Non-malleable codes from additive combinatorics

Non-malleable codes provide a useful and meaningful security guarantee in situations where traditional errorcorrection (and even error-detection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. Although such codes do not exist if the family of "tampering functions" F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so called split-state model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The split-state tampering arises in many realistic applications, such as the design of non-malleable secret sharing schemes, motivating the question of designing efficient non-malleable codes in this model. Prior to this work, non-malleable codes in the splitstate model received considerable attention in the literature, but were constructed either (1) in the random oracle model [16], or (2) relied on advanced cryptographic assumptions (such as non-interactive zero-knowledge proofs and leakage-resilient encryption) [26], or (3) could only encode 1-bit messages [14]. As our main result, we build the first efficient, multi-bit, information-theoretically-secure non-malleable code in the split-state model. The heart of our construction uses the following new property of the inner-product function ⟨L;R⟩ over the vector space Fnp (for a prime p and large enough dimension n): if L and R are uniformly random over Fnp, and f, g: Fnp → Fnp are two arbitrary functions on L and R, then the joint distribution (⟨L;R⟩, ⟨f(L), g(R)⟩) is "close" to the convex combination of "affine distributions" {(U, aU + b) --- a, b ε Fp}, where U is uniformly random in Fp. In turn, the proof of this surprising property of the inner product function critically relies on some results from additive combinatorics, including the so called Quasi-polynomial Freiman-Ruzsa Theorem which was recently established by Sanders [29] as a step towards resolving the Polynomial Freiman-Ruzsa conjecture [21].

[1]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[2]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[3]  Manoj Prabhakaran,et al.  A Rate-Optimizing Compiler for Non-malleable Codes Against Bit-Wise Tampering and Permutations , 2015, TCC.

[4]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[5]  Manoj Prabhakaran,et al.  Explicit Non-Malleable Codes Resistant to Permutations , 2014, IACR Cryptol. ePrint Arch..

[6]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[7]  Vipul Goyal,et al.  Block-wise Non-Malleable Codes , 2016, IACR Cryptol. ePrint Arch..

[8]  Venkatesan Guruswami,et al.  Non-malleable Coding Against Bit-Wise and Split-State Tampering , 2013, Journal of Cryptology.

[9]  Venkatesan Guruswami,et al.  Capacity of Non-Malleable Codes , 2013, IEEE Transactions on Information Theory.

[10]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[11]  Yael Tauman Kalai,et al.  Cryptography with Tamperable and Leaky Memory , 2011, CRYPTO.

[12]  Wen-Guey Tzeng,et al.  Extracting randomness from multiple independent sources , 2005, IEEE Transactions on Information Theory.

[13]  Yevgeniy Dodis,et al.  Non-malleable Encryption: Simpler, Shorter, Stronger , 2016, Journal of Cryptology.

[14]  Gérard D. Cohen,et al.  Non-malleable codes from the wire-tap channel , 2011, 2011 IEEE Information Theory Workshop.

[15]  Daniel Wichs,et al.  Tamper Detection and Continuous Non-malleable Codes , 2015, TCC.

[16]  T. Sanders On the Bogolyubov–Ruzsa lemma , 2010, 1011.0107.

[17]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[18]  Divesh Aggarwal,et al.  Optimal Computational Split-state Non-malleable Codes , 2016, TCC.

[19]  Ben Green,et al.  Finite field models in additive combinatories , 2004, BCC.

[20]  Emanuele Viola,et al.  Selected Results in Additive Combinatorics: An Exposition , 2007, Theory Comput..

[21]  Gérard D. Cohen,et al.  Secure network coding and non-malleable codes: Protection against linear tampering , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[22]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[23]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[24]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[25]  Daniel Wichs,et al.  Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits , 2014, EUROCRYPT.

[26]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[28]  Divesh Aggarwal,et al.  Affine-evasive sets modulo a prime , 2015, Inf. Process. Lett..

[29]  David Zuckerman,et al.  Non-malleable Codes against Constant Split-State Tampering , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[30]  Ueli Maurer,et al.  From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes , 2015, TCC.

[31]  Vipul Goyal,et al.  Non-malleable extractors and codes, with their many tampered extensions , 2015, IACR Cryptol. ePrint Arch..

[32]  Xin Li,et al.  Improved non-malleable extractors, non-malleable codes and independent source extractors , 2016, Electron. Colloquium Comput. Complex..

[33]  Feng-Hao Liu,et al.  Tamper and Leakage Resilience in the Split-State Model , 2012, IACR Cryptol. ePrint Arch..

[34]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets , 2006, IEEE Transactions on Information Theory.

[35]  Endre Szemerédi,et al.  A statistical theorem of set addition , 1994, Comb..

[36]  Yevgeniy Dodis,et al.  Non-malleable Reductions and Applications , 2015, Electron. Colloquium Comput. Complex..

[37]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[38]  W. T. Gowers,et al.  A New Proof of Szemerédi's Theorem for Arithmetic Progressions of Length Four , 1998 .

[39]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[40]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[41]  Stefan Dziembowski,et al.  Non-Malleable Codes from Two-Source Extractors , 2013, IACR Cryptol. ePrint Arch..

[42]  Alex Samorodnitsky,et al.  Low-degree tests at large distances , 2006, STOC '07.