Abstract
Non-malleable codes were introduced by Dziembowski et al. (ICS 2010) as coding schemes that protect a message against tampering attacks. Roughly speaking, a code is non-malleable if decoding an adversarially tampered encoding of a message \({\varvec{m}}\) produces the original message \({\varvec{m}}\) or a value \({\varvec{m}}'\) (possibly \(\bot \)) completely unrelated to \({\varvec{m}}\). It is known that non-malleability is possible only for restricted classes of tampering functions. Since their introduction, a long line of works has established feasibility results of non-malleable codes against different families of tampering functions. However, for many interesting families the challenge of finding “good” non-malleable codes remains open. In particular, we would like to have explicit constructions of non-malleable codes with high-rate and efficient encoding/decoding algorithms (i.e. low computational complexity). In this work we present two explicit constructions: the first one is a natural generalization of the work of Dziembowski et al. and gives rise to the first constant-rate non-malleable code with linear-time complexity (in a model including bit-wise independent tampering). The second construction is inspired by the recent works about non-malleable codes of Agrawal et al. (TCC 2015) and of Cheraghchi and Guruswami (TCC 2014) and improves our previous result in the bit-wise independent tampering model: it builds the first non-malleable codes with linear-time complexity and optimal-rate (i.e. rate \(1 - o(1)\)).
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The rate of the coding scheme \((\mathsf {Enc}, \mathsf {Dec})\) is the quotient of the length of the message \({\varvec{m}}\) over the length of its encoding \(\mathsf {Enc}({\varvec{m}})\). The computational complexity of the scheme is maximum of the computational complexities of the two algorithm \(\mathsf {Enc}\) and \(\mathsf {Dec}\) in function of the length of \({\varvec{m}}\).
- 2.
Determining which cryptographic primitives can be instantiated in linear-time is an interesting and challenging program started by Ishai et al. in [37].
- 3.
A Monte-Carlo construction by Cramer et al. [22] can be instantiated for a parameter range where the rate of the secret sharing scheme is bounded away from 1 by a constant, but not for rate approaching 1.
- 4.
The concrete instantiation we give in Corollary 3 leads to bit-wise independent tampering.
- 5.
The two definitions are equivalent. Given the pair \((\mathsf {Enc}, \mathsf {Dec})\) such that for any \({\varvec{m}}\) it holds \(\text {Pr}[\mathsf {Dec}(\mathsf {Enc}({\varvec{m}}))={\varvec{m}}]=1\), define \(\mathcal {C}\) as the image of \(\mathsf {Enc}\) in \((\mathbb {F}^\ell )^n\) and \(\psi \) as the map \(\mathsf {Dec}\) restricted to \(\mathcal {C}\).
- 6.
For Construction 1 we need a “strong” AMD code (as in [30]), while AMD codes were introduced in [24] by a slightly different (weaker) notion (\(\forall \,{\varvec{m}}\) and \(\forall \,{\varvec{e}} \), \(\text {Pr}[\mathsf {Dec}(\mathsf {Enc}({\varvec{m}})+{\varvec{e}})\notin \{\perp ,{\varvec{m}}\}]\le \epsilon \)).
- 7.
With \(({\varvec{I}}_k, {\varvec{M}})\) we indicate that we append the columns of \({\varvec{M}}\) to the ones of the identity matrix \({\varvec{I}}_k\).
- 8.
Abuse of notation, with \(g=\mathsf {Dec_{td}}\circ f\circ \mathsf {Enc_{td}}\) we mean the randomized function \(g:(\mathbb {F}^{\ell })^m\rightarrow (\mathbb {F}^{\ell })^m\) such that \((g({\varvec{v}}))_i= \mathsf {Dec_{td}}(f_i(\mathsf {Enc_{td}}({\varvec{v}}_i)))\) for all \(i\in [m]\).
- 9.
The construction presented in [15] is randomised, but since in our Construction 1 the parameter \(\ell \) is constant (respect to k) we can exhaustively search for the proper TD code.
- 10.
The family of LSSSs from Corollary 2 is \(\ell \) folded, where \(\ell \) is a constant respect to \(k'\). Thus, the scheme \((\mathsf {Sh}_{1},\mathsf {Rec}_{1})\) can be “unfolded” and still it remains a constant-rate scheme.
- 11.
The min-entropy of a random variable X is \({\text {H}}_{\infty }(X)=-\log _2(\max _{{\varvec{b}}}\text {Pr}[X={\varvec{b}}])\).
- 12.
Since we require compressors to be deterministic, generic methods for privacy amplification do not apply here.
References
Aggarwal, D., Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: Optimal computational split-state non-malleable codes. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 393–417. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_15
Aggarwal, D., Briët, J.: Revisiting the sanders-bogolyubov-ruzsa theorem in \({\rm fp}^{{\rm n}}\) and its application to non-malleable codes. In: IEEE International Symposium on Information Theory, ISIT 2016, Barcelona, Spain, 10–15 July 2016, pp. 1322–1326 (2016)
Aggarwal, D., Dodis, Y., Kazana, T., Obremski, M.: Non-malleable reductions and applications. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 459–468 (2015)
Aggarwal, D., Dodis, Y., Lovett, S.: Non-malleable codes from additive combinatorics. In: Proceedings of the 46th Annual ACM Symposium on Theory of Computing, STOC 2014, pp. 774–783. ACM, New York (2014)
Aggarwal, D., Dziembowski, S., Kazana, T., Obremski, M.: Leakage-resilient non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 398–426. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_17
Aggarwal, D., Kazana, T., Obremski, M.: Inception makes non-malleable codes stronger. IACR Cryptology ePrint Arch. 2015, 1013 (2015)
Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: Explicit non-malleable codes against bit-wise tampering and permutations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 538–557. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_26
Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: A rate-optimizing compiler for non-malleable codes against bit-wise tampering and permutations. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 375–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_16
Ball, M., Dachman-Soled, D., Kulkarni, M., Malkin, T.: Non-malleable codes for bounded depth, bounded fan-in circuits. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 881–908. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_31
Chandran, N., Goyal, V., Mukherjee, P., Pandey, O., Upadhyay, J.: Block-wise non-malleable codes. In: 43rd International Colloquium on Automata, Languages, and Programming, ICALP 2016, 11–15 July 2016, Rome, Italy, pp. 31:1–31:14 (2016)
Chandran, N., Kanukurthi, B., Raghuraman, S.: Information-theoretic local non-malleable codes and their applications. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 367–392. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_14
Chattopadhyay, E., Goyal, V., Li, X.: Non-malleable extractors and codes, with their many tampered extensions. In: Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, 18–21 June 2016, pp. 285–298 (2016)
Chattopadhyay, E., Zuckerman, D.: Non-malleable codes against constant split-state tampering. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, 18–21 October 2014, pp. 306–315 (2014)
Cheraghchi, M., Guruswami, V.: Capacity of non-malleable codes. In: Proceedings of the 5th Conference on Innovations in Theoretical Computer Science, ITCS 2014, pp. 155–168. ACM, New York (2014)
Cheraghchi, M., Guruswami, V.: Non-malleable coding against bit-wise and split-state tampering. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 440–464. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_19
Cheraghchi, M., Guruswami, V.: Capacity of non-malleable codes. IEEE Trans. Inf. Theor. 62(3), 1097–1118 (2016)
Cheraghchi, M., Guruswami, V.: Non-malleable coding against bit-wise and split-state tampering. J. Cryptology 30(1), 191–241 (2017)
Choi, S.G., Kiayias, A., Malkin, T.: BiTR: built-in tamper resilience. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 740–758. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_40
Chor, B., Goldreich, O., Hasted, J., Freidmann, J., Rudich, S., Smolensky, R.: The bit extraction problem or t-resilient functions. In: 26th Annual Symposium on Foundations of Computer Science, 1985, pp. 396–407. IEEE (1985)
Coretti, S., Dodis, Y., Tackmann, B., Venturi, D.: Non-malleable encryption: simpler, shorter, stronger. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 306–335. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49096-9_13
Coretti, S., Maurer, U., Tackmann, B., Venturi, D.: From single-bit to multi-bit public-key encryption via non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 532–560. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_22
Cramer, R., Damgård, I.B., Döttling, N., Fehr, S., Spini, G.: Linear secret sharing schemes from error correcting codes and universal hash functions. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 313–336. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_11
Cramer, R., Damgård, I., Döttling, N., Giacomelli, I., Xing, C.: Linear-time non-malleable codes in the bit-wise independent tampering model. IACR Cryptology ePrint Archive 2016/397
Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_27
Dachman-Soled, D., Kulkarni, M., Shahverdi, A.: Tight upper and lower bounds for leakage-resilient, locally decodable and updatable non-malleable codes. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 310–332. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54365-8_13
Dachman-Soled, D., Liu, F.-H., Shi, E., Zhou, H.-S.: Locally decodable and updatable non-malleable codes and their applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 427–450. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_18
Davì, F., Dziembowski, S., Venturi, D.: Leakage-resilient storage. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 121–137. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_9
Druk, E., Ishai, Y.: Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications. In: Innovations in Theoretical Computer Science, ITCS 2014, Princeton, NJ, USA, 12–14 January 2014, pp. 169–182 (2014)
Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 239–257. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_14
Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, Proceedings, pp. 434–452 (2010)
Faonio, A., Nielsen, J.B.: Non-malleable codes with split-state refresh. In: Public-Key Cryptography - PKC 2017–20th IACR International Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, 28–31 March 2017, Proceedings, Part I, pp. 279–309 (2017)
Faust, S., Mukherjee, P., Nielsen, J.B., Venturi, D.: Continuous non-malleable codes. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 465–488. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_20
Faust, S., Mukherjee, P., Venturi, D., Wichs, D.: Efficient non-malleable codes and key-derivation for poly-size tampering circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 111–128. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_7
Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness, Algorithms and Combinatorics, vol. 17. Springer, Heidelberg (1998)
Goyal, V., Khurana, D., Sahai, A.: Breaking the three round barrier for non-malleable commitments. In: IEEE 57th Annual Symposium on Foundations of Computer Science, FOCS 2016, 9–11 October 2016, Hyatt Regency, New Brunswick, New Jersey, USA, pp. 21–30 (2016)
Goyal, V., Pandey, O., Richelson, S.: Textbook non-malleable commitments. In: Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, 18–21 June 2016, pp. 1128–1141 (2016)
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: STOC, pp. 433–442 (2008)
Jafargholi, Z., Wichs, D.: Tamper detection and continuous non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 451–480. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_19
Kiayias, A., Liu, F., Tselekounis, Y.: Practical non-malleable codes from l-more extractable hash functions. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1317–1328 (2016)
Li, X.: Improved non-malleable extractors, non-malleable codes and independent source extractors. In: Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, Montreal, QC, Canada, 19–23 June 2017, pp. 1144–1156 (2017)
Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 517–532. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_30
Tellegen, B.D.H.: A general network theorem, with applications. Philips Res. Rep. 7, 259–269 (1952)
Acknowledgements
Ivan Damgård and Irene Giacomelli acknowledge support from the Danish National Research Foundation and The National Science Foundation of China (under the grant 61361136003) for the Sino-Danish Center for the Theory of Interactive Computation and from the Center for Research in Foundations of Electronic Markets (CFEM), supported by the Danish Strategic Research Council. Ivan Damgård acknowledges support from the Advanced ERC grant MPCPRO. Ronald Cramer acknowledges the support from ERC Advanced Grant ALGSTRONGCRYPTO.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Tellegen’s Principle
We will briefly discuss a technique know as Tellegen’s principle. Assume that we are given a linear algorithm \(\mathsf {T}\) computing the function \(f({\varvec{x}}) = {\varvec{x}}\cdot {\varvec{A}} \), where \({\varvec{A}}\) is a \(m \times n\) matrix over some ring R and \({\varvec{x}}\) is a vector from \(R^n\). Then we can transform \(\mathsf {T}\) into an algorithm \(\mathsf {T}'\) computing the function \(f'({\varvec{y}}) = {\varvec{y}}\cdot {\varvec{A}}^\top \), where \({\varvec{y}} \in R^m\) and \({\varvec{A}}^\top \) is the transpose of the matrix \({\varvec{A}}\), which has the same computational complexity as \(\mathsf {T}\). We will discuss this transformation for arithmetic circuits. We can decompose a circuit into a sequence of elementary instructions \(\phi _i\), where each \(\phi _i\) is a linear transformation on all the wires. We can thus write the matrix \({\varvec{A}}\) as \( {\varvec{A}} = \phi _n \cdot \phi _{n-1} \cdots \phi _2 \cdot \phi _1. \) Transposing \({\varvec{A}}\) immediately yields \( {\varvec{A}}^\top = \phi _1^\top \cdot \phi _2^\top \cdots \phi _{n-1}^\top \cdot \phi _n^\top \). Thus, we only have to consider the effect of transposition to the elementary instructions \(\phi _i\).
-
Instruction \(\phi _i\) multiplies a wire \({\varvec{x}}\) with a constant \(\alpha \in R\) and writes the output in the same register. In this case \(\phi _i^\top = \phi _i\), as the transformation matrix \(\phi _i\) is diagonal and thus symmetric.
-
Instruction \(\phi _i\) adds wire \({\varvec{y}}\) to wire \({\varvec{x}}\). In this case \(\phi _i^\top \) adds wire \({\varvec{x}}\) to wire \({\varvec{y}}\).
These two instructions are sufficient to implement any linear transformation. For instance, to clear an (auxiliary) register, simply multiply it by 0. We summarize this in the following Lemma.
Lemma 10
(Tellegen’s Principle [42]). Let \(\mathsf {T}({\varvec{x}})\) be a linear arithmetic circuit or linear RAM algorithm computing the function \({\varvec{x}}\cdot {\varvec{A}} \). Then there exists a linear arithmetic circuit \(\mathsf {T}'({\varvec{y}})\) that computes the function \({\varvec{y}}\cdot {\varvec{A}}^\top \) and has the same computational complexity as \(\mathsf {T}\).
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Cramer, R., Damgård, I., Döttling, N., Giacomelli, I., Xing, C. (2017). Linear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model. In: Shikata, J. (eds) Information Theoretic Security. ICITS 2017. Lecture Notes in Computer Science(), vol 10681. Springer, Cham. https://doi.org/10.1007/978-3-319-72089-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-72089-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72088-3
Online ISBN: 978-3-319-72089-0
eBook Packages: Computer ScienceComputer Science (R0)