Bit Commitment in the Bounded Storage Model: Tight Bound and Simple Optimal Construction

  • Junji Shikata
  • Daisuke Yamanaka
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7089)


In this paper, we study bit commitment in the bounded storage model (BSM). Specifically, in this paper we derive the tight lower bound on the memory size of honest players of bit commitment in the BSM. The tightness of our lower bound is shown by the fact that a certain bit commitment scheme obtained from the oblivious transfer by Ding et al. meets the bound with equality. We also give a simple and optimal construction of the bit commitment in this paper. We emphasize that our construction is simpler and easier to implement than already known any other bit commitment in the BSM.


Security Parameter Impersonation Attack Random String Commitment Scheme Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Trans. on Information Theory 48(6), 1668–1680 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Aumann, Y., Rabin, M.O.: Information Theoretically Secure Communication in the Limited Storage Space Model. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 65–79. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Blum, M.: Coin flipping by telephone: a protocol for solving impossible problem. In: 24th IEEE Spring Computer Conference, pp. 133–137. IEEE Press (1982)Google Scholar
  4. 4.
    Brassard, G., Crépeau, C., Wolf, S.: Oblivious transfers and privacy amplification. IEEE Transactions on Information Theory 16(4), 219–237 (2003)zbMATHMathSciNetGoogle Scholar
  5. 5.
    Cachin, C., Maurer, U.M.: Unconditional Security Against Memory-Bounded Adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Cachin, C., Crépeau, C., Marcil, J.: Oblivious Transfer with a memory bounded adversaries. In: Proc. 39th IEEE Symposium on Foundations of Computer Science, pp. 493–502 (1998)Google Scholar
  7. 7.
    Crépeau, C.: Equivalence between Two Flavours of Oblivious Transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988)Google Scholar
  8. 8.
    Crépeau, C., Kilian, J., Savvides, G.: Interactive Hashing: An Information Theoretic Tool. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 14–28. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Crépeau, C., Savvides, G.: Optimal Reductions Between Oblivious Transfers Using Interactive Hashing. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 201–221. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Crépeau, C., Savvides, G., Schaffner, C., Wullschleger, J.: Information-Theoretic Conditions for Two-party Secure Function Evaluation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 538–554. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Damgård, I.B., Fehr, S., Salvail, L., Schaffner, C.: Oblivious Transfer and Linear Functions. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 427–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Damgård, I.B., Kilian, J., Salvail, L.: On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Ding, Y.Z.: Oblivious Transfer in the Bounded Storage Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. J. Cryptology 20, 165–202 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Ding, Y.Z., Rabin, M.O.: Hyper-Encryption and Everlasting Security. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 1–26. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Dziembowski, S., Maurer, U.M.: On Generating the Initial Key in the Bounded-Storage Model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Dziembowski, S., Maurer, U.: The bare bounded storage model: the tight bound on the storage requirement for key agreement. IEEE Transactions on Information Theory 54(6), 2790–2792 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  19. 19.
    Hong, D., Chang, K.-Y., Ryu, H.: Efficient Oblivious Transfer in the Bounded-Storage Model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 143–159. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proc. 20th ACM Symposium on Theory of Computing, pp. 20–31 (1988)Google Scholar
  21. 21.
    Maurer, U.: Conditionally-perfect secrecy and a provably-secure randomized cipher. J. Cryptology 5(1), 53–66 (1992)CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Maurer, U.: Authentication theory and hypothesis testing. IEEE Transaction on Information Theory 46(4), 1350–1356 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptology 2(2), 151–158 (1991)zbMATHGoogle Scholar
  24. 24.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–52 (1996)CrossRefzbMATHMathSciNetGoogle Scholar
  25. 25.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge argument for NP using any one-way function. J. Cryptology 11(2), 87–108 (1998)CrossRefzbMATHGoogle Scholar
  26. 26.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard (1981)Google Scholar
  27. 27.
    Rosenbaum, U.: A lower bound on authentication after having observed a sequence of messages. J. Cryptology 6, 135–156 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  28. 28.
    Vadhan, S.P.: On Constructing Locally Computable Extractors and Cryptosystems in the Bounded Storage Model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 61–77. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Walker, M.: Information-theoretic bound for authentication schemes. J. Cryptology 2(3), 131–143 (1990)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Junji Shikata
    • 1
  • Daisuke Yamanaka
    • 1
  1. 1.Graduate School of Environment and Information SciencesYokohama National UniversityJapan

Personalised recommendations