicz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10143)


The Bounded Retrieval Model (BRM) was proposed at TCC 2006 (independently by Dziembowski and Di Crescenzo et al.). Essentially, the main idea of this model is to design cryptographic schemes with secret keys that are so large that it is infeasible for the adversary to steal them. One of the main technical problems of this idea is that it by definition requires the users to store large amounts of secret data on their disks.

In this paper we put forward a technique for dealing with the problem of this large space consumption for protocols in BRM. More precisely, we propose a method to derive keys for such protocols on-the-fly from weakly random private data (like text documents or photos, users keep on their disks anyway for non-cryptographic purposes) in such a way that no extra storage is needed. We prove that any leakage-resilient protocol (belonging to a certain, arguably quite broad class) when run with a key obtained this way retains a similar level of security as the original protocol had. Additionally, we guarantee privacy of the data the actual keys are derived from. In other words: the adversary obtains essentially no information about the private data that is used for the key derivation. Our techniques are based on the disperser graphs.

We have also implemented an experimental test of efficiency of our protocol. For arguably practical parameter settings the performance of the dispersing procedure is satisfactory.


Random Oracle Private Data Disperser Graph Merkle Tree Universal Hash Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Michal Zajac and Maciej Zdanowicz would like to thank the National Science Centre for their support in form of the grant PRELUDIUM 7 no. UMO-2014/13/N/ST6/03029.


  1. 1.
    Alwen, J., Dodis, Y., Naor, M., Segev, G., Walfish, S., Wichs, D.: Public-key encryption in the bounded-retrieval model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 113–134. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_6 CrossRefGoogle Scholar
  2. 2.
    Alwen, J., Dodis, Y., Wichs, D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_3 CrossRefGoogle Scholar
  3. 3.
    Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover hash lemma, revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_1 CrossRefGoogle Scholar
  4. 4.
    Cash, D., Ding, Y.Z., Dodis, Y., Lee, W., Lipton, R., Walfish, S.: Intrusion-resilient key exchange in the bounded retrieval model. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 479–498. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-70936-7_26 CrossRefGoogle Scholar
  5. 5.
    Crescenzo, G., Lipton, R., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 225–244. Springer, Heidelberg (2006). doi: 10.1007/11681878_12 CrossRefGoogle Scholar
  6. 6.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_31 CrossRefGoogle Scholar
  7. 7.
    Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 1–22. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36594-2_1 CrossRefGoogle Scholar
  8. 8.
    Dziembowski, S.: Intrusion-resilience via the bounded-storage model. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 207–224. Springer, Heidelberg (2006). doi: 10.1007/11681878_11 CrossRefGoogle Scholar
  9. 9.
    Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: 48th Annual Symposium on Foundations of Computer Science, pp. 227–237. IEEE Computer Society Press, Providence, USA, 20–23 October 2007Google Scholar
  10. 10.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Merkle, R.C.: Secrecy, authentication, and public key systems. Ph.D. thesis, Stanford University, Stanford, CA, USA, aAI8001972 (1979)Google Scholar
  12. 12.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996). MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13, 2–24 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptology 17(1), 43–77 (2004)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Konrad Durnoga
    • 1
  • Stefan Dziembowski
    • 1
  • Tomasz Kazana
    • 1
  • Michał Zając
    • 1
    • 2
    Email author
  • Maciej Zdanowicz
    • 1
  1. 1.University of WarsawWarsawPoland
  2. 2.University of TartuTartuEstonia

Personalised recommendations