Error Correction in the Bounded Storage Model

We initiate a study of Maurer's bounded storage model (JoC, 1992) in presence of transmission errors and perhaps other types of errors that cause different parties to have inconsistent views of the public random source. Such errors seem inevitable in any implementation of the model. All previous schemes and protocols in the model assume a perfectly consistent view of the public source from all parties, and do not function correctly in presence of errors, while the private-key encryption scheme of Aumann, Ding and Rabin (IEEE IT, 2002) can be extended to tolerate only a O(1/log(1/e)) fraction of errors, where e is an upper bound on the advantage of an adversary. In this paper, we provide a general paradigm for constructing secure and error-resilient private-key cryptosystems in the bounded storage model that tolerate a constant fraction of errors, and attain the near optimal parameters achieved by Vadhan's construction (JoC, 2004) in the errorless case. In particular, we show that any local fuzzy extractor yields a secure and error-resilient cryptosystem in the model, in analogy to the result of Lu (JoC, 2004) that any local strong extractor yields a secure cryptosystem in the errorless case, and construct efficient local fuzzy extractors by extending Vadhan's sample-then-extract paradigm. The main ingredients of our constructions are averaging samplers (Bellare and Rompel, FOCS '94), randomness extractors (Nisan and Zuckerman, JCSS, 1996), error correcting codes, and fuzzy extractors (Dodis, Reyzin and Smith, EUROCRYPT '04).

[1]  David Zuckerman Simulating BPP using a general weak random source , 2005, Algorithmica.

[2]  Yevgeniy Dodis,et al.  Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints , 2003 .

[3]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[4]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[5]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[6]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[7]  R. Nicoll,et al.  Invited lecture , 1997, Neuroscience Research.

[8]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[9]  Hugo Krawczyk,et al.  New Hash Functions For Message Authentication , 1995, EUROCRYPT.

[10]  Adam D. Smith,et al.  Maintaining secrecy when information leakage is unavoidable , 2004 .

[11]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[12]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[13]  Mihir Bellare,et al.  Advances in Cryptology — CRYPTO '97 , 1996, Lecture Notes in Computer Science.

[14]  Ueli Maurer,et al.  On Generating the Initial Key in the Bounded-Storage Model , 2004, EUROCRYPT.

[15]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[16]  Chi-Jen Lu,et al.  Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors , 2002, CRYPTO.

[17]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[18]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[19]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[20]  Salil P. Vadhan,et al.  Randomness extractors and their many guises , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[21]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[22]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[23]  D. Spielman,et al.  Expander codes , 1996 .

[24]  Michael O. Rabin,et al.  Hyper-Encryption and Everlasting Security , 2002, STACS.

[25]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[26]  L. Fortnow,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[27]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[28]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[29]  Avi Wigderson,et al.  Randomness conductors and constant-degree lossless expanders , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[30]  Gilles Brassard,et al.  Secret-Key Reconciliation by Public Discussion , 1994, EUROCRYPT.

[31]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[32]  Chi-Jen Lu Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors , 2003, Journal of Cryptology.

[33]  Ueli Maurer,et al.  Linking information reconciliation and privacy amplification , 1997, Journal of Cryptology.

[34]  David Zuckerman Randomness-optimal oblivious sampling , 1997, Random Struct. Algorithms.

[35]  Yan Zong Ding,et al.  Oblivious Transfer in the Bounded Storage Model , 2001, CRYPTO.

[36]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[37]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[38]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[39]  Mihir Bellare,et al.  Randomness-efficient oblivious sampling , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[40]  Avi Wigderson,et al.  Randomness conductors and constant-degree lossless expanders , 2002, STOC '02.

[41]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[42]  Ueli Maurer,et al.  Optimal Randomizer Efficiency in the Bounded-Storage Model , 2003, Journal of Cryptology.

[43]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2004, Journal of Cryptology.

[44]  Gerhard Goos,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999, Lecture Notes in Computer Science.

[45]  Michael Langberg,et al.  Private codes or succinct random codes that are (almost) perfect , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[46]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[47]  Amnon Ta-Shma,et al.  Non-interactive Timestamping in the Bounded Storage Model , 2004, CRYPTO.

[48]  Oded Goldreich,et al.  A Sample of Samplers - A Computational Perspective on Sampling (survey) , 1997, Electron. Colloquium Comput. Complex..

[49]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .