1,495 research outputs found
Information-theoretic Local Non-malleable Codes and their Applications
Error correcting codes, though powerful, are only applicable in scenarios where the adversarial channel does not introduce ``too many errors into the codewords. Yet,
the question of having guarantees even in the face of many errors is well-motivated. Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010), address precisely this question. Such codes guarantee that even if an adversary completely over-writes the codeword, he cannot transform it into a
codeword for a related message. Not only is this a creative solution to the problem mentioned above, it is also a very meaningful one. Indeed, non-malleable codes have inspired a rich body of theoretical constructions as well as applications to tamper-resilient cryptography, CCA2 encryption schemes and so on.
Another remarkable variant of error correcting codes were introduced by Katz and Trevisan (STOC 2000) when they explored the question of decoding ``locally . Locally decodable codes are coding schemes which have an additional ``local decode procedure: in order to decode a bit of the message, this procedure accesses only a few bits of the codeword. These codes too have received tremendous attention from researchers and have applications to various primitives in cryptography such as private information retrieval. More recently, Chandran, Kanukurthi and Ostrovsky (TCC 2014) explored the converse problem of making the ``re-encoding process local. Locally updatable codes have an additional ``local update procedure: in order to update a bit of the message, this procedure accesses/rewrites only a few bits of the codeword.
At TCC 2015, Dachman-Soled, Liu, Shi and Zhou initiated the study of locally decodable and updatable non-malleable codes, thereby combining all the important properties mentioned above into one tool. Achieving locality and non-malleability is non-trivial. Yet, Dachman-Soled \etal \ provide a meaningful definition of local non-malleability and provide a construction that satisfies it. Unfortunately, their construction is secure only in the computational setting.
In this work, we construct information-theoretic non-malleable codes which are locally updatable and decodable. Our codes are non-malleable against \s{F}_{\textsf{half}}, the class of tampering functions where each function is arbitrary but acts (independently) on two separate parts of the codeword. This is one of the strongest adversarial models for which explicit constructions of standard non-malleable codes (without locality) are known. Our codes have \bigo(1) rate and locality \bigo(\lambda), where is the security parameter. We also show a rate code with locality that is non-malleable against bit-wise tampering functions. Finally, similar to Dachman-Soled \etal, our work finds applications to information-theoretic secure RAM computation
Non-Malleable Codes for Small-Depth Circuits
We construct efficient, unconditional non-malleable codes that are secure
against tampering functions computed by small-depth circuits. For
constant-depth circuits of polynomial size (i.e. tampering
functions), our codes have codeword length for a -bit
message. This is an exponential improvement of the previous best construction
due to Chattopadhyay and Li (STOC 2017), which had codeword length
. Our construction remains efficient for circuit depths as
large as (indeed, our codeword length remains
, and extending our result beyond this would require
separating from .
We obtain our codes via a new efficient non-malleable reduction from
small-depth tampering to split-state tampering. A novel aspect of our work is
the incorporation of techniques from unconditional derandomization into the
framework of non-malleable reductions. In particular, a key ingredient in our
analysis is a recent pseudorandom switching lemma of Trevisan and Xue (CCC
2013), a derandomization of the influential switching lemma from circuit
complexity; the randomness-efficiency of this switching lemma translates into
the rate-efficiency of our codes via our non-malleable reduction.Comment: 26 pages, 4 figure
Limits to Non-Malleability
There have been many successes in constructing explicit non-malleable codes for various classes of tampering functions in recent years, and strong existential results are also known. In this work we ask the following question:
When can we rule out the existence of a non-malleable code for a tampering class ??
First, we start with some classes where positive results are well-known, and show that when these classes are extended in a natural way, non-malleable codes are no longer possible. Specifically, we show that no non-malleable codes exist for any of the following tampering classes:
- Functions that change d/2 symbols, where d is the distance of the code;
- Functions where each input symbol affects only a single output symbol;
- Functions where each of the n output bits is a function of n-log n input bits.
Furthermore, we rule out constructions of non-malleable codes for certain classes ? via reductions to the assumption that a distributional problem is hard for ?, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for NC, even assuming average-case variants of P ? NC
On palimpsests in neural memory: an information theory viewpoint
The finite capacity of neural memory and the
reconsolidation phenomenon suggest it is important to be able
to update stored information as in a palimpsest, where new
information overwrites old information. Moreover, changing
information in memory is metabolically costly. In this paper, we
suggest that information-theoretic approaches may inform the
fundamental limits in constructing such a memory system. In
particular, we define malleable coding, that considers not only
representation length but also ease of representation update,
thereby encouraging some form of recycling to convert an old
codeword into a new one. Malleability cost is the difficulty of
synchronizing compressed versions, and malleable codes are of
particular interest when representing information and modifying
the representation are both expensive. We examine the tradeoff
between compression efficiency and malleability cost, under a
malleability metric defined with respect to a string edit distance.
This introduces a metric topology to the compressed domain. We
characterize the exact set of achievable rates and malleability as
the solution of a subgraph isomorphism problem. This is all done
within the optimization approach to biology framework.Accepted manuscrip
Malleable coding for updatable cloud caching
In software-as-a-service applications provisioned through cloud computing, locally cached data are often modified with updates from new versions. In some cases, with each edit, one may want to preserve both the original and new versions. In this paper, we focus on cases in which only the latest version must be preserved. Furthermore, it is desirable for the data to not only be compressed but to also be easily modified during updates, since representing information and modifying the representation both incur cost. We examine whether it is possible to have both compression efficiency and ease of alteration, in order to promote codeword reuse. In other words, we study the feasibility of a malleable and efficient coding scheme. The tradeoff between compression efficiency and malleability cost-the difficulty of synchronizing compressed versions-is measured as the length of a reused prefix portion. The region of achievable rates and malleability is found. Drawing from prior work on common information problems, we show that efficient data compression may not be the best engineering design principle when storing software-as-a-service data. In the general case, goals of efficiency and malleability are fundamentally in conflict.This work was supported in part by an NSF Graduate Research Fellowship (LRV), Grant CCR-0325774, and Grant CCF-0729069. This work was presented at the 2011 IEEE International Symposium on Information Theory [1] and the 2014 IEEE International Conference on Cloud Engineering [2]. The associate editor coordinating the review of this paper and approving it for publication was R. Thobaben. (CCR-0325774 - NSF Graduate Research Fellowship; CCF-0729069 - NSF Graduate Research Fellowship)Accepted manuscrip
Non-Malleable Extractors and Codes, with their Many Tampered Extensions
Randomness extractors and error correcting codes are fundamental objects in
computer science. Recently, there have been several natural generalizations of
these objects, in the context and study of tamper resilient cryptography. These
are seeded non-malleable extractors, introduced in [DW09]; seedless
non-malleable extractors, introduced in [CG14b]; and non-malleable codes,
introduced in [DPW10].
However, explicit constructions of non-malleable extractors appear to be
hard, and the known constructions are far behind their non-tampered
counterparts.
In this paper we make progress towards solving the above problems. Our
contributions are as follows.
(1) We construct an explicit seeded non-malleable extractor for min-entropy
. This dramatically improves all previous results and gives a
simpler 2-round privacy amplification protocol with optimal entropy loss,
matching the best known result in [Li15b].
(2) We construct the first explicit non-malleable two-source extractor for
min-entropy , with output size and
error .
(3) We initiate the study of two natural generalizations of seedless
non-malleable extractors and non-malleable codes, where the sources or the
codeword may be tampered many times. We construct the first explicit
non-malleable two-source extractor with tampering degree up to
, which works for min-entropy , with
output size and error . We show that we can
efficiently sample uniformly from any pre-image. By the connection in [CG14b],
we also obtain the first explicit non-malleable codes with tampering degree
up to , relative rate , and error
.Comment: 50 pages; see paper for full abstrac
A Tamper and Leakage Resilient von Neumann Architecture
We present a universal framework for tamper and leakage resilient computation on a von
Neumann Random Access Architecture (RAM in short). The RAM has one CPU that accesses
a storage, which we call the disk. The disk is subject to leakage and tampering. So is the bus
connecting the CPU to the disk. We assume that the CPU is leakage and tamper-free. For
a fixed value of the security parameter, the CPU has constant size. Therefore the code of the
program to be executed is stored on the disk, i.e., we consider a von Neumann architecture. The
most prominent consequence of this is that the code of the program executed will be subject to
tampering.
We construct a compiler for this architecture which transforms any keyed primitive into a
RAM program where the key is encoded and stored on the disk along with the program to
evaluate the primitive on that key. Our compiler only assumes the existence of a so-called
continuous non-malleable code, and it only needs black-box access to such a code. No further
(cryptographic) assumptions are needed. This in particular means that given an information
theoretic code, the overall construction is information theoretic secure.
Although it is required that the CPU is tamper and leakage proof, its design is independent
of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret
registers are reset between invocations. Hence, our result can be interpreted as reducing the
problem of shielding arbitrary complex computations to protecting a single, simple yet universal
component
Continuously non-malleable codes with split-state refresh
Non-malleable codes for the split-state model allow to encode a message into two parts, such that arbitrary independent tampering on each part, and subsequent decoding of the corresponding modified codeword, yields either the same as the original message, or a completely unrelated value. Continuously non-malleable codes further allow to tolerate an unbounded (polynomial) number of tampering attempts, until a decoding error happens. The drawback is that, after an error happens, the system must self-destruct and stop working, otherwise generic attacks become possible. In this paper we propose a solution to this limitation, by leveraging a split-state refreshing procedure. Namely, whenever a decoding error happens, the two parts of an encoding can be locally refreshed (i.e., without any interaction), which allows to avoid the self-destruct mechanism. An additional feature of our security model is that it captures directly security against continual leakage attacks. We give an abstract framework for building such codes in the common reference string model, and provide a concrete instantiation based on the external Diffie-Hellman assumption. Finally, we explore applications in which our notion turns out to be essential. The first application is a signature scheme tolerating an arbitrary polynomial number of split-state tampering attempts, without requiring a self-destruct capability, and in a model where refreshing of the memory happens only after an invalid output is produced. This circumvents an impossibility result from a recent work by Fuijisaki and Xagawa (Asiacrypt 2016). The second application is a compiler for tamper-resilient RAM programs. In comparison to other tamper-resilient compilers, ours has several advantages, among which the fact that, for the first time, it does not rely on the self-destruct feature
On Split-State Quantum Tamper Detection and Non-Malleability
Tamper-detection codes (TDCs) and non-malleable codes (NMCs) are now
fundamental objects at the intersection of cryptography and coding theory. Both
of these primitives represent natural relaxations of error-correcting codes and
offer related security guarantees in adversarial settings where error
correction is impossible. While in a TDC, the decoder is tasked with either
recovering the original message or rejecting it, in an NMC, the decoder is
additionally allowed to output a completely unrelated message.
In this work, we study quantum analogs of one of the most well-studied
adversarial tampering models: the so-called split-state tampering model. In the
-split-state model, the codeword (or code-state) is divided into shares,
and each share is tampered with "locally". Previous research has primarily
focused on settings where the adversaries' local quantum operations are
assisted by an unbounded amount of pre-shared entanglement, while the code
remains unentangled, either classical or separable.
We construct quantum TDCs and NMCs in several
analogs of the split-state model, which are provably impossible using just
classical codes. In particular, against split-state adversaries restricted to
local (unentangled) operations, local operations and classical communication,
as well as a "bounded storage model" where they are limited to a finite amount
of pre-shared entanglement. We complement our code constructions in two
directions. First, we present applications to designing secret sharing schemes,
which inherit similar non-malleable and tamper-detection guarantees. Second, we
discuss connections between our codes and quantum encryption schemes, which we
leverage to prove singleton-type bounds on the capacity of certain families of
quantum NMCs in the split-state model
- …