Non-Malleable Codes from Two-Source Extractors

We construct an efficient information-theoretically non-malleable code in the split-state model for one-bit messages. Non-malleable codes were introduced recently by Dziembowski, Pietrzak and Wichs (ICS 2010), as a general tool for storing messages securely on hardware that can be subject to tampering attacks. Informally, a code \((\mathsf{Enc} : {\cal M} \rightarrow {\cal L} \times {\cal R}, \mathsf{Dec} : {\cal L} \times {\cal R} \rightarrow {\cal M})\) is non-malleable in the split-state model if any adversary, by manipulating independently L and R (where (L,R) is an encoding of some message M), cannot obtain an encoding of a message M′ that is not equal to M but is “related” M in some way. Until now it was unknown how to construct an information-theoretically secure code with such a property, even for \({\cal M} = \{0,1\}\). Our construction solves this problem. Additionally, it is leakage-resilient, and the amount of leakage that we can tolerate can be an arbitrary fraction ξ < 1/4 of the length of the codeword. Our code is based on the inner-product two-source extractor, but in general it can be instantiated by any two-source extractor that has large output and has the property of being flexible, which is a new notion that we define.

[1]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[2]  Yevgeniy Dodis,et al.  Privacy Amplification and Non-malleable Extractors via Character Sums , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[3]  Feng-Hao Liu,et al.  Tamper and Leakage Resilience in the Split-State Model , 2012, IACR Cryptol. ePrint Arch..

[4]  Hoeteck Wee Public Key Encryption against Related Key Attacks , 2012, Public Key Cryptography.

[5]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[6]  Gérard D. Cohen,et al.  Non-malleable codes from the wire-tap channel , 2011, 2011 IEEE Information Theory Workshop.

[7]  Stefan Dziembowski,et al.  Intrusion-Resilient Secret Sharing , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[8]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[9]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[10]  Gérard D. Cohen,et al.  Secure network coding and non-malleable codes: Protection against linear tampering , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[11]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[12]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[13]  Stefan Dziembowski,et al.  Leakage-Resilient Circuits without Computational Assumptions , 2012, TCC.

[14]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[15]  Yael Tauman Kalai,et al.  Securing Circuits against Constant-Rate Tampering , 2012, CRYPTO.

[16]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[17]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[18]  Ran Raz,et al.  Non-malleable Extractors with Short Seeds and Applications to Privacy Amplification , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[19]  Yael Tauman Kalai,et al.  Cryptography with Tamperable and Leaky Memory , 2011, CRYPTO.

[20]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, Theory of Cryptography Conference.

[21]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[22]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[23]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[24]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[25]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[26]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[27]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[28]  Anup Rao,et al.  An Exposition of Bourgain's 2-Source Extractor , 2007, Electron. Colloquium Comput. Complex..

[29]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[30]  J. Bourgain,et al.  MORE ON THE SUM-PRODUCT PHENOMENON IN PRIME FIELDS AND ITS APPLICATIONS , 2005 .

[31]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[32]  Daniele Venturi,et al.  Tamper-Proof Circuits: How to Trade Leakage for Tamper-Resilience , 2011, ICALP.

[33]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[34]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[35]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[36]  Allison Bishop,et al.  Storing Secrets on Continually Leaky Devices , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.