Non-malleable codes from additive combinatorics

Divesh Aggarwal, Yevgeniy Dodis, Shachar Lovett

Research output: Contribution to journalArticle

Abstract

Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

Original languageEnglish (US)
Pages (from-to)524-546
Number of pages23
JournalSIAM Journal on Computing
Volume47
Issue number2
DOIs
StatePublished - Jan 1 2018

Fingerprint

Additive Combinatorics
Error detection
Error correction
Zero-knowledge Proof
Vector spaces
Secret Sharing Scheme
Error Detection
Random Oracle Model
Convex Combination
Cryptography
Error Correction
L-function
Joint Distribution
Leakage
Scalar, inner or dot product
Model
Encryption
Vector space
Family
Arbitrary

Keywords

  • Additive combinatorics
  • Coding theory
  • Cryptography
  • Non-malleable codes

ASJC Scopus subject areas

  • Computer Science(all)
  • Mathematics(all)

Cite this

Non-malleable codes from additive combinatorics. / Aggarwal, Divesh; Dodis, Yevgeniy; Lovett, Shachar.

In: SIAM Journal on Computing, Vol. 47, No. 2, 01.01.2018, p. 524-546.

Research output: Contribution to journalArticle

Aggarwal, Divesh ; Dodis, Yevgeniy ; Lovett, Shachar. / Non-malleable codes from additive combinatorics. In: SIAM Journal on Computing. 2018 ; Vol. 47, No. 2. pp. 524-546.
@article{32e606db3349447982841a3f70668482,
title = "Non-malleable codes from additive combinatorics",
abstract = "Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)",
keywords = "Additive combinatorics, Coding theory, Cryptography, Non-malleable codes",
author = "Divesh Aggarwal and Yevgeniy Dodis and Shachar Lovett",
year = "2018",
month = "1",
day = "1",
doi = "10.1137/140985251",
language = "English (US)",
volume = "47",
pages = "524--546",
journal = "SIAM Journal on Computing",
issn = "0097-5397",
publisher = "Society for Industrial and Applied Mathematics Publications",
number = "2",

}

TY - JOUR

T1 - Non-malleable codes from additive combinatorics

AU - Aggarwal, Divesh

AU - Dodis, Yevgeniy

AU - Lovett, Shachar

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

AB - Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

KW - Additive combinatorics

KW - Coding theory

KW - Cryptography

KW - Non-malleable codes

UR - http://www.scopus.com/inward/record.url?scp=85046704772&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046704772&partnerID=8YFLogxK

U2 - 10.1137/140985251

DO - 10.1137/140985251

M3 - Article

AN - SCOPUS:85046704772

VL - 47

SP - 524

EP - 546

JO - SIAM Journal on Computing

JF - SIAM Journal on Computing

SN - 0097-5397

IS - 2

ER -