Abstract
We address the problem of the security of cryptographic protocols in face of future advances in computing technology and algorithmic research. The problem stems from the fact that computations which at a given point in time may be deemed infeasible, can, in the course of years or decades, be made possible with improved hardware and/or breakthroughs in code-breaking algorithms. In such cases, the security of historical, but nonetheless highly confidential data may be in jeopardy. We present a scheme for efficient secure two-party communication with provable everlasting security. The security is guaranteed in face of any future technological advances, given the current state of the art. Furthermore, the security of the messages is also guaranteed even if the secret encryption/decryption key is revealed in the future. The scheme is based on the bounded storage model and provides information-theoretic security in this model. The bounded storage model postulates an adversary who is computationally unbounded, and is only bounded in the amount of storage (not computation space) available to store the output of his computation. The bound on the storage can be arbitrarily large (e.g., 100 Tbytes), as long as it is fixed. Given this storage bound, our protocols guar0antee that even a computationally all-powerful adversary gains no information about a message (except with a probability that is exponentially small in the security parameter k). The bound on storage space need only hold at the time of the message transmission. Thereafter, no additional storage space or computational power can help the adversary in deciphering the message. We present two protocols. The first protocol, which elaborates on the autoregressive (AR) protocol of [1], employs a short secret key whose size is independent of the length of the message, but uses many public random bits. The second protocol uses an optimal number of public random bits, but employs a longer secret key. Our proof of security utilizes a novel linear algebraic technique.
| Original language | English |
|---|---|
| Pages (from-to) | 1668-1680 |
| Number of pages | 13 |
| Journal | IEEE Transactions on Information Theory |
| Volume | 48 |
| Issue number | 6 |
| DOIs | |
| State | Published - Jun 2002 |
Bibliographical note
Funding Information:Manuscript received August 11, 2000; revised February 1, 2001. This work was supported in part by the NSF under Contract CCR-9877138. The material in this paper was presented in part at CRYPTO’99, Santa Barbara, CA. Y. Aumann is with the Department of Computer Science, Bar-Ilan University, Ramat-Gan 52900, Israel (e-mail: [email protected]). Y. Z. Ding and M. O. Rabin are with DEAS, Harvard University, Cambridge, MA 02138 USA (e-mail: [email protected]; [email protected]). Communicated by S. Shamai, Guest Editor. Publisher Item Identifier S 0018-9448(02)04017-8.
Funding
Manuscript received August 11, 2000; revised February 1, 2001. This work was supported in part by the NSF under Contract CCR-9877138. The material in this paper was presented in part at CRYPTO’99, Santa Barbara, CA. Y. Aumann is with the Department of Computer Science, Bar-Ilan University, Ramat-Gan 52900, Israel (e-mail: [email protected]). Y. Z. Ding and M. O. Rabin are with DEAS, Harvard University, Cambridge, MA 02138 USA (e-mail: [email protected]; [email protected]). Communicated by S. Shamai, Guest Editor. Publisher Item Identifier S 0018-9448(02)04017-8.
| Funders | Funder number |
|---|---|
| National Science Foundation | CCR-9877138 |
Keywords
- Bounded storage model
- Encryption
- Everlasting security
- Information-theoretic security