Abstract
We present substantial extensions of works [1], [2], andall previous works, on encryption in the bounded storage model introduced by Maurer in [25]. The major new result is that the sharedsecret key employedby the sender Alice andthe receiver Bob can be re-usedto send an exponential number of messages, against strong adaptive attacks. This essential step enhances the usability of the encryption method, and also allows strong authentication andnon-malleability describedbelow. We give an encryption scheme that is provably secure against adaptive attacks by a computationally unbounded adversary in the bounded storage model. In the model, a sender Alice and a receiver Bob have access to a public random string α, andshare a secret key s. Alice andBob observe α on the fly, andby use of s extract bits from which they create a one-time pad X usedto encrypt M as C = X ⊕ M. The size of the secret key s is |s| = klog2 |α|, where k is a security parameter. An Adversary AD can compute andstore any function A1 (α) = η, subject to the bound on storage |η| ≤ γ · |α|, γ < 1, andcaptures C. Even if AD later gets the key s and is computationally unbounded, the encryption is provably secure. Assume that the key s is repeatedly used with successive strings α1, α2,… to produce encryptions C1, C2,… of messages M1,M2,….AD computes η1 = A1(α1), obtains C1, andgets to see the first message M1. Using these he computes andstores η2 = A1(α2,η1,C1,M1), andso on. When he has stored ηl andcaptured Cl, he gets the key s (but not Ml). The main result is that the encryption Cl is provably secure against this adaptive attack, where l, the number of time the secret key s is re-used, is exponentially large in the security parameter k. On this we base non-interactive protocols for authentication andnon-malleability. Again, the sharedsecret key usedin these protocols can be securely re-usedan exponential number of times against adaptive attacks. The method of proof is stronger than the one in [1], [2], and yields ergodic results of independent interest. We discuss in the Introduction the feasibility of the bounded storage model, and outline a solution. Furthermore, the existence of an encryption scheme with the provable strong security properties presented here, may prompt other implementations of the bounded storage model.
| Original language | English |
|---|---|
| Title of host publication | STACS 2002 - 19th Annual Symposium on Theoretical Aspects of Computer Science, Proceedings |
| Editors | Helmut Alt, Afonso Ferreira |
| Publisher | Springer Verlag |
| Pages | 1-26 |
| Number of pages | 26 |
| ISBN (Electronic) | 9783540432838 |
| DOIs | |
| State | Published - 2002 |
| Externally published | Yes |
| Event | 19th Annual Symposium on Theoretical Aspects of Computer Science, STACS 2002 - Antibes - Juan les Pins, France Duration: 14 Mar 2002 → 16 Mar 2002 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 2285 |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 19th Annual Symposium on Theoretical Aspects of Computer Science, STACS 2002 |
|---|---|
| Country/Territory | France |
| City | Antibes - Juan les Pins |
| Period | 14/03/02 → 16/03/02 |
Bibliographical note
Publisher Copyright:© Springer-Verlag Berlin Heidelberg 2002.
Fingerprint
Dive into the research topics of 'Hyper-encryption and everlasting security'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver