1,169 research outputs found
Limits to Non-Malleability
There have been many successes in constructing explicit non-malleable codes for various classes of tampering functions in recent years, and strong existential results are also known. In this work we ask the following question:
When can we rule out the existence of a non-malleable code for a tampering class ??
First, we start with some classes where positive results are well-known, and show that when these classes are extended in a natural way, non-malleable codes are no longer possible. Specifically, we show that no non-malleable codes exist for any of the following tampering classes:
- Functions that change d/2 symbols, where d is the distance of the code;
- Functions where each input symbol affects only a single output symbol;
- Functions where each of the n output bits is a function of n-log n input bits.
Furthermore, we rule out constructions of non-malleable codes for certain classes ? via reductions to the assumption that a distributional problem is hard for ?, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for NC, even assuming average-case variants of P ? NC
Quantum non-malleability and authentication
In encryption, non-malleability is a highly desirable property: it ensures
that adversaries cannot manipulate the plaintext by acting on the ciphertext.
Ambainis, Bouda and Winter gave a definition of non-malleability for the
encryption of quantum data. In this work, we show that this definition is too
weak, as it allows adversaries to "inject" plaintexts of their choice into the
ciphertext. We give a new definition of quantum non-malleability which resolves
this problem. Our definition is expressed in terms of entropic quantities,
considers stronger adversaries, and does not assume secrecy. Rather, we prove
that quantum non-malleability implies secrecy; this is in stark contrast to the
classical setting, where the two properties are completely independent. For
unitary schemes, our notion of non-malleability is equivalent to encryption
with a two-design (and hence also to the definition of Ambainis et al.). Our
techniques also yield new results regarding the closely-related task of quantum
authentication. We show that "total authentication" (a notion recently proposed
by Garg, Yuen and Zhandry) can be satisfied with two-designs, a significant
improvement over the eight-design construction of Garg et al. We also show
that, under a mild adaptation of the rejection procedure, both total
authentication and our notion of non-malleability yield quantum authentication
as defined by Dupuis, Nielsen and Salvail.Comment: 20+13 pages, one figure. v2: published version plus extra material.
v3: references added and update
Quantum non-malleability and authentication
Abstract: In encryption, non-malleability is a highly desirable property: it ensures that adversaries cannot manipulate the plaintext by acting on the ciphertext. Ambainis et al. gave a definition of non-malleability for the encryption of quantum data. In this work, we show that this definition is too weak, as it allows adversaries to ``inject'' plaintexts of their choice into the ciphertext. We give a new definition of quantum non-malleability which resolves this problem. Our definition is expressed in terms of entropic quantities, considers stronger adversaries, and does not assume secrecy. Rather, we prove that quantum non-malleability implies secrecy; this is in stark contrast to the classical setting, where the two properties are completely independent. For unitary schemes, our notion of non-malleability is equivalent to encryption with a two-design (and hence also to the definition of Ambainis et al.).
Our techniques also yield new results regarding the closely-related task of quantum authentication. We show that ``total authentication'' (a notion recently proposed by Garg et al.) can be satisfied with two-designs, a significant improvement over their eight-design-based construction. We also show that, under a mild adaptation of the rejection procedure, both total authentication and our notion of non-malleability yield quantum authentication as defined by Dupuis et al
Non-malleability for quantum public-key encryption
Non-malleability is an important security property for public-key encryption (PKE). Its significance is due to the fundamental unachievability of integrity and authenticity guarantees in this setting, rendering it the strongest integrity-like property achievable using only PKE, without digital signatures. In this work, we generalize this notion to the setting of quantum public-key encryption. Overcoming the notorious "recording barrier" known from generalizing other integrity-like security notions to quantum encryption, we generalize one of the equivalent classical definitions, comparison-based non-malleability, and show how it can be fulfilled. In addition, we explore one-time non-malleability notions for symmetric-key encryption from the literature by defining plaintext and ciphertext variants and by characterizing their relation
A New Approach to Post-Quantum Non-Malleability
We provide the first - construction of
post-quantum non-malleable commitments under the minimal assumption that
- -
exist. We achieve the standard notion of non-malleability
with respect to commitments. Prior constructions required
rounds under the same assumption.
We achieve our results through a new technique for constant-round
non-malleable commitments which is easier to use in the post-quantum setting.
The technique also yields an almost elementary proof of security for
constant-round non-malleable commitments in the classical setting, which may be
of independent interest.
When combined with existing work, our results yield the first constant-round
quantum-secure multiparty computation for both classical and quantum
functionalities ,
under the hardness of quantum fully-homomorphic
encryption and quantum learning with errors
Non-malleable codes for space-bounded tampering
Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic
Extractors: Low Entropy Requirements Colliding With Non-Malleability
The known constructions of negligible error (non-malleable) two-source
extractors can be broadly classified in three categories:
(1) Constructions where one source has min-entropy rate about , the
other source can have small min-entropy rate, but the extractor doesn't
guarantee non-malleability.
(2) Constructions where one source is uniform, and the other can have small
min-entropy rate, and the extractor guarantees non-malleability when the
uniform source is tampered.
(3) Constructions where both sources have entropy rate very close to and
the extractor guarantees non-malleability against the tampering of both
sources.
We introduce a new notion of collision resistant extractors and in using it
we obtain a strong two source non-malleable extractor where we require the
first source to have entropy rate and the other source can have
min-entropy polylogarithmic in the length of the source.
We show how the above extractor can be applied to obtain a non-malleable
extractor with output rate , which is optimal. We also show how, by
using our extractor and extending the known protocol, one can obtain a privacy
amplification secure against memory tampering where the size of the secret
output is almost optimal
Efficient non-malleable commitment schemes
We present efficient non-malleable commitment schemes based on standard assumptions such as RSA and Discrete-Log, and under the condition that the network provides publicly available RSA or Discrete-Log parameters generated by a trusted party. Our protocols require only three rounds and a few modular exponentiations. We also discuss the difference between the notion of non-malleable commitment schemes used by Dolev, Dwork and Naor [DDN00] and the one given by Di Crescenzo, Ishai and Ostrovsky [DIO98]
- …