Cryptography Based on Correlated Data: Foundations and Practice

Correlated data can be very useful in cryptography. For instance, if a uniformly random key is available to Alice and Bob, it can be used as an one-time pad to transmit a message with perfect security. With more elaborate forms of correlated data, the parties can achieve even more complex cryptographic tasks, such as secure multiparty computation. This thesis explores (from both a theoretical and a practical point of view) the topic of cryptography based on correlated data. The first part considers physical assumptions that can be used to obtain simple forms of correlated data suitable for cryptographic purposes. We aim at constructing two important cryptographic primitives, namely commitments and oblivious transfer, and investigate the question of their existence as well as the theoretical limits of how efficiently the underlying resources can be used to construct them. For example, the existence of noisy channels between the parties allows unconditionally secure realizations of both primitives. As it turns out that noisy channels are valuable resources for cryptography, it becomes important to understand the optimal way in which these noisy channels can be used for implementing cryptographic tasks. Therefore, commitment and oblivious transfer capacities have been studied in the literature, which capture respectively the optimal way in which commitment and oblivious transfer can be realized using noisy channels. These capacities are cryptographic equivalents of Shannon’s definition of channel capacity for the task of transmitting messages reliably over noisy channels. In the thesis we will further investigate the commitment and oblivious transfer capacity of some important channels. Another example is the so-called bounded storage model, in which it is assumed that the parties have limited storage capacity (an assumption orthogonal to the restrictions on computational power that are normally made in cryptography based on complexity theory). In this model there is a public random source available to the parties during an initial transmission phase, but since the parties only have bounded storage they can only store parts of this random source and therefore they end up with correlated data that can be used subsequently to implement cryptographic primitives. It is known that both commitment and oblivious transfer can be implemented in the bounded storage model without errors. We present the first secure protocols for commitment and oblivious transfer in the more realistic bounded storage model with errors, in which the public random sources available to the parties are not exactly the same, but instead are only required to have a small

[1]  Michael Naehrig,et al.  Privately Evaluating Decision Trees and Random Forests , 2016, IACR Cryptol. ePrint Arch..

[2]  Marcel Keller,et al.  An architecture for practical actively secure MPC with dishonest majority , 2013, IACR Cryptol. ePrint Arch..

[3]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[4]  Sennur Ulukus,et al.  The Secrecy Capacity Region of the Gaussian MIMO Multi-Receiver Wiretap Channel , 2009, IEEE Transactions on Information Theory.

[5]  Venkatesan Guruswami,et al.  Near-optimal linear-time codes for unique decoding and new list-decodable codes over smaller alphabets , 2002, STOC '02.

[6]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[7]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[8]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[9]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[10]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[11]  Yael Tauman Kalai,et al.  Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, Journal of Cryptology.

[12]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[13]  Yunghsiang Sam Han,et al.  Privacy-Preserving Multivariate Statistical Analysis: Linear Regression and Classification , 2004, SDM.

[14]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[15]  Arash Afshar,et al.  How to Efficiently Evaluate RAM Programs with Malicious Security , 2014, EUROCRYPT.

[16]  Vinícius de Morais Alves Protocolo de comprometimento de BIT eficiente com segurança sequencial baseado no modelo de memória limitada , 2011 .

[17]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[18]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[19]  Kurt Hornik,et al.  Misc Functions of the Department of Statistics, ProbabilityTheory Group (Formerly: E1071), TU Wien , 2015 .

[20]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[21]  Shlomo Shamai,et al.  Secrecy Capacity Region of Fading Broadcast Channels , 2007, 2007 IEEE International Symposium on Information Theory.

[22]  Ivan Damgård,et al.  Statistical Secrecy and Multibit Commitments , 1998, IEEE Trans. Inf. Theory.

[23]  de Sja Sebastiaan Hoogh,et al.  Design of large scale applications of secure multiparty computation : secure linear programming , 2012 .

[24]  Donald Beaver,et al.  One-Time Tables for Two-Party Computation , 1998, COCOON.

[25]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[26]  Anderson C. A. Nascimento,et al.  On the Oblivious Transfer Capacity of Generalized Erasure Channels Against Malicious Adversaries: The Case of Low Erasure Probability , 2014, IEEE Transactions on Information Theory.

[27]  Imre Csiszár,et al.  Secrecy capacities for multiterminal channel models , 2005, ISIT.

[28]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[29]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[30]  Thijs Veugen Linear Round Bit-Decomposition of Secret-Shared Values , 2015, IEEE Transactions on Information Forensics and Security.

[31]  Juan A. Garay,et al.  Practical and Secure Solutions for Integer Comparison , 2007, Public Key Cryptography.

[32]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[33]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[34]  Peter Dalgaard,et al.  R Development Core Team (2010): R: A language and environment for statistical computing , 2010 .

[35]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[36]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[37]  Kirill Morozov,et al.  Generalized Oblivious Transfer Protocols Based on Noisy Channels , 2001, MMM-ACNS.

[38]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[39]  Yehuda Lindell,et al.  More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[40]  Alexander J. Smola,et al.  Support Vector Regression Machines , 1996, NIPS.

[41]  Hideki Imai,et al.  Commitment Capacity of Discrete Memoryless Channels , 2003, IMACC.

[42]  Hesham El Gamal,et al.  On the Secrecy Capacity of Fading Channels , 2007, ISIT.

[43]  Joan Feigenbaum,et al.  Secure multiparty computation of approximations , 2001, TALG.

[44]  Pille Pullonen Actively Secure Two-Party Computation: Efficient Beaver Triple Generation , 2013 .

[45]  Martin E. Hellman,et al.  The Gaussian wire-tap channel , 1978, IEEE Trans. Inf. Theory.

[46]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[47]  Anderson C. A. Nascimento,et al.  On the Composability of Statistically Secure Bit Commitments , 2013, IACR Cryptol. ePrint Arch..

[48]  Frédérique E. Oggier,et al.  The secrecy capacity of the MIMO wiretap channel , 2008, ISIT.

[49]  Martine De Cock,et al.  Fast, Privacy Preserving Linear Regression over Distributed Datasets based on Pre-Distributed Data , 2015, AISec@CCS.

[50]  Claudio Orlandi,et al.  MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions , 2013, EUROCRYPT.

[51]  Ahmad-Reza Sadeghi,et al.  Efficient privacy-preserving classification of ECG signals , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[52]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[53]  Rudolf Ahlswede,et al.  On Oblivious Transfer Capacity , 2007, 2007 IEEE International Symposium on Information Theory.

[54]  I. Damglurd Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation , 2006 .

[55]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[56]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[57]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[58]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[59]  Jeroen van de Graaf,et al.  Unconditionally Secure, Universally Composable Privacy Preserving Linear Algebra , 2016, IEEE Transactions on Information Forensics and Security.

[60]  NICHOLAS J. HIGHAM,et al.  A SCHUR–NEWTON METHOD FOR THE MATRIX PTH ROOT AND ITS INVERSE∗ , 2005 .

[61]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[62]  Ping Chen,et al.  Practical Secure Decision Tree Learning in a Teletreatment Application , 2014, Financial Cryptography.

[63]  Jürg Wullschleger Oblivious Transfer from Weak Noisy Channels , 2009, TCC.

[64]  Eike Kiltz,et al.  Secure Computation of the Mean and Related Statistics , 2005, IACR Cryptol. ePrint Arch..

[65]  Michael Zohner,et al.  GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits , 2013, Financial Cryptography.

[66]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[67]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[68]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[69]  Donald Beaver,et al.  Server-assisted cryptography , 1998, NSPW '98.

[70]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[71]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[72]  Anderson C. A. Nascimento,et al.  Commitment and Oblivious Transfer in the Bounded Storage Model With Errors , 2015, IEEE Transactions on Information Theory.

[73]  Anderson C. A. Nascimento,et al.  Oblivious Transfer Based on the McEliece Assumptions , 2012 .

[74]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[75]  Ran Canetti,et al.  Lower Bounds for Sampling Algorithms for Estimating the Average , 1995, Inf. Process. Lett..

[76]  Jörn Müller-Quade,et al.  Universally Composable Commitments Using Random Oracles , 2004, TCC.

[77]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[78]  David Zuckerman Randomness-optimal oblivious sampling , 1997, Random Struct. Algorithms.

[79]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[80]  Amir K. Khandani,et al.  Secrecy capacity region of Gaussian broadcast channel , 2009, 2009 43rd Annual Conference on Information Sciences and Systems.

[81]  Yan Zong Ding,et al.  Oblivious Transfer in the Bounded Storage Model , 2001, CRYPTO.

[82]  Roy D. Yates,et al.  Secrecy capacity of independent parallel channels , 2009 .

[83]  B. Ripley,et al.  Recursive Partitioning and Regression Trees , 2015 .

[84]  Ahmad-Reza Sadeghi,et al.  Secure Evaluation of Private Linear Branching Programs with Medical Applications , 2009, ESORICS.

[85]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[86]  Goichiro Hanaoka,et al.  Information-theoretically secure oblivious polynomial evaluation in the commodity-based model , 2014, International Journal of Information Security.

[87]  Hideki Imai,et al.  On the Oblivious Transfer Capacity of the Erasure Channel , 2006, 2006 IEEE International Symposium on Information Theory.

[88]  Jörn Müller-Quade,et al.  Universally composable zero-knowledge arguments and commitments from signature cards , 2007 .

[89]  Barbara Masucci,et al.  Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes , 2002, Des. Codes Cryptogr..

[90]  Xiaodong Lin,et al.  Secure Regression on Distributed Databases , 2005 .

[91]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[92]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[93]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[94]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[95]  George Savvides,et al.  Interactive hashing and reductions between oblivious transfer variants , 2007 .

[96]  Lawrence H. Ozarow,et al.  Wire-tap channel II , 1984, AT&T Bell Laboratories Technical Journal.

[97]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[98]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[99]  Octavian Catrina,et al.  Secure Computation with Fixed-Point Numbers , 2010, Financial Cryptography.

[100]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[101]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[102]  Michael Naehrig,et al.  Private Predictive Analysis on Encrypted Medical Data , 2014, IACR Cryptol. ePrint Arch..

[103]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[104]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[105]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[106]  Imre Csiszár,et al.  Secrecy capacities for multiple terminals , 2004, IEEE Transactions on Information Theory.

[107]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[108]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[109]  Dowon Hong,et al.  Efficient Oblivious Transfer in the Bounded-Storage Model , 2002, ASIACRYPT.

[110]  Ahmad-Reza Sadeghi,et al.  Privacy-Preserving ECG Classification With Branching Programs and Neural Networks , 2011, IEEE Transactions on Information Forensics and Security.

[111]  Anderson C. A. Nascimento,et al.  On the Oblivious-Transfer Capacity of Noisy Resources , 2008, IEEE Transactions on Information Theory.

[112]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[113]  Hideki Imai,et al.  The Commitment Capacity of the Gaussian Channel Is Infinite , 2008, IEEE Transactions on Information Theory.

[114]  S. Fienberg,et al.  Secure multiple linear regression based on homomorphic encryption , 2011 .

[115]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[116]  John Rompel,et al.  Techniques for computing with low-independence randomness , 1990 .

[117]  Jerome P. Reiter,et al.  Privacy-Preserving Analysis of Vertically Partitioned Data Using Secure Matrix Products , 2009 .

[118]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .

[119]  Stefan Wolf,et al.  Efficient oblivious transfer from any non-trivial binary-symmetric channel , 2002, Proceedings IEEE International Symposium on Information Theory,.

[120]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[121]  Pim Tuyls,et al.  Efficient Binary Conversion for Paillier Encrypted Values , 2006, EUROCRYPT.

[122]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[123]  Mihir Bellare,et al.  Randomness-efficient oblivious sampling , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[124]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.

[125]  Claude Crépeau,et al.  Optimal Reductions Between Oblivious Transfers Using Interactive Hashing , 2006, EUROCRYPT.

[126]  Kirill Morozov,et al.  Achieving Oblivious Transfer Capacity of Generalized Erasure Channels in the Malicious Model , 2011, IEEE Transactions on Information Theory.

[127]  Ivan Damgård,et al.  On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions , 1998, EUROCRYPT.

[128]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[129]  Shai Ben-David,et al.  Understanding Machine Learning: From Theory to Algorithms , 2014 .

[130]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[131]  Matthias Fitzi,et al.  Unconditional Byzantine Agreement and Multi-party Computation Secure against Dishonest Minorities from Scratch , 2002, EUROCRYPT.

[132]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[133]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[134]  Amit Sahai,et al.  Secure Computation from Elastic Noisy Channels , 2016, EUROCRYPT.

[135]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[136]  Renato Renner,et al.  The Exact Price for Unconditionally Secure Asymmetric Cryptography , 2004, EUROCRYPT.

[137]  Leonid Reyzin,et al.  Key Agreement from Close Secrets over Unsecured Channels , 2009, IACR Cryptol. ePrint Arch..

[138]  Salil P. Vadhan,et al.  Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model , 2003, Journal of Cryptology.

[139]  Thomas P. Hayes,et al.  Near-independence of permutations and an almost sure polynomial bound on the diameter of the symmetric group , 2005, SODA '05.

[140]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[141]  Junji Shikata,et al.  Bit Commitment in the Bounded Storage Model: Tight Bound and Simple Optimal Construction , 2011, IMACC.

[142]  Massimo Franceschetti,et al.  Wiretap Channel With Secure Rate-Limited Feedback , 2009, IEEE Transactions on Information Theory.

[143]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[144]  Silvio Micali,et al.  Lower Bounds for Oblivious Transfer Reductions , 1999, EUROCRYPT.

[145]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[146]  Richard E. Blahut,et al.  Secrecy capacity of SIMO and slow fading channels , 2005, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005..

[147]  Miguel R. D. Rodrigues,et al.  Secrecy Capacity of Wireless Channels , 2006, 2006 IEEE International Symposium on Information Theory.

[148]  Yehuda Lindell Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries , 2013, CRYPTO.

[149]  Nico Döttling,et al.  Unconditional and Composable Security Using a Single Stateful Tamper-Proof Hardware Token , 2011, TCC.

[150]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[151]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[152]  Matthias Fitzi,et al.  Pseudo-signatures, Broadcast, and Multi-party Computation from Correlated Randomness , 2004, CRYPTO.

[153]  Yan Zong Ding,et al.  Error Correction in the Bounded Storage Model , 2005, TCC.

[154]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[155]  Shai Avidan,et al.  Efficient Methods for Privacy Preserving Face Detection , 2006, NIPS.

[156]  Michael I. Jordan,et al.  On Discriminative vs. Generative Classifiers: A comparison of logistic regression and naive Bayes , 2001, NIPS.

[157]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[158]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[159]  Goichiro Hanaoka,et al.  Unconditionally Secure Homomorphic Pre-distributed Bit Commitment and Secure Two-Party Computations , 2003, ISC.

[160]  Peeter Laud,et al.  A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols , 2015, CCS.

[161]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[162]  Tomas Toft,et al.  Constant-Rounds, Almost-Linear Bit-Decomposition of Secret Shared Values , 2009, CT-RSA.

[163]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[164]  Tomas Toft Solving Linear Programs Using Multiparty Computation , 2009, Financial Cryptography.

[165]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[166]  Xiaodong Lin,et al.  Privacy preserving regression modelling via distributed computation , 2004, KDD.

[167]  Ueli Maurer,et al.  The Bare Bounded-Storage Model: The Tight Bound on the Storage Requirement for Key Agreement , 2008, IEEE Transactions on Information Theory.