732 research outputs found
Information-theoretic Local Non-malleable Codes and their Applications
Error correcting codes, though powerful, are only applicable in scenarios where the adversarial channel does not introduce ``too many errors into the codewords. Yet,
the question of having guarantees even in the face of many errors is well-motivated. Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010), address precisely this question. Such codes guarantee that even if an adversary completely over-writes the codeword, he cannot transform it into a
codeword for a related message. Not only is this a creative solution to the problem mentioned above, it is also a very meaningful one. Indeed, non-malleable codes have inspired a rich body of theoretical constructions as well as applications to tamper-resilient cryptography, CCA2 encryption schemes and so on.
Another remarkable variant of error correcting codes were introduced by Katz and Trevisan (STOC 2000) when they explored the question of decoding ``locally . Locally decodable codes are coding schemes which have an additional ``local decode procedure: in order to decode a bit of the message, this procedure accesses only a few bits of the codeword. These codes too have received tremendous attention from researchers and have applications to various primitives in cryptography such as private information retrieval. More recently, Chandran, Kanukurthi and Ostrovsky (TCC 2014) explored the converse problem of making the ``re-encoding process local. Locally updatable codes have an additional ``local update procedure: in order to update a bit of the message, this procedure accesses/rewrites only a few bits of the codeword.
At TCC 2015, Dachman-Soled, Liu, Shi and Zhou initiated the study of locally decodable and updatable non-malleable codes, thereby combining all the important properties mentioned above into one tool. Achieving locality and non-malleability is non-trivial. Yet, Dachman-Soled \etal \ provide a meaningful definition of local non-malleability and provide a construction that satisfies it. Unfortunately, their construction is secure only in the computational setting.
In this work, we construct information-theoretic non-malleable codes which are locally updatable and decodable. Our codes are non-malleable against \s{F}_{\textsf{half}}, the class of tampering functions where each function is arbitrary but acts (independently) on two separate parts of the codeword. This is one of the strongest adversarial models for which explicit constructions of standard non-malleable codes (without locality) are known. Our codes have \bigo(1) rate and locality \bigo(\lambda), where is the security parameter. We also show a rate code with locality that is non-malleable against bit-wise tampering functions. Finally, similar to Dachman-Soled \etal, our work finds applications to information-theoretic secure RAM computation
Non-Malleable Codes for Small-Depth Circuits
We construct efficient, unconditional non-malleable codes that are secure
against tampering functions computed by small-depth circuits. For
constant-depth circuits of polynomial size (i.e. tampering
functions), our codes have codeword length for a -bit
message. This is an exponential improvement of the previous best construction
due to Chattopadhyay and Li (STOC 2017), which had codeword length
. Our construction remains efficient for circuit depths as
large as (indeed, our codeword length remains
, and extending our result beyond this would require
separating from .
We obtain our codes via a new efficient non-malleable reduction from
small-depth tampering to split-state tampering. A novel aspect of our work is
the incorporation of techniques from unconditional derandomization into the
framework of non-malleable reductions. In particular, a key ingredient in our
analysis is a recent pseudorandom switching lemma of Trevisan and Xue (CCC
2013), a derandomization of the influential switching lemma from circuit
complexity; the randomness-efficiency of this switching lemma translates into
the rate-efficiency of our codes via our non-malleable reduction.Comment: 26 pages, 4 figure
Non-Malleable Extractors and Codes, with their Many Tampered Extensions
Randomness extractors and error correcting codes are fundamental objects in
computer science. Recently, there have been several natural generalizations of
these objects, in the context and study of tamper resilient cryptography. These
are seeded non-malleable extractors, introduced in [DW09]; seedless
non-malleable extractors, introduced in [CG14b]; and non-malleable codes,
introduced in [DPW10].
However, explicit constructions of non-malleable extractors appear to be
hard, and the known constructions are far behind their non-tampered
counterparts.
In this paper we make progress towards solving the above problems. Our
contributions are as follows.
(1) We construct an explicit seeded non-malleable extractor for min-entropy
. This dramatically improves all previous results and gives a
simpler 2-round privacy amplification protocol with optimal entropy loss,
matching the best known result in [Li15b].
(2) We construct the first explicit non-malleable two-source extractor for
min-entropy , with output size and
error .
(3) We initiate the study of two natural generalizations of seedless
non-malleable extractors and non-malleable codes, where the sources or the
codeword may be tampered many times. We construct the first explicit
non-malleable two-source extractor with tampering degree up to
, which works for min-entropy , with
output size and error . We show that we can
efficiently sample uniformly from any pre-image. By the connection in [CG14b],
we also obtain the first explicit non-malleable codes with tampering degree
up to , relative rate , and error
.Comment: 50 pages; see paper for full abstrac
Limits to Non-Malleability
There have been many successes in constructing explicit non-malleable codes for various classes of tampering functions in recent years, and strong existential results are also known. In this work we ask the following question:
When can we rule out the existence of a non-malleable code for a tampering class ??
First, we start with some classes where positive results are well-known, and show that when these classes are extended in a natural way, non-malleable codes are no longer possible. Specifically, we show that no non-malleable codes exist for any of the following tampering classes:
- Functions that change d/2 symbols, where d is the distance of the code;
- Functions where each input symbol affects only a single output symbol;
- Functions where each of the n output bits is a function of n-log n input bits.
Furthermore, we rule out constructions of non-malleable codes for certain classes ? via reductions to the assumption that a distributional problem is hard for ?, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for NC, even assuming average-case variants of P ? NC
On Split-State Quantum Tamper Detection and Non-Malleability
Tamper-detection codes (TDCs) and non-malleable codes (NMCs) are now
fundamental objects at the intersection of cryptography and coding theory. Both
of these primitives represent natural relaxations of error-correcting codes and
offer related security guarantees in adversarial settings where error
correction is impossible. While in a TDC, the decoder is tasked with either
recovering the original message or rejecting it, in an NMC, the decoder is
additionally allowed to output a completely unrelated message.
In this work, we study quantum analogs of one of the most well-studied
adversarial tampering models: the so-called split-state tampering model. In the
-split-state model, the codeword (or code-state) is divided into shares,
and each share is tampered with "locally". Previous research has primarily
focused on settings where the adversaries' local quantum operations are
assisted by an unbounded amount of pre-shared entanglement, while the code
remains unentangled, either classical or separable.
We construct quantum TDCs and NMCs in several
analogs of the split-state model, which are provably impossible using just
classical codes. In particular, against split-state adversaries restricted to
local (unentangled) operations, local operations and classical communication,
as well as a "bounded storage model" where they are limited to a finite amount
of pre-shared entanglement. We complement our code constructions in two
directions. First, we present applications to designing secret sharing schemes,
which inherit similar non-malleable and tamper-detection guarantees. Second, we
discuss connections between our codes and quantum encryption schemes, which we
leverage to prove singleton-type bounds on the capacity of certain families of
quantum NMCs in the split-state model
Split-State Non-Malleable Codes and Secret Sharing Schemes for Quantum Messages
Non-malleable codes are fundamental objects at the intersection of
cryptography and coding theory. These codes provide security guarantees even in
settings where error correction and detection are impossible, and have found
applications to several other cryptographic tasks. Roughly speaking, a
non-malleable code for a family of tampering functions guarantees that no
adversary can tamper (using functions from this family) the encoding of a given
message into the encoding of a related distinct message. Non-malleable secret
sharing schemes are a strengthening of non-malleable codes which satisfy
additional privacy and reconstruction properties.
We first focus on the -split-state tampering model, one of the strongest
and most well-studied adversarial tampering models. Here, a codeword is split
into two parts which are stored in physically distant servers, and the
adversary can then independently tamper with each part using arbitrary
functions. This model can be naturally extended to the secret sharing setting
with several parties by having the adversary independently tamper with each
share.
Previous works on non-malleable coding and secret sharing in the split-state
tampering model only considered the encoding of \emph{classical} messages.
Furthermore, until the recent work by Aggarwal, Boddu, and Jain (arXiv 2022),
adversaries with quantum capabilities and \emph{shared entanglement} had not
been considered, and it is a priori not clear whether previous schemes remain
secure in this model.
In this work, we introduce the notions of split-state non-malleable codes and
secret sharing schemes for quantum messages secure against quantum adversaries
with shared entanglement. We also present explicit constructions of such
schemes that achieve low-error non-malleability
Non-malleable coding against bit-wise and split-state tampering
Non-malleable coding, introduced by Dziembowski et al. (ICS 2010), aims for protecting the integrity of information against tampering attacks in situations where error detection is impossible. Intuitively, information encoded by a non-malleable code either decodes to the original message or, in presence of any tampering, to an unrelated message. Non-malleable coding is possible against any class of adversaries of bounded size. In particular, Dziembowski et al. show that such codes exist and may achieve positive rates for any class of tampering functions of size at most (Formula presented.), for any constant (Formula presented.). However, this result is existential and has thus attracted a great deal of subsequent research on explicit constructions of non-malleable codes against natural classes of adversaries. In this work, we consider constructions of coding schemes against two well-studied classes of tampering functions; namely, bit-wise tampering functions (where the adversary tampers each bit of the encoding independently) and the much more general class of split-state adversaries (where two independent adversaries arbitrarily tamper each half of the encoded sequence). We obtain the following results for these models. (1) For bit-tampering adversaries, we obtain explicit and efficiently encodable and decodable non-malleable codes of length n achieving rate (Formula presented.) and error (also known as “exact security”) (Formula presented.). Alternatively, it is possible to improve the error to (Formula presented.) at the cost of making the construction Monte Carlo with success probability (Formula presented.) (while still allowing a compact description of the code). Previously, the best known construction of bit-tampering coding schemes was due to Dziembowski et al. (ICS 2010), which is a Monte Carlo construction achieving rate close to .1887. (2) We initiate the study of seedless non-malleable extractors as a natural variation of the notion of non-malleable extractors introduced by Dodis and Wichs (STOC 2009). We show that construction of non-malleable codes for the split-state model reduces to construction of non-malleable two-source extractors. We prove a general result on existence of seedless non-malleable extractors, which implies that codes obtained from our reduction can achieve rates arbitrarily close to 1 / 5 and exponentially small error. In a separate recent work, the authors show that the optimal rate in this model is 1 / 2. Currently, the best known explicit construction of split-state coding schemes is due to Aggarwal, Dodis and Lovett (ECCC TR13-081) which only achieves vanishing (polynomially small) rate
Two Source Extractors for Asymptotically Optimal Entropy, and (Many) More
A long line of work in the past two decades or so established close
connections between several different pseudorandom objects and applications.
These connections essentially show that an asymptotically optimal construction
of one central object will lead to asymptotically optimal solutions to all the
others. However, despite considerable effort, previous works can get close but
still lack one final step to achieve truly asymptotically optimal
constructions.
In this paper we provide the last missing link, thus simultaneously achieving
explicit, asymptotically optimal constructions and solutions for various well
studied extractors and applications, that have been the subjects of long lines
of research. Our results include:
Asymptotically optimal seeded non-malleable extractors, which in turn give
two source extractors for asymptotically optimal min-entropy of ,
explicit constructions of -Ramsey graphs on vertices with , and truly optimal privacy amplification protocols with an active adversary.
Two source non-malleable extractors and affine non-malleable extractors for
some linear min-entropy with exponentially small error, which in turn give the
first explicit construction of non-malleable codes against -split state
tampering and affine tampering with constant rate and \emph{exponentially}
small error.
Explicit extractors for affine sources, sumset sources, interleaved sources,
and small space sources that achieve asymptotically optimal min-entropy of
or (for space sources).
An explicit function that requires strongly linear read once branching
programs of size , which is optimal up to the constant in
. Previously, even for standard read once branching programs, the
best known size lower bound for an explicit function is .Comment: Fixed some minor error
- …