International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Speak Much, Remember Little: Cryptography in the Bounded Storage Model, Revisited

Authors:
Yevgeniy Dodis , New York University
Willy Quach , Northeastern University
Daniel Wichs , Northeastern University and NTT Research
Download:
DOI: 10.1007/978-3-031-30545-0_4 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2023
Abstract: The goal of the bounded storage model (BSM) is to construct unconditionally secure cryptographic protocols, by only restricting the storage capacity of the adversary, but otherwise giving it unbounded computational power. Here, we consider a streaming variant of the BSM, where honest parties can stream huge amounts of data to each other so as to overwhelm the adversary's storage, even while their own storage capacity is significantly smaller than that of the adversary. Prior works showed several impressive results in this model, including key agreement and oblivious transfer, but only as long as adversary's storage $m = O(n^2)$ is at most quadratically larger than the honest user storage $n$. Moreover, the work of Dziembowski and Maurer (DM) also gave a seemingly matching lower bound, showing that key agreement in the BSM is impossible when $m > n^2$. In this work, we observe that the DM lower bound only applies to a significantly more restricted version of the BSM, and does not apply to the streaming variant. Surprisingly, we show that it is possible to construct key agreement and oblivious transfer protocols in the streaming BSM, where the adversary's storage can be significantly larger, and even exponential $m = 2^{O(n)}$. The only price of accommodating larger values of $m$ is that the round and communication complexities of our protocols grow accordingly, and we provide lower bounds to show that an increase in rounds and communication is necessary. As an added benefit of our work, we also show that our oblivious transfer (OT) protocol in the BSM satisfies a simulation-based notion of security. In contrast, even for the restricted case of $m = O(n^2)$, prior solutions only satisfied a weaker indistinguishability based definition. As an application of our OT protocol, we get general multiparty computation (MPC) in the BSM that allows for up to exponentially large gaps between $m$ and $n$, while also achieving simulation-based security.
BibTeX
@inproceedings{eurocrypt-2023-32866,
  title={Speak Much, Remember Little: Cryptography in the Bounded Storage Model, Revisited},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-30545-0_4},
  author={Yevgeniy Dodis and Willy Quach and Daniel Wichs},
  year=2023
}