Abstract
Erasing old data and keys is an important tool in cryptographic protocol design. It is useful in many settings, including proactive security, adaptive security, forward security, and intrusion resilience. Protocols for all these settings typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice.
We propose a model of partial erasures where erasure instructions leave almost all the data erased intact, thus giving the honest players only a limited capability for disposing of old data. Nonetheless, we provide a general compiler that transforms any secure protocol using perfect erasures into one that maintains the same security properties when only partial erasures are available. The key idea is a new redundant representation of secret data which can still be computed on, and yet is rendered useless when partially erased. We prove that any such a compiler must incur a cost in additional storage, and that our compiler is near optimal in terms of its storage overhead.
Full version of paper available at http://eprint.iacr.org/ as
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Two remarks on public key cryptology invited lecture. In: Acm-Ccs 1997 (1997)
Beaver, D.: Plug and play encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symp. on Foundations of Comp. Science, pp. 136–145 (2001)
Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)
Canetti, R., Eiger, D., Goldwasser, S., Lim, D.-Y.: How to protect yourself without perfect shredding (full version) (1995), http://eprint.iacr.org/
Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure computation (2008)
Canetti, R., Gennaro, R., Herzberg, A., Naor, D.: Proactive security: Long-term protection against break-ins. In: CryptoBytes (1) (1999)
Carter, J.L., Wegman, M.N.: Universal classes of hash functions. JCSS 18 (1979)
Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)
Di Crescenzo, G., Lipton, R.J., Walfish, S.: Perfectly secure password protocols in the bounded retrieval model. In: Theory of Cryptography Conference, pp. 225–244 (2006)
Dagon, D., Lee, W., Lipton, R.J.: Protecting secret data from insider attacks. In: Financial Cryptography, pp. 16–30 (2005)
Diffie, W., Van-Oorschot, P.C., Weiner, M.J.: Authentication and authenticated key exchanges. In: Designs, Codes, and Cryptography, pp. 107–125 (1992)
Dodis, Y.: Exposure-Resilient Cryptography. PhD thesis. MIT, Cambridge (2000)
Dziembowski, S.: Intrusion-resilience via the bounded-storage model. In: Theory of Cryptography Conference, pp. 207–224 (2006)
Dziembowski, S.: On forward-secure storage. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 251–270. Springer, Heidelberg (2006)
Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: FOCS 2007, Washington, DC, USA, pp. 227–237. IEEE Computer Society, Los Alamitos (2007)
Frankel, Y., Gemmel, P., MacKenzie, P.D., Yung, M.: Proactive rsa. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997)
Garfinkel, S.L.: Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis. MIT, Cambridge (2005)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold Dss signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996)
Günther, C.G.: An identity-based key-exchange protocol. In: Proc. EUROCRYPT 1989, pp. 29–37 (1989)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryption Keys (April 2008), http://citp.princeton.edu/memory/
Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive public key and signature systems. In: ACM Conference on Computers and Communication Security (1997)
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing, or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)
Hughes, G., Coughlin, T.: Tutorial on hard drive sanitation (2006), http://www.tomcoughlin.com/
Hughes, G., Coughlin, T.: Secure erase of disk drive data, pp. 22–25 (2002)
Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: STOC 1989, pp. 12–24 (1989)
Itkis, G., Reyzin, L.: Sibir: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)
Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: Introducing concurrency, removing erasures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–243. Springer, Heidelberg (2000)
Lu, C.-J.: Encryption against storage-bounded adversaries from on-line strong extractors. In: Proc. CRYPTO 2002, pp. 257–271 (2002)
Lysyanskaya, A.: Efficient threshold and proactive cryptography secure against the adaptive adversary (extended abstract) (1999)
Mansour, Y., Nisan, N., Tiwari, P.: The computational complexity of universal hashing. In: Proc. 22nd ACM Symp. on Theory of Computing (2002)
Maurer, U.: A provably-secure strongly-randomized cipher. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 361–373. Springer, Heidelberg (1991)
Maurer, U.: Conditionally-perfect secrecy and a provably-secure randomized cipher, pp. 53–66 (1992)
Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–52 (1996)
Department of Defense. DoD 5220.22-M: National Industrial Security Program Operating Manual (1997)
Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks, pp. 51–61 (1991)
Damgård, I., Nielsen, J.: Improved non-committing encryption schemes based on a general complexity assumption. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, Springer, Heidelberg (2000)
Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal, 656–715
Vaarala, S.: T-110.5210 cryptosystems lecture notes (2006)
Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded-storage model. J. Cryptol. 17(1), 43–77 (2004)
Yee, B.: Using secure coprocessors. PhD thesis (May 1994)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canetti, R., Eiger, D., Goldwasser, S., Lim, DY. (2008). How to Protect Yourself without Perfect Shredding. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds) Automata, Languages and Programming. ICALP 2008. Lecture Notes in Computer Science, vol 5126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70583-3_42
Download citation
DOI: https://doi.org/10.1007/978-3-540-70583-3_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70582-6
Online ISBN: 978-3-540-70583-3
eBook Packages: Computer ScienceComputer Science (R0)