### Abstract

Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fp^{n} (for a prime p and large enough dimension n): if L and R are uniformly random over Fp^{n}, and f, g : Fp^{n} → Fp^{n} are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

Original language | English (US) |
---|---|

Pages (from-to) | 524-546 |

Number of pages | 23 |

Journal | SIAM Journal on Computing |

Volume | 47 |

Issue number | 2 |

DOIs | |

State | Published - Jan 1 2018 |

### Fingerprint

### Keywords

- Additive combinatorics
- Coding theory
- Cryptography
- Non-malleable codes

### ASJC Scopus subject areas

- Computer Science(all)
- Mathematics(all)

### Cite this

*SIAM Journal on Computing*,

*47*(2), 524-546. https://doi.org/10.1137/140985251

**Non-malleable codes from additive combinatorics.** / Aggarwal, Divesh; Dodis, Yevgeniy; Lovett, Shachar.

Research output: Contribution to journal › Article

*SIAM Journal on Computing*, vol. 47, no. 2, pp. 524-546. https://doi.org/10.1137/140985251

}

TY - JOUR

T1 - Non-malleable codes from additive combinatorics

AU - Aggarwal, Divesh

AU - Dodis, Yevgeniy

AU - Lovett, Shachar

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

AB - Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible, for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. Although such codes do not exist if the family of “tampering functions” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so-called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the split-state model received considerable attention in the literature but either (1) were constructed in the random oracle model, or (2) relied on advanced cryptographic assumptions (such as noninteractive zero-knowledge proofs and leakage-resilient encryption), or (3) could only encode 1-bit messages. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function L, R over the vector space Fpn (for a prime p and large enough dimension n): if L and R are uniformly random over Fpn, and f, g : Fpn → Fpn are two arbitrary functions on L and R, then the joint distribution (L, R, f(L), g(R)) is “close” to the convex combination of “affine distributions” ((U, aU + b)

KW - Additive combinatorics

KW - Coding theory

KW - Cryptography

KW - Non-malleable codes

UR - http://www.scopus.com/inward/record.url?scp=85046704772&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046704772&partnerID=8YFLogxK

U2 - 10.1137/140985251

DO - 10.1137/140985251

M3 - Article

AN - SCOPUS:85046704772

VL - 47

SP - 524

EP - 546

JO - SIAM Journal on Computing

JF - SIAM Journal on Computing

SN - 0097-5397

IS - 2

ER -