Optimal Computational Split-state Non-malleable Codes

Aggarwal, Divesh; Agrawal, Shashank; Gupta, Divya; Maji, Hemanta K.; Pandey, Omkant; Prabhakaran, Manoj

doi:10.1007/978-3-662-49099-0_15

Cited by 46 publications

(25 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interesting open questions related to our work are, for instance, whether continuous non-malleability can be achieved, under minimal assumptions, together with additional properties, such as strong non-malleability [27], supernon-malleability [32], augmented non-malleability [2], and locality [22,13,21], or whether the rate of our code construction can be improved.…”

Section: Conclusion and Open Problemsmentioning

confidence: 99%

See 1 more Smart Citation

Continuously Non-Malleable Codes in the Split-State Model from Minimal Assumptions

Ostrovsky

Persiano

Venturi

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

At ICS 2010, Dziembowski, Pietrzak and Wichs introduced the notion of non-malleable codes, a weaker form of error-correcting codes guaranteeing that the decoding of a tampered codeword either corresponds to the original message or to an unrelated value. The last few years established non-malleable codes as one of the recently invented cryptographic primitives with the highest impact and potential, with very challenging open problems and applications. In this work, we focus on so-called continuously non-malleable codes in the split-state model, as proposed by Faust et al. (TCC 2014), where a codeword is made of two shares and an adaptive adversary makes a polynomial number of attempts in order to tamper the target codeword, where each attempt is allowed to modify the two shares independently (yet arbitrarily). Achieving continuous non-malleability in the split-state model has been so far very hard. Indeed, the only known constructions require strong setup assumptions (i.e., the existence of a common reference string) and strong complexity-theoretic assumptions (i.e., the existence of non-interactive zero-knowledge proofs and collision-resistant hash functions). As our main result, we construct a continuously non-malleable code in the split-state model without setup assumptions, requiring only one-toone one-way functions (i.e., essentially optimal computational assumptions). Our result introduces several new ideas that make progress towards understanding continuous non-malleability, and shows interesting connections with protocol-design and proof-approach techniques used in other contexts (e.g., look-ahead simulation in zero-knowledge proofs, non-malleable commitments, and leakage resilience).

show abstract

Section: Conclusion and Open Problemsmentioning

confidence: 99%

“…We refer the reader to §1.5 for an overview of known constructions of non-malleable codes for different classes Φ. Previous work showed how to construct split-state non-malleable codes, both for the information-theoretic setting [27,25,4,18,6,3,13,7,37] and the computational setting [38,30,22,2].…”

Section: Introductionmentioning

confidence: 99%

Continuously Non-Malleable Codes in the Split-State Model from Minimal Assumptions

Ostrovsky

Persiano

Venturi

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Non-malleable codes for other function classes have been extensively studied, such as constant split-state functions [17,25], block-wise tampering [15,19], while the work of [2] develops beautiful connections among various function classes. In addition, other variants of non-malleable codes have been proposed, such as continuous non-malleable codes [30], augmented non-malleable codes [1], locally decodable/updatable non-malleable codes [16,[22][23][24]31], and non-malleable codes with split-state refresh [28]. In [7] the authors consider AC0 circuits, bounded-depth decision trees and streaming, space-bounded adversaries.…”

Section: Related Workmentioning

confidence: 99%

“…The current state of the art in the computational setting considers tools such as (Authenticated) Encryption [1,22,24,28,36,37], non-interactive zeroknowledge (NIZK) proofs [22,28,30,37], and -more extractable collision resistant hashes (ECRH) [36], where others use KEM/DEM techniques [1,24]. Those constructions share a common structure, incorporating a short secret key sk (or a short encoding of it), as well as a long ciphertext, e, and a proof π (or a hash value).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Non-Malleable Codes for Partial Functions with Manipulation Detection

Kiayias

Liu

Tselekounis

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs (ICS '10) and its main application is the protection of cryptographic devices against tampering attacks on memory. In this work, we initiate a comprehensive study on non-malleable codes for the class of partial functions, that read/write on an arbitrary subset of codeword bits with specific cardinality. Our constructions are efficient in terms of information rate, while allowing the attacker to access asymptotically almost the entire codeword. In addition, they satisfy a notion which is stronger than non-malleability, that we call non-malleability with manipulation detection, guaranteeing that any modified codeword decodes to either the original message or to ⊥. Finally, our primitive implies All-Or-Nothing Transforms (AONTs) and as a result our constructions yield efficient AONTs under standard assumptions (only one-way functions), which, to the best of our knowledge, was an open question until now. In addition to this, we present a number of additional applications of our primitive in tamper resilience.4 Specifically, in [32], the authors consider a model where a common reference string (CRS) is available, with length roughly logarithmic in the size of the tampering function class; as a consequence, the tampering function is allowed to read/write the whole codeword while having only partial information over the CRS. 5 Informally, prior works [18,27] showed existence of non-malleable codes for classes of certain bounded cardinalities. The results cover the class of partial functions. 6 The attacks by [8,11,12] require the modification of a single (random) memory bit, while in [10] a single error per each round of the computation suffices. In [44], the attack requires a single faulty byte.

show abstract