A Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes

Forward-Secure Storage (FSS) was introduced by Dziembowski (CRYPTO 2006). Informally, FSS is an encryption scheme (Encr, Decr) that has the following non-standard property: even if the adversary learns the value of some function h of the ciphertext C = Encr(K,M), he should have essentially no information on the corresponding plaintext M, even if he knows the key K. The only restriction is that h is input-shrinking, i.e. |h(R)| ≤ σ, where σ is some parameter such that σ ≤ |C|. We study the problem of minimizing the length of the secret key in the IT-secure FSS, and we establish an almost optimal lower bound on the length of the secret key. The secret key of the FSS scheme of Dziembowski has length |M|+O(log σ). We show that in every FSS the secret key needs to have length at least |M| + log2 σ-O(log2 log2 σ).

[1]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[2]  Shai Halevi,et al.  Theo ry of Cryptography (vol. # 3876) : Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings , 2006 .

[3]  David Cash,et al.  Intrusion-Resilient Key Exchange in the Bounded Retrieval Model , 2007, TCC.

[4]  Cynthia Dwork Advances in Cryptology - CRYPTO 2006: 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceedings (Lecture Notes in Computer Science) , 2006, CRYPTO 2006.

[5]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[6]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[7]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[8]  Stefan Dziembowski,et al.  Intrusion-Resilient Secret Sharing , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[9]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[10]  R. Ostrovsky,et al.  Smooth Histograms for Sliding Windows , 2007, FOCS 2007.

[11]  Ueli Maurer,et al.  On Generating the Initial Key in the Bounded-Storage Model , 2004, EUROCRYPT.

[12]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[13]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[14]  Giovanni Di Crescenzo,et al.  Perfectly Secure Password Protocols in the Bounded Retrieval Model , 2006, TCC.

[15]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[16]  Chi-Jen Lu Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors , 2003, Journal of Cryptology.

[17]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[18]  Stefan Dziembowski,et al.  Intrusion-Resilience Via the Bounded-Storage Model , 2006, TCC.

[19]  Stefan Dziembowski,et al.  On Forward-Secure Storage , 2006, CRYPTO.

[20]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.