Everlasting security in the bounded storage model

We address the problem of the-security of cryptographic protocols in face of future advances in computing technology and algorithmic research. The problem stems from the fact may be deemed that computations which at a given point in time may be deemed infeasible, can, in the course of years or decades, be made possible with improved hardware and/or breakthroughs in code-breaking algorithms. In such cases, the security of historical , but nonetheless highly confidential data may be in jeopardy. We present a scheme for efficient secure two-party communication with provable everlasting security. The security is guaranteed in face of any future technological advances, given the current state of of the art. Furthermore, the security of the messages is also guaranteed even if the secret encryption/decryption key is revealed in the future, The scheme is based on the bounded storage model and provides information-theoretic security in this model. The bounded storage model postulates an adversary who is computationally unbounded, and is only bounded in the amount of storage (not computation space) available to store the output of his computation. The bound on the storage can be arbitrarily large (e.g., 100 Tbytes), as long as it is fixed. Given this storage bound, our protocols guarantee that even a computationally all powerful adversary gains no information about a message (except with a probability that is exponentially small in the security parameter k). The bound on storage space need only hold at the time of the message transmission. Thereafter, no additional storage space or, computational power can help the adversary in deciphering the message. We present two protocols. The first protocol, which elaborates on the autoregressive (AR) protocol of Aumann and Rabin (see Advances in Cryptology-Crypto '99, p. 65-79, 1999), employs a short secret key whose size is independent of the length of the message, but uses many public random bits. The second protocol uses an optimal number of public random bits, but employs a longer secret key. Our proof of security utilizes a novel linear algebraic technique.

[1]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1993, JACM.

[4]  Moti Yung,et al.  One-Message Statistical Zero-Knowledge Proofs and Space-Bounded Verifier , 1992, ICALP.

[5]  Anne Condon Space-bounded probabilistic game automata , 1991, JACM.

[6]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[7]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 2019, Texts in Computer Science.

[8]  Ueli Maurer,et al.  Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free , 2000, EUROCRYPT.

[9]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[12]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[13]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.

[14]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1988, J. Comput. Syst. Sci..

[15]  Eyal Kushilevitz,et al.  Communication Complexity , 1997, Adv. Comput..

[16]  Michael Sipser,et al.  Introduction to the Theory of Computation , 1996, SIGA.

[17]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[18]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[19]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[20]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[21]  Ueli Maurer A Unified and Generalized Treatment of Authentification Theory , 1996, STACS.

[22]  G. S. Vernam,et al.  Cipher Printing Telegraph Systems For Secret Wire and Radio Telegraphic Communications , 1926, Transactions of the American Institute of Electrical Engineers.

[23]  Uriel Feige,et al.  On Message Proof Systems with Known Space Verifiers , 1993, CRYPTO.

[24]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[25]  Ueli Maurer,et al.  Towards Characterizing When Information-Theoretic Secret Key Agreement Is Possible , 1996, ASIACRYPT.

[26]  Ueli Maurer,et al.  Unconditionally Secure Key Agreement and the Intrinsic Conditional Information , 1999, IEEE Trans. Inf. Theory.