Homomorphic evaluation requires depth

We show that homomorphic evaluation of any non-trivial functionality of sufficiently many inputs with respect to any CPA secure homomorphic encryption scheme cannot be implemented by circuits of polynomial size and constant depth, i.e., in the class AC0. In contrast, we observe that there exist ordinary public-key encryption schemes of quasipolynomial security in AC0 assuming noisy parities are exponentially hard to learn. We view this as evidence that homomorphic evaluation is inherently more complex than basic operations in encryption schemes

Near-Optimal Secret Sharing and Error Correcting Codes in AC0

We study the question of minimizing the computational complexity of (robust) secret sharing schemes and error correcting codes. In standard instances of these objects, both encoding and decoding involve linear algebra, and thus cannot be implemented in the class AC0. The feasibility of non-trivial secret sharing schemes in AC0 was recently shown by Bogdanov et al. (Crypto 2016) and that of (locally) decoding errors in AC0 by Goldwasser et al. (STOC 2007). In this paper, we show that by allowing some slight relaxation such as a small error probability, we can construct much better secret sharing schemes and error correcting codes in the class AC0. In some cases, our parameters are close to optimal and would be impossible to achieve without the relaxation. Our results significantly improve previous constructions in various parameters. Our constructions combine several ingredients in pseudorandomness and combinatorics in an innovative way. Specifically, we develop a general technique to simultaneously amplify security threshold and reduce alphabet size, using a two-level concatenation of protocols together with a random permutation. We demonstrate the broader usefulness of this technique by applying it in the context of a variant of secure broadcast

Non-Malleable Codes from Average-Case Hardness: AC0, Decision Trees, and Streaming Space-Bounded Tampering

We show a general framework for constructing non-malleable codes against tampering families with average-case hardness bounds. Our framework adapts ideas from the Naor-Yung double encryption paradigm such that to protect against tampering in a class F, it suffices to have average-case hard distributions for the class, and underlying primitives (encryption and non-interactive, simulatable proof systems) satisfying certain properties with respect to the class. We instantiate our scheme in a variety of contexts, yielding efficient, non-malleable codes (NMC) against the following tampering classes: 1. Computational NMC against AC0 tampering, in the CRS model, assuming a PKE scheme with decryption in AC0 and NIZK. 2. Computational NMC against bounded-depth decision trees (of depth $t^\epsilon$, where $t$ is the number of input variables and constant $0<\epsilon<1$), in the CRS model and under the same computational assumptions as above. 3. Information theoretic NMC (with no CRS) against a streaming, space-bounded adversary, namely an adversary modeled as a read-once branching program with bounded width. Ours are the first constructions that achieve each of the above in an efficient way, under the standard notion of non-malleability

Extending The Applicability of Non-Malleable Codes

Modern cryptographic systems provide provable security guarantees as long as secret keys of the system remain confidential. However, if adversary learns some bits of information about the secret keys the security of the system can be breached. Side-channel attacks (like power analysis, timing analysis etc.) are one of the most effective tools employed by the adversaries to learn information pertaining to cryptographic secret keys. An adversary can also tamper with secret keys (say flip some bits) and observe the modified behavior of the cryptosystem, thereby leaking information about the secret keys. Dziembowski et al. (JACM 2018) defined the notion of non-malleable codes, a tool to protect memory against tampering. Non-malleable codes ensure that, when a codeword (generated by encoding an underlying message) is modified by some tampering function in a given tampering class, if the decoding of tampered codeword is incorrect then the decoded message is independent of the original message. In this dissertation, we focus on improving different aspects of non-malleable codes. Specifically, (1) we extend the class of tampering functions and present explicit constructions as well as general frameworks for constructing non-malleable codes. While most prior work considered ``compartmentalized" tampering functions, which modify parts of the codeword independently, we consider classes of tampering functions which can tamper with the entire codeword but are restricted in computational complexity. The tampering classes studied in this work include complexity classes $\mathsf{NC}^0$, and $\mathsf{AC}^0$. Also, earlier works focused on constructing non-malleable codes from scratch for different tampering classes, in this work we present a general framework for constructing non-malleable codes based on average-case hard problems for specific tampering families, and we instantiate our framework for various tampering classes including $\mathsf{AC}^0$. (2) The locality of code is the number of codeword blocks required to be accessed in order to decode/update a single block in the underlying message. We improve efficiency and usability by studying the optimal locality of non-malleable codes. We show that locally decodable and updatable non-malleable codes cannot have constant locality. We also give a matching upper bound that improves the locality of previous constructions. (3) We investigate a stronger variant of non-malleable codes called continuous non-malleable codes, which are known to be impossible to construct without computational assumptions. We show that setup assumptions such as common reference string (CRS) are also necessary to construct this stronger primitive. We present construction of continuous non-malleable codes in CRS model from weaker computational assumptions than assumptions used in prior work