Leakage-Resilient Non-malleable Codes

Aggarwal, Divesh; Dziembowski, Stefan; Kazana, Tomasz; Obremski, Maciej

doi:10.1007/978-3-662-46494-6_17

Cited by 38 publications

(26 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Beyond the constructions of [23,9,25], non-malleable codes exists against block-wise tampering [11], against bit-wise tampering and permutations [5,4], against split-state tampering-both information-theoretic [22,2,7,3,1] and computational [38,18]-and in a setting where the computational complexity of the tampering functions is limited [8,27,34]. We stress that the typical application of non-malleable codes is to protect cryptographic schemes against memory tampering (see, e.g., [29,23,19,20]).…”

Section: More Details On Related Workmentioning

confidence: 99%

“…3 Reductions. When relating two distinguishing problems, it is convenient to use a special type of system C that translates one setting into the other.…”

Section: Distinguishersmentioning

confidence: 99%

“…A slight modification of protocol 1-pke yields the protocol 1-pke for construction (3). Essentially, all public keys are concatenated and sent via a single ←−•.…”

Section: D2 Single-bit Channels From Single-bit Pkementioning

confidence: 99%

See 2 more Smart Citations

From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes

Coretti

Maurer

Tackmann

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

One approach towards basing public-key encryption (PKE) schemes on weak and credible assumptions is to build "stronger" or more general schemes generically from "weaker" or more restricted ones. One particular line of work in this context was initiated by Myers and shelat (FOCS '09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt '12), who provide constructions of multi-bit CCA-secure PKE from single-bit CCA-secure PKE.It is well-known that encrypting each bit of a plaintext string independently is not CCA-securethe resulting scheme is malleable. We therefore investigate whether this malleability can be dealt with using the conceptually simple approach of applying a suitable non-malleable code (Dziembowski et al., ICS '10) to the plaintext and subsequently encrypting the resulting codeword bitby-bit. We find that an attacker's ability to ask multiple decryption queries requires that the underlying code be continuously non-malleable (Faust et al., TCC '14). Since, as we show, this flavor of non-malleability can only be achieved if the code is allowed to "self-destruct," the resulting scheme inherits this property and therefore only achieves a weaker variant of CCA security.We formalize this new notion of so-called self-destruct CCA security (SD-CCA) as CCA security with the restriction that the decryption oracle stops working once the attacker submits an invalid ciphertext. We first show that the above approach based on non-malleable codes yields a solution to the problem of domain extension for SD-CCA-secure PKE, provided that the underlying code is continuously non-malleable against a reduced form of bit-wise tampering. Then, we prove that the code of Dziembowski et al. is actually already continuously non-malleable against (even full ) bit-wise tampering; this constitutes the first information-theoretically secure continuously nonmalleable code, a technical contribution that we believe is of independent interest. Compared to the previous approaches to PKE domain extension, our scheme is more efficient and intuitive, at the cost of not achieving full CCA security. Our result is also one of the first applications of non-malleable codes in a context other than memory tampering.

show abstract

Section: More Details On Related Workmentioning

confidence: 99%

“…3 Reductions. When relating two distinguishing problems, it is convenient to use a special type of system C that translates one setting into the other.…”

Section: Distinguishersmentioning

confidence: 99%

See 1 more Smart Citation

From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes

Coretti

Maurer

Tackmann

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The small mutual information of [6]. The number of leakage queries is proportional to the number of look-ahead threads, and thus to the number of errors done by the reduction when giving optimistic answers.…”

Section: Positive Resultsmentioning

confidence: 99%

“…We refer the reader to §1.5 for an overview of known constructions of non-malleable codes for different classes Φ. Previous work showed how to construct split-state non-malleable codes, both for the information-theoretic setting [27,25,4,18,6,3,13,7,37] and the computational setting [38,30,22,2].…”

Section: Introductionmentioning

confidence: 99%

Continuously Non-Malleable Codes in the Split-State Model from Minimal Assumptions

Ostrovsky

Persiano

Venturi

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

At ICS 2010, Dziembowski, Pietrzak and Wichs introduced the notion of non-malleable codes, a weaker form of error-correcting codes guaranteeing that the decoding of a tampered codeword either corresponds to the original message or to an unrelated value. The last few years established non-malleable codes as one of the recently invented cryptographic primitives with the highest impact and potential, with very challenging open problems and applications. In this work, we focus on so-called continuously non-malleable codes in the split-state model, as proposed by Faust et al. (TCC 2014), where a codeword is made of two shares and an adaptive adversary makes a polynomial number of attempts in order to tamper the target codeword, where each attempt is allowed to modify the two shares independently (yet arbitrarily). Achieving continuous non-malleability in the split-state model has been so far very hard. Indeed, the only known constructions require strong setup assumptions (i.e., the existence of a common reference string) and strong complexity-theoretic assumptions (i.e., the existence of non-interactive zero-knowledge proofs and collision-resistant hash functions). As our main result, we construct a continuously non-malleable code in the split-state model without setup assumptions, requiring only one-toone one-way functions (i.e., essentially optimal computational assumptions). Our result introduces several new ideas that make progress towards understanding continuous non-malleability, and shows interesting connections with protocol-design and proof-approach techniques used in other contexts (e.g., look-ahead simulation in zero-knowledge proofs, non-malleable commitments, and leakage resilience).

show abstract

Upper and Lower Bounds for Continuous Non-Malleable Codes

Dachman-Soled

Kulkarni

2019

Public-Key Cryptography – PKC 2019

View full text Add to dashboard Cite

Leakage-Resilient Non-malleable Codes

Cited by 38 publications

References 32 publications

From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes

From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes

Continuously Non-Malleable Codes in the Split-State Model from Minimal Assumptions

Upper and Lower Bounds for Continuous Non-Malleable Codes

Contact Info

Product

Resources

About