Non-interactive timestamping in the bounded-storage model

Tal Moran*, Ronen Shaltiel, Amnon Ta-Shma

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


A timestamping scheme is non-interactive if a stamper can stamp a document without communicating with any other player. The only communication done is at validation time. Non-Interactive timestamping has many advantages, such as information theoretic privacy and enhanced robustness. Non-Interactive timestamping, however, is not possible against polynomial-time adversaries that have unbounded storage at their disposal. As a result, no non-interactive timestamping schemes were constructed up to date. In this paper we show that non-interactive timestamping is possible in the bounded-storage model, i.e., if the adversary has bounded storage, and a long random string is broadcast to all players. To the best of our knowledge, this is the first example of a cryptographic task that is possible in the bounded-storage model but is impossible in the "standard cryptographic setting," even when assuming "standard" cryptographic assumptions. We give an explicit construction that is secure against all bounded storage adversaries and a significantly more efficient construction secure against all bounded storage adversaries that run in polynomial time.

Original languageEnglish
Pages (from-to)189-226
Number of pages38
JournalJournal of Cryptology
Issue number2
StatePublished - Apr 2009


  • Bounded-storage model
  • Randomness extractors
  • Timestamping
  • Unbalanced expander graphs


Dive into the research topics of 'Non-interactive timestamping in the bounded-storage model'. Together they form a unique fingerprint.

Cite this