Divesh Aggarwal, Y. Dodis, Tomasz Kazana, Maciej Obremski
{"title":"Non-malleable Reductions and Applications","authors":"Divesh Aggarwal, Y. Dodis, Tomasz Kazana, Maciej Obremski","doi":"10.1145/2746539.2746544","DOIUrl":null,"url":null,"abstract":"Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs [DPW10], provide a useful message integrity guarantee in situations where traditional error-correction (and even error-detection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely \"unrelated value\". Although such codes do not exist if the family of \"tampering functions\" cF allowed to modify the original codeword is completely unrestricted, they are known to exist for many broad tampering families cF. The family which received the most attention [DPW10,LL12,DKO13,ADL14,CG14a,CG14b] is the family of tampering functions in the so called (2-part) split-state model: here the message x is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with each L and R individually. Despite this attention, the following problem remained open: Build efficient, information-theoretically secure non-malleable codes in the split-state model with constant encoding rate: |L|=|R|=O(|x|). In this work, we resolve this open problem. Our technique for getting our main result is of independent interest. We develop a generalization of non-malleable codes, called non-malleable reductions; show simple composition theorem for non-malleable reductions; build a variety of such reductions connecting various (independently interesting) tampering families cF to each other; construct several new non-malleable codes in the split-state model by applying the composition theorem to a series of easy to understand reductions. Most importantly, we show several \"independence amplification\" reductions, showing how to reduce split-state tampering of very few parts to an easier question of split-state tampering with a much larger number of parts. In particular, our final, constant-rate, non-malleable code composes one of these reductions with the very recent, \"9-split-state\" code of Chattopadhyay and Zuckerman [CZ14].","PeriodicalId":20566,"journal":{"name":"Proceedings of the forty-seventh annual ACM symposium on Theory of Computing","volume":"16 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"94","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the forty-seventh annual ACM symposium on Theory of Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2746539.2746544","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 94
Abstract
Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs [DPW10], provide a useful message integrity guarantee in situations where traditional error-correction (and even error-detection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely "unrelated value". Although such codes do not exist if the family of "tampering functions" cF allowed to modify the original codeword is completely unrestricted, they are known to exist for many broad tampering families cF. The family which received the most attention [DPW10,LL12,DKO13,ADL14,CG14a,CG14b] is the family of tampering functions in the so called (2-part) split-state model: here the message x is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with each L and R individually. Despite this attention, the following problem remained open: Build efficient, information-theoretically secure non-malleable codes in the split-state model with constant encoding rate: |L|=|R|=O(|x|). In this work, we resolve this open problem. Our technique for getting our main result is of independent interest. We develop a generalization of non-malleable codes, called non-malleable reductions; show simple composition theorem for non-malleable reductions; build a variety of such reductions connecting various (independently interesting) tampering families cF to each other; construct several new non-malleable codes in the split-state model by applying the composition theorem to a series of easy to understand reductions. Most importantly, we show several "independence amplification" reductions, showing how to reduce split-state tampering of very few parts to an easier question of split-state tampering with a much larger number of parts. In particular, our final, constant-rate, non-malleable code composes one of these reductions with the very recent, "9-split-state" code of Chattopadhyay and Zuckerman [CZ14].