Capacity of Non-Malleable Codes

Non-malleable codes, introduced by Dziembowski et al., encode messages s in a manner, so that tampering the codeword causes the decoder to either output s or a message that is independent of s. While this is an impossible goal to achieve against unrestricted tampering functions, rather surprisingly non-malleable coding becomes possible against every fixed family P of tampering functions that is not too large (for instance, when I≤I 22αn for some α <; 1, where n is the number of bits in a codeword). In this paper, we study the capacity of non-malleable codes, and establish optimal bounds on the achievable rate as a function of the family size, answering an open problem from Dziembowski et al. Specifically, We prove that for every family P with IFI I≤I 22αn, there exist non-malleable codes against P with rate arbitrarily close to 1-α [this is achieved with high probability (w.h.p.) by a randomized construction]. We show the existence of families of size exp(nO(1)2αn) against which there is no non-malleable code of rate 1 - α (in fact this is the case w.h.p for a random family of this size). We also show that 1 - α is the best achievable rate for the family of functions, which are only allowed to tamper the first αn bits of the codeword, which is of special interest. As a corollary, this implies that the capacity of non-malleable coding in the split-state model (where the tampering function acts independently but arbitrarily on the two halves of the codeword, a model which has received some attention recently) equals 1/2. We also give an efficient Monte Carlo construction of codes of rate close to 1 with polynomial time encoding and decoding that is non-malleable against any fixed c > 0 and family P of size 2nc, in particular tampering functions with, say, cubic size circuits.

[1]  Venkatesan Guruswami,et al.  Non-malleable Coding Against Bit-Wise and Split-State Tampering , 2013, Journal of Cryptology.

[2]  Stefan Dziembowski,et al.  Non-Malleable Codes from Two-Source Extractors , 2013, IACR Cryptol. ePrint Arch..

[3]  Rajeev Motwani,et al.  Randomized algorithms , 1996, CSUR.

[4]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2016, IEEE Transactions on Information Theory.

[5]  Ueli Maurer,et al.  From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes , 2015, TCC.

[6]  Stefano Tessaro,et al.  The equivalence of the random oracle model and the ideal cipher model, revisited , 2010, STOC '11.

[7]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[8]  Daniel Wichs,et al.  Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits , 2014, EUROCRYPT.

[9]  Joachim von zur Gathen,et al.  Computing Frobenius maps and factoring polynomials , 2005, computational complexity.

[10]  Carles Padró,et al.  Optimal Algebraic Manipulation Detection Codes in the Constant-Error Model , 2015, TCC.

[11]  Zhengmin Zhang,et al.  Estimating Mutual Information Via Kolmogorov Distance , 2007, IEEE Transactions on Information Theory.

[12]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[13]  Victor Shoup,et al.  New algorithms for finding irreducible polynomials over finite fields , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[14]  Mihir Bellare,et al.  Randomness-efficient oblivious sampling , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[15]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[16]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[17]  B. Abdolmaleki Non-Malleable Codes , 2017 .

[18]  Lance Fortnow,et al.  Innovations in Computer Science - ICS 2010 , 2010 .

[19]  Daniel Wichs,et al.  Tamper Detection and Continuous Non-malleable Codes , 2015, TCC.

[20]  Venkatesan Guruswami,et al.  Capacity of Non-Malleable Codes , 2016, IEEE Trans. Inf. Theory.

[21]  Manoj Prabhakaran,et al.  Explicit Non-Malleable Codes Resistant to Permutations , 2014, IACR Cryptol. ePrint Arch..

[22]  Jean-Sébastien Coron,et al.  The Random Oracle Model and the Ideal Cipher Model Are Equivalent , 2008, CRYPTO.