Explicit expanders and the Ramanujan conjectures
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Conditionally-perfect secrecy and a provably-secure randomized cipher
Journal of Cryptology - Eurocrypt '90
Journal of Computer and System Sciences
Journal of Computer and System Sciences
Free Bits, PCPs, and Nonapproximability---Towards Tight Results
SIAM Journal on Computing
Extracting all the randomness and reducing the error in Trevisan's extractors
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
Extractors and pseudo-random generators with optimal seed length
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Extractors and pseudorandom generators
Journal of the ACM (JACM)
Tight security proofs for the bounded-storage model
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Hyper-Encryption and Everlasting Security
STACS '02 Proceedings of the 19th Annual Symposium on Theoretical Aspects of Computer Science
Unconditional Security Against Memory-Bounded Adversaries
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Extracting Randomness: How and Why - A survey
CCC '96 Proceedings of the 11th Annual IEEE Conference on Computational Complexity
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Everlasting security in the bounded storage model
IEEE Transactions on Information Theory
How to Protect Yourself without Perfect Shredding
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Hyper encryption and everlasting secrets: a survey
CIAC'03 Proceedings of the 5th Italian conference on Algorithms and complexity
Survey: leakage resilience and the bounded retrieval model
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
A practical and secure communication protocol in the bounded storage model
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Hi-index | 0.00 |
We study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer [10]. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann, Ding, and Rabin [2] proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin [5] gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks.We study this problem from the approach of constructing randomness extractors ([13,11,16,15] and more), which seems to provide a more intuitive understanding together with some powerful tools. A strong extractor is a function which purifies randomness from a slightly random source using a short random seed as a catalyst, so that its output and its seed together look almost random. We show that any strong extractor immediately yields an encryption scheme with the nice security properties of [2,5]. To have an efficient encryption scheme, we need strong extractors which can be evaluated in an on-line and efficient way. We give one such construction. This yields an encryption scheme, which has the same nice security properties as before but now can encrypt longer messages using a shorter private key. In addition, our scheme works even when the long public random string is not perfectly random, as long as it contains enough amount of randomness.