Error Correction in the Bounded Storage Model

  • Yan Zong Ding
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


We initiate a study of Maurer’s bounded storage model (JoC, 1992) in presence of transmission errors and perhaps other types of errors that cause different parties to have inconsistent views of the public random source. Such errors seem inevitable in any implementation of the model. All previous schemes and protocols in the model assume a perfectly consistent view of the public source from all parties, and do not function correctly in presence of errors, while the private-key encryption scheme of Aumann, Ding and Rabin (IEEE IT, 2002) can be extended to tolerate only a O(1/log(1/ε)) fraction of errors, where ε is an upper bound on the advantage of an adversary.

In this paper, we provide a general paradigm for constructing secure and error-resilient private-key cryptosystems in the bounded storage model that tolerate a constant fraction of errors, and attain the near optimal parameters achieved by Vadhan’s construction (JoC, 2004) in the errorless case. In particular, we show that any local fuzzy extractor yields a secure and error-resilient cryptosystem in the model, in analogy to the result of Lu (JoC, 2004) that any local strong extractor yields a secure cryptosystem in the errorless case, and construct efficient local fuzzy extractors by extending Vadhan’s sample-then-extract paradigm. The main ingredients of our constructions are averaging samplers (Bellare and Rompel, FOCS ’94), randomness extractors (Nisan and Zuckerman, JCSS, 1996), error correcting codes, and fuzzy extractors (Dodis, Reyzin and Smith, EUROCRYPT ’04).


Ideal Experiment Oblivious Transfer Entropy Rate Choose Ciphertext Attack Fuzzy Extractor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ADR02]
    Aumann, Y., Ding, Y.Z., Rabin, M.O.: Everlasting security in the bounded storage model. IEEE Transactions on Information Theory 48(6), 1668–1680 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  2. [And97]
    Anderson, R.: Two remarks on public key cryptology. Invited Lecture. In: 4th ACM Conference on Computer and Communications Security (1997)Google Scholar
  3. [AR99]
    Aumann, Y., Rabin, M.O.: Information theoretically secure communication in the limited storage space model. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 65–79. Springer, Heidelberg (1999)Google Scholar
  4. [BBCM95]
    Bennett, C., Brassard, G., Crépeau, C., Maurer, U.: Generalized privacy amplification. IEEE Transactions on Information Theory 41(6), 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  5. [BBR88]
    Bennett, C., Brassard, G., Roberts, J.: Privacy amplification by public discussion. SIAM Journal on Computing 17(2), 210–229 (1988)CrossRefMathSciNetGoogle Scholar
  6. [BR94]
    Bellare, M., Rompel, J.: Randomness-efficient oblivious sampling. In: 35th Annual IEEE Symposium on Foundations of Computer Science, November 1994, pp. 276–287 (1994)Google Scholar
  7. [BS93]
    Brassard, G., Salvail, L.: Secret-key reconciliation by public discussion. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 410–423. Springer, Heidelberg (1994)Google Scholar
  8. [CCM98]
    Cachin, C., Crépeau, C., Marcil, J.: Oblivious transfer with a memory-bounded receiver. In: 39th Annual IEEE Symposium on Foundations of Computer Science, November 1998, pp. 493–502 (1998)Google Scholar
  9. [CG88]
    Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing 17(2), 230–261 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  10. [CM97a]
    Cachin, C., Maurer, U.: Linking information reconciliation and privacy amplification. Journal of Cryptology 10(2), 97–110 (1997)zbMATHCrossRefGoogle Scholar
  11. [CM97b]
    Cachin, C., Maurer, U.M.: Unconditional security against memory bounded adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)Google Scholar
  12. [CRVW02]
    Capalbo, M.R., Reingold, O., Vadhan, S.P., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: 34th Annual ACM Symposium on the Theory of Computer Science, pp. 659–668 (2002)Google Scholar
  13. [DHRS04]
    Ding, Y.Z., Harnik, D., Rosen, A., Shaltiel, R.: Constant-round oblivious transfer in the bounded storage model. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 446–472. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. [Din01]
    Ding, Y.Z.: Oblivious transfer in the bounded storage model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. [DM04a]
    Dziembowski, S., Maurer, U.M.: On generating the initial key in the bounded-storage model. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 126–137. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. [DM04b]
    Dziembowski, S., Maurer, U.: Optimal randomizer efficiency in the bounded-storage model. Journal of Cryptology 17(1), 5–26 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  17. [DR02]
    Ding, Y.Z., Rabin, M.O.: Hyper-encryption and everlasting security (extended abstract). In: 19th Annual Symposium on Theoretical Aspects of Computer Science, pp. 1–26. Springer, Heidelberg (2002)Google Scholar
  18. [DRS04]
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  20. [Gol97]
    Goldreich, O.: A sample of samplers: A computational perspective on sampling. Technical Report TR97-020, Electronic Colloquium on Computational Complexity (May 1997)Google Scholar
  21. [Kra95]
    Krawczyk, H.: New hash functions for message authentication. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 301–310. Springer, Heidelberg (1995)Google Scholar
  22. [Lan04]
    Langberg, M.: Private codes or succinct random codes that are (almost) perfect. In: 45th Annual Symposium on Foundations of Computer Science (2004)Google Scholar
  23. [Lu04]
    Lu, C.-J.: Encryption against space-bounded adversaries from on-line strong extractors. Journal of Cryptology 17(1), 27–42 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  24. [Mau92]
    Maurer, U.: Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology 5(1), 53–66 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  25. [MST04]
    Moran, T., Shaltiel, R., Ta-Shma, A.: Non-interactive timestamping in the bounded storage model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 460–476. Springer, Heidelberg (2004)Google Scholar
  26. [NT99]
    Nisan, N., Ta-Shma, A.: Extracting randomness: A survey and new constructions. Journal of Computer and System Sciences 58(1), 148–173 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  27. [NY90]
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd Annual ACM Symposium on the Theory of Computer Science, pp. 427–437 (1990)Google Scholar
  28. [NZ96]
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–52 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  29. [Rab02]
    Rabin, M.O.: Personal communication (2002)Google Scholar
  30. [Sha02]
    Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the European Association for Theoretical Computer Science 77, 67–95 (2002)zbMATHMathSciNetGoogle Scholar
  31. [Smi04]
    Smith, A.: Maintaining secrecy when information leakage is unavoidable. Ph.D. Thesis. MIT (2004)Google Scholar
  32. [SS96]
    Sipser, M., Spielman, D.A.: Expander codes. IEEE Transactions on Information Theory 42(6), 1710–1722 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  33. [Vad02]
    Vadhan, S.P.: Randomness extractors and their many guises. In: 43rd Annual IEEE Symposium on Foundations of Computer Science, November 2002, p. 9 (2002), Presentation available at
  34. [Vad04]
    Vadhan, S.P.: Constructing locally computable extractors and cryptosystems in the bounded storage model. Journal of Cryptology 17(1), 43–77 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  35. [vL99]
    van Lint, J.H.: Introduction to Coding Theory (Spring 1999)Google Scholar
  36. [Zuc96]
    Zuckerman, D.: Simulating BPP using a general weak random source. Algorithmica 16(4/5), 367–391 (1996)zbMATHMathSciNetGoogle Scholar
  37. [Zuc97]
    Zuckerman, D.: Randomness-optimal oblivious sampling. Random Structures & Algorithms 11(4), 345–367 (1997)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Yan Zong Ding
    • 1
  1. 1.College of ComputingGeorgia Institute of TechnologyAtlantaUSA

Personalised recommendations