Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits

Self Cite

118

Abstract. Non-malleable codes are a natural relaxation of error correcting/detecting codes that have useful applications in the context of tamper resilient cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a given message can only leave it unchanged or modify it to the encoding of a completely unrelated value. This paper introduces an extension of the standard non-malleability security notion -so-called continuous non-malleability -where we allow the adversary to tamper continuously with an encoding. This is in contrast to the standard notion of non-malleable codes where the adversary only is allowed to tamper a single time with an encoding. We show how to construct continuous non-malleable codes in the common split-state model where an encoding consist of two parts and the tampering can be arbitrary but has to be independent with both parts. Our main contributions are outlined below:1. We propose a new uniqueness requirement of split-state codes which states that it is computationally hard to find two codewords X = (X0, X1) and X = (X0, X 1 ) such that both codewords are valid, but X0 is the same in both X and X . A simple attack shows that uniqueness is necessary to achieve continuous non-malleability in the split-state model. Moreover, we illustrate that none of the existing constructions satisfies our uniqueness property and hence is not secure in the continuous setting. 2. We construct a split-state code satisfying continuous non-malleability.Our scheme is based on the inner product function, collision-resistant hashing and non-interactive zero-knowledge proofs of knowledge and requires an untamperable common reference string. 3. We apply continuous non-malleable codes to protect arbitrary cryptographic primitives against tampering attacks. Previous applications of non-malleable codes in this setting required to perfectly erase the entire memory after each execution and required the adversary to be restricted in memory. We show that continuous non-malleable codes avoid these restrictions.

Section: Constructions Of Non-malleable Codesmentioning

confidence: 99%

Section: Continuous Non-malleabilitymentioning

confidence: 99%

See 1 more Smart Citation

Continuous Non-malleable Codes

Faust

Mukherjee

Nielsen

et al. 2014

Self Cite

118

“…To our knowledge, we can use the explicit constructions (of the non-malleable codes) in the work [23,11,44,24,26,1,3]. First we overview different classes of tampering/leakage function allowed for these results: the constructions of [23] work for bit-wise tampering functions, and split-state functions in the random oracle model.…”

Section: Instantiationsmentioning

confidence: 99%

Locally Decodable and Updatable Non-malleable Codes and Their Applications

Dachman-Soled

Liu

Shi

et al. 2015

Non-malleable codes, introduced as a relaxation of error-correcting codes by Dziembowski, Pietrzak and Wichs (ICS '10), provide the security guarantee that the message contained in a tampered codeword is either the same as the original message or is set to an unrelated value. Various applications of non-malleable codes have been discovered, and one of the most significant applications among these is the connection with tamper-resilient cryptography. There is a large body of work considering security against various classes of tampering functions, as well as non-malleable codes with enhanced features such as leakage resilience.In this work, we propose combining the concepts of non-malleability, leakage resilience, and locality in a coding scheme. The contribution of this work is three-fold:1. As a conceptual contribution, we define a new notion of locally decodable and updatable non-malleable code that combines the above properties.2. We present two simple and efficient constructions achieving our new notion with different levels of security.3. We present an important application of our new tool -securing RAM computation against memory tampering and leakage attacks. This is analogous to the usage of traditional non-malleable codes to secure implementations in the circuit model against memory tampering and leakage attacks.

“…We show that codes without secret state, as defined below, (e.g., those in [17,16,1,19,10,7,2]) cannot achieve (unconditional) non-malleability against parallel tampering-already for the case q = 1.…”

Section: B Necessity Of Codes With Secret Statementioning

confidence: 99%

Non-Malleable Encryption: Simpler, Shorter, Stronger

Coretti

Dodis

Tackmann

et al. 2015

Self Cite

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security:1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security?We answer all three questions in the positive. First, we improve the rate in the construction of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ 2 ) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural "encode-then-encrypt-bit-by-bit" approach to work.Finally, we introduce a new security notion for public-key encryption (PKE) that we dub nonmalleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results-(faster) construction from IND-CPA and domain extension from one-bit scheme-also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA security.