Short Non-Malleable Codes from Related-Key Secure Block Ciphers

A non-malleable code is an unkeyed randomized encoding scheme that offers the strong guarantee that decoding a tampered codeword either results in the original message, or in an unrelated message. We consider the simplest possible construction in the computational split-state model, which simply encodes a message m as k||Ek(m) for a uniformly random key k, where E is a block cipher. This construction is comparable to, but greatly simplifies over, the one of Kiayias et al. (ACM CCS 2016), who eschewed this simple scheme in fear of related-key attacks on E. In this work, we prove this construction to be a strong non-malleable code as long as E is (i) a pseudorandom permutation under leakage and (ii) related-key secure with respect to an arbitrary but fixed key relation. Both properties are believed to hold for “good” block ciphers, such as AES-128, making this non-malleable code very efficient with short codewords of length |m|+2τ (where τ is the security parameter, e.g., 128 bits), without significant security penalty.

[1]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[2]  Debdeep Mukhopadhyay,et al.  Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis , 2016, CHES.

[3]  Lance Fortnow,et al.  Innovations in Computer Science - ICS 2010 , 2010 .

[4]  Manoj Prabhakaran,et al.  Explicit Non-malleable Codes Against Bit-Wise Tampering and Permutations , 2015, CRYPTO.

[5]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[6]  Aggelos Kiayias,et al.  Practical Non-Malleable Codes from l-more Extractable Hash Functions , 2016, IACR Cryptol. ePrint Arch..

[7]  Israel Koren,et al.  Workshop on fault diagnosis and tolerance in cryptography , 2004, International Conference on Dependable Systems and Networks, 2004.

[8]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[9]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[10]  Pratyay Mukherjee,et al.  Non-Malleable Codes for Space-Bounded Tampering , 2017, CRYPTO.

[11]  Antoine Joux,et al.  Advances in Cryptology - EUROCRYPT 2009 , 2009, Lecture Notes in Computer Science.

[12]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[13]  Shachar Lovett,et al.  Non-malleable codes from additive combinatorics , 2014, STOC.

[14]  Adrian Thillard,et al.  On the Need of Randomness in Fault Attack Countermeasures - Application to AES , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[15]  Silas Richelson,et al.  Textbook non-malleable commitments , 2016, STOC.

[16]  Stefan Dziembowski,et al.  Non-Malleable Codes from Two-Source Extractors , 2013, IACR Cryptol. ePrint Arch..

[17]  Christophe Giraud,et al.  A Note on the Security of CHES 2014 Symmetric Infective Countermeasure , 2016, COSADE.

[18]  Michael Tunstall,et al.  Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output , 2012, LATINCRYPT.

[19]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[20]  Tal Malkin,et al.  Non-Malleable Codes from Average-Case Hardness: AC0, Decision Trees, and Streaming Space-Bounded Tampering , 2017, IACR Cryptol. ePrint Arch..

[21]  Ueli Maurer,et al.  From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes , 2015, TCC.

[22]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[23]  Antonio Faonio,et al.  Non-malleable Codes with Split-State Refresh , 2016, Public Key Cryptography.