Correcting errors without leaking partial information

Yevgeniy Dodis, Adam Smith

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper explores what kinds of information two parties must communicate in order to correct errors which occur in a shared secret string W. Any bits they communicate must leak a significant amount of information about W - that is, from the adversary's point of view, the entropy of W will drop significantly. Nevertheless, we construct schemes with which Alice and Bob can prevent an adversary from learning any useful information about W. Specifically, if the entropy of W is sufficiently high, then there is no function f(W) which the adversary can learn from the error-correction information with significant probability. This leads to several new results: (a) the design of noise-tolerant "perfectly oneway" hash functions in the sense of Canetti et al. [7], which in turn leads to obfuscation of proximity queries for high entropy secrets W; (b) private fuzzy extractors [11], which allow one to extract uniformly random bits from noisy and nonuniform data W, while also insuring that no sensitive information about W is leaked; and (c) noise tolerance and stateless key re-use in the Bounded Storage Model, resolving the main open problem of Ding [10]. The heart of our constructions is the design of strong randomness extractors with the property that the source W can be recovered from the extracted randomness and any string W′ which is close to W.

Original languageEnglish (US)
Title of host publicationProceedings of the Annual ACM Symposium on Theory of Computing
Pages654-663
Number of pages10
DOIs
StatePublished - 2005
Event13th Color Imaging Conference: Color Science, Systems, Technologies, and Applications - Scottsdale, AZ, United States
Duration: Nov 7 2005Nov 11 2005

Other

Other13th Color Imaging Conference: Color Science, Systems, Technologies, and Applications
CountryUnited States
CityScottsdale, AZ
Period11/7/0511/11/05

Fingerprint

Entropy
Hash functions
Error correction

Keywords

  • Bounded Storage Model
  • Code Obfuscation
  • Cryptography
  • Entropic Security
  • Error-Correcting Codes
  • Information Reconciliation
  • Randomness Extractors

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition

Cite this

Dodis, Y., & Smith, A. (2005). Correcting errors without leaking partial information. In Proceedings of the Annual ACM Symposium on Theory of Computing (pp. 654-663) https://doi.org/10.1145/1060590.1060688

Correcting errors without leaking partial information. / Dodis, Yevgeniy; Smith, Adam.

Proceedings of the Annual ACM Symposium on Theory of Computing. 2005. p. 654-663.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y & Smith, A 2005, Correcting errors without leaking partial information. in Proceedings of the Annual ACM Symposium on Theory of Computing. pp. 654-663, 13th Color Imaging Conference: Color Science, Systems, Technologies, and Applications, Scottsdale, AZ, United States, 11/7/05. https://doi.org/10.1145/1060590.1060688
Dodis Y, Smith A. Correcting errors without leaking partial information. In Proceedings of the Annual ACM Symposium on Theory of Computing. 2005. p. 654-663 https://doi.org/10.1145/1060590.1060688
Dodis, Yevgeniy ; Smith, Adam. / Correcting errors without leaking partial information. Proceedings of the Annual ACM Symposium on Theory of Computing. 2005. pp. 654-663
@inproceedings{7892d4fda024479fb5e14b7add4bd8ce,
title = "Correcting errors without leaking partial information",
abstract = "This paper explores what kinds of information two parties must communicate in order to correct errors which occur in a shared secret string W. Any bits they communicate must leak a significant amount of information about W - that is, from the adversary's point of view, the entropy of W will drop significantly. Nevertheless, we construct schemes with which Alice and Bob can prevent an adversary from learning any useful information about W. Specifically, if the entropy of W is sufficiently high, then there is no function f(W) which the adversary can learn from the error-correction information with significant probability. This leads to several new results: (a) the design of noise-tolerant {"}perfectly oneway{"} hash functions in the sense of Canetti et al. [7], which in turn leads to obfuscation of proximity queries for high entropy secrets W; (b) private fuzzy extractors [11], which allow one to extract uniformly random bits from noisy and nonuniform data W, while also insuring that no sensitive information about W is leaked; and (c) noise tolerance and stateless key re-use in the Bounded Storage Model, resolving the main open problem of Ding [10]. The heart of our constructions is the design of strong randomness extractors with the property that the source W can be recovered from the extracted randomness and any string W′ which is close to W.",
keywords = "Bounded Storage Model, Code Obfuscation, Cryptography, Entropic Security, Error-Correcting Codes, Information Reconciliation, Randomness Extractors",
author = "Yevgeniy Dodis and Adam Smith",
year = "2005",
doi = "10.1145/1060590.1060688",
language = "English (US)",
pages = "654--663",
booktitle = "Proceedings of the Annual ACM Symposium on Theory of Computing",

}

TY - GEN

T1 - Correcting errors without leaking partial information

AU - Dodis, Yevgeniy

AU - Smith, Adam

PY - 2005

Y1 - 2005

N2 - This paper explores what kinds of information two parties must communicate in order to correct errors which occur in a shared secret string W. Any bits they communicate must leak a significant amount of information about W - that is, from the adversary's point of view, the entropy of W will drop significantly. Nevertheless, we construct schemes with which Alice and Bob can prevent an adversary from learning any useful information about W. Specifically, if the entropy of W is sufficiently high, then there is no function f(W) which the adversary can learn from the error-correction information with significant probability. This leads to several new results: (a) the design of noise-tolerant "perfectly oneway" hash functions in the sense of Canetti et al. [7], which in turn leads to obfuscation of proximity queries for high entropy secrets W; (b) private fuzzy extractors [11], which allow one to extract uniformly random bits from noisy and nonuniform data W, while also insuring that no sensitive information about W is leaked; and (c) noise tolerance and stateless key re-use in the Bounded Storage Model, resolving the main open problem of Ding [10]. The heart of our constructions is the design of strong randomness extractors with the property that the source W can be recovered from the extracted randomness and any string W′ which is close to W.

AB - This paper explores what kinds of information two parties must communicate in order to correct errors which occur in a shared secret string W. Any bits they communicate must leak a significant amount of information about W - that is, from the adversary's point of view, the entropy of W will drop significantly. Nevertheless, we construct schemes with which Alice and Bob can prevent an adversary from learning any useful information about W. Specifically, if the entropy of W is sufficiently high, then there is no function f(W) which the adversary can learn from the error-correction information with significant probability. This leads to several new results: (a) the design of noise-tolerant "perfectly oneway" hash functions in the sense of Canetti et al. [7], which in turn leads to obfuscation of proximity queries for high entropy secrets W; (b) private fuzzy extractors [11], which allow one to extract uniformly random bits from noisy and nonuniform data W, while also insuring that no sensitive information about W is leaked; and (c) noise tolerance and stateless key re-use in the Bounded Storage Model, resolving the main open problem of Ding [10]. The heart of our constructions is the design of strong randomness extractors with the property that the source W can be recovered from the extracted randomness and any string W′ which is close to W.

KW - Bounded Storage Model

KW - Code Obfuscation

KW - Cryptography

KW - Entropic Security

KW - Error-Correcting Codes

KW - Information Reconciliation

KW - Randomness Extractors

UR - http://www.scopus.com/inward/record.url?scp=34848837353&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34848837353&partnerID=8YFLogxK

U2 - 10.1145/1060590.1060688

DO - 10.1145/1060590.1060688

M3 - Conference contribution

SP - 654

EP - 663

BT - Proceedings of the Annual ACM Symposium on Theory of Computing

ER -