A timestamping scheme is non-interactive if a stamper can stamp a document without communicating with any other player. The only communication done is at validation time. Non-Interactive timestamping has many advantages, such as information theoretic privacy and enhanced robustness. Non-Interactive timestamping, however, is not possible against polynomial-time adversaries that have unbounded storage at their disposal. As a result, no non-interactive timestamping schemes were constructed up to date. In this paper we show that non-interactive timestamping is possible in the bounded-storage model, i.e., if the adversary has bounded storage, and a long random string is broadcast to all players. To the best of our knowledge, this is the first example of a cryptographic task that is possible in the bounded-storage model but is impossible in the "standard cryptographic setting," even when assuming "standard" cryptographic assumptions. We give an explicit construction that is secure against all bounded storage adversaries and a significantly more efficient construction secure against all bounded storage adversaries that run in polynomial time.
|Number of pages||38|
|Journal||Journal of Cryptology|
|State||Published - Apr 2009|
Bibliographical noteFunding Information:
Ronen Shaltiel: Some of this work was done while at the Weizmann Institute of Science and supported by the Koshland Scholarship. This research was also supported by Grant No 2004329 from the United States-Israel Binational Science Foundation (BSF) and by ISF grant 686/07.
Amnon Ta-Shma: Supported by the Binational Science Foundation, by the Israel Science Foundation, and by the EU Integrated Project QAP.
- Bounded-storage model
- Randomness extractors
- Unbalanced expander graphs
ASJC Scopus subject areas
- Computer Science Applications
- Applied Mathematics