Conference Paper

Deterministic History-Independent Strategies for Storing Information on Write-Once Memories.

Conference: Automata, Languages and Programming, 34th International Colloquium, ICALP 2007, Wroclaw, Poland, July 9-13, 2007, Proceedings
Source: DBLP
ABSTRACT
Motivated by the challenging task of designing \secure" vote storage mechanisms, we deal with information storage mechanisms that operate in extremely hostile environments. In such environments, the majority of existing techniques for information storage and for security are susceptible to powerful adversarial attacks. In this setting, we propose a mechanism for storing a set of at most K elements from a large universe of size N on write-once memories in a manner that does not reveal the insertion order of the elements. We consider a standard model for write-once memories, in which the memory is initialized to the all 0's state, and the only operation allowed is ∞ipping bits from 0 to 1. Whereas previously known constructions were either ine-cient (required £(K2) memory), randomized, or employed cryptographic techniques which are unlikely to be available in hostile environments, we eliminate each of these undesirable properties. The total amount of memory used by the mechanism is linear in the number of stored elements and poly-logarithmic in the size of the universe of elements. In addition, we consider one of the classical distributed computing problems: con∞ict reso- lution in multiple-access channels. By establishing a tight connection with the basic building block of our mechanism, we construct the flrst deterministic and non-adaptive con∞ict resolution algorithm whose running time is optimal up to poly-logarithmic factors.

Full-text preview

Available from: toc.cs.uchicago.edu
  • Source
    • "to be hidden from the adversary. Moran et al. [44] proposed a solution that requires O(n · polylog(N )) space, to store a set of at most n keys from a large universe of size N . "
    [Show abstract] [Hide abstract] ABSTRACT: Retention regulations require timely and irrecoverable disposal of data, a challenging task, as data and its side effects are stored and maintained at all layers of a computing system. Those side effects can be used as an oracle to derive the past existence of deleted data. Fortunately, history independence can be utilized to eliminate such history-related oracles. HIFS can provide history independence for file storage over mechanical disk drives. However, HIFS cannot provide history independence when deployed on top of flash devices, as flash memory manages its own internal block placement, which is often inherently history dependent. In this work, we initiate research on history independent flash devices. We design HiFlash, which achieves a strong notion of history independence by defending against an adversary allowed access to the flash at multiple different points in time. In addition, we design a simple, yet history independence friendly wear-leveling mechanism that allows HiFlash to smartly and advantageously trade off a tunable small amount of history leakage for a significant increase in the device's lifetime. Our prototype built in an actual flash device as well as extensive simulations validate the effectiveness of HiFlash.
    Preview · Article · Nov 2015
  • Source
    • ", log k. However, for optimal, i.e., O(k log n/k)-size monotone encodings no explicit deterministic construction has been provided so far [2, 31]. Selector-based data compression. "
    [Show abstract] [Hide abstract] ABSTRACT: We introduce a new combinatorial structure: superselectors. We show that superselectors subsume several important combinatorial structures used in the past few years to solve problems in group testing, compressed sensing, multi-channel conflict resolution and data security. We prove close upper and lower bounds on the size of superselectors and we provide efficient algorithms for their constructions. Albeit our bounds are very general, when they are instantiated on the combinatorial structures that are particular cases of superselectors (e.g., (p,k,n)-selectors [15], (d,ℓ)-list-disjunct matrices [25], MUT k (r)-families [28], FUT(k, α)-families [2], etc.) they match the best known bounds in terms of size of the structures (the relevant parameter in the applications). For appropriate values of parameters, our results also provide the first efficient deterministic algorithms for the construction of such structures.
    Preview · Article · Oct 2010
  • Source
    • "An incremental signature scheme is private if the signatures it outputs do not give any information on the sequence of edit operations that have been applied to produce the final document. An additional cryptographic application includes, for example, designing vote storage mechanisms (see [4, 21, 22]). As the order in which votes are cast is public, a vote storage mechanism must be history independent in order to guarantee the privacy of the election process. "
    [Show abstract] [Hide abstract] ABSTRACT: Cuckoo hashing is an efficient and practical dynamic dictionary. It provides expected amortized constant update time, worst case constant lookup time, and good memory utilization. Various experiments demonstrated that cuckoo hashing is highly suitable for modern computer architectures and distributed settings, and offers significant improvements compared to other schemes. In this work we construct a practical history-independent dynamic dictionary based on cuckoo hashing. In a history-independent data structure, the memory representation at any point in time yields no information on the specific sequence of insertions and deletions that led to its current content, other than the content itself. Such a property is significant when preventing unintended leakage of information, and was also found useful in several algorithmic settings. Our construction enjoys most of the attractive properties of cuckoo hashing. In particular, no dynamic memory allocation is required, updates are performed in expected amortized constant time, and membership queries are performed in worst case constant time. Moreover, with high probability, the lookup procedure queries only two memory entries which are independent and can be queried in parallel. The approach underlying our construction is to enforce a canonical memory representation on cuckoo hashing. That is, up to the initial randomness, each set of elements has a unique memory representation.
    Full-text · Conference Paper · Jul 2008
Show more