Efficient non-malleable codes and key derivation for poly-size tampering circuits

Non-malleable codes, defined by Dziembowski, Pietrzak, and Wichs (ICS '10), provide roughly the following guarantee: if a codeword c encoding some message x is tampered to c' = f(c) such that c' ≠ c , then the tampered message x' contained in c' reveals no information about x. The non-malleable codes have applications to immunizing cryptosystems against tampering attacks and related-key attacks. One cannot have an efficient non-malleable code that protects against all efficient tampering functions f. However, in this paper we show 'the next best thing': for any polynomial bound s given a-priori, there is an efficient non-malleable code that protects against all tampering functions f computable by a circuit of size s. More generally, for any family of tampering functions F of size F ≤ 2s , there is an efficient non-malleable code that protects against all f in F . The rate of our codes, defined as the ratio of message to codeword size, approaches 1. Our results are information-theoretic and our main proof technique relies on a careful probabilistic method argument using limited independence. As a result, we get an efficiently samplable family of efficient codes, such that a random member of the family is non-malleable with overwhelming probability. Alternatively, we can view the result as providing an efficient non-malleable code in the 'common reference string' model. We also introduce a new notion of non-malleable key derivation, which uses randomness x to derive a secret key y = h(x) in such a way that, even if x is tampered to a different value x' = f(x) , the derived key y' = h(x') does not reveal any information about y. Our results for non-malleable key derivation are analogous to those for non-malleable codes. As a useful tool in our analysis, we rely on the notion of 'leakage-resilient storage' of Davì, Dziembowski, and Venturi (SCN '10), and, as a result of independent interest, we also significantly improve on the parameters of such schemes

On unbalanced Boolean functions with best correlation immunity

It is known that the order of correlation immunity of a nonconstant unbalanced Boolean function in $n$ variables cannot exceed $2n/3-1$; moreover, it is $2n/3-1$ if and only if the function corresponds to an equitable $2$-partition of the $n$-cube with an eigenvalue $-n/3$ of the quotient matrix. The known series of such functions have proportion $1:3$, $3:5$, or $7:9$ of the number of ones and zeros. We prove that if a nonconstant unbalanced Boolean function attains the correlation-immunity bound and has ratio $C:B$ of the number of ones and zeros, then $CB$ is divisible by $3$. In particular, this proves the nonexistence of equitable partitions for an infinite series of putative quotient matrices. We also establish that there are exactly $2$ equivalence classes of the equitable partitions of the $12$-cube with quotient matrix $[[3,9],[7,5]]$ and $16$ classes, with $[[0,12],[4,8]]$. These parameters correspond to the Boolean functions in $12$ variables with correlation immunity $7$ and proportion $7:9$ and $1:3$, respectively (the case $3:5$ remains unsolved). This also implies the characterization of the orthogonal arrays OA$(1024,12,2,7)$ and OA$(512,11,2,6)$.Comment: v3: final; title changed; revised; OA(512,11,2,6) discusse

The Complexity of Rationalizing Network Formation

We study the complexity of rationalizing network formation. In this problem we fix an underlying model describing how selfish parties (the vertices) produce a graph by making individual decisions to form or not form incident edges. The model is equipped with a notion of stability (or equilibrium), and we observe a set of "snapshots" of graphs that are assumed to be stable. From this we would like to infer some unobserved data about the system: edge prices, or how much each vertex values short paths to each other vertex. We study two rationalization problems arising from the network formation model of Jackson and Wolinsky [14]. When the goal is to infer edge prices, we observe that the rationalization problem is easy. The problem remains easy even when rationalizing prices do not exist and we instead wish to find prices that maximize the stability of the system. In contrast, when the edge prices are given and the goal is instead to infer valuations of each vertex by each other vertex, we prove that the rationalization problem becomes NP-hard. Our proof exposes a close connection between rationalization problems and the Inequality-SAT (I-SAT) problem. Finally and most significantly, we prove that an approximation version of this NP-complete rationalization problem is NP-hard to approximate to within better than a 1/2 ratio. This shows that the trivial algorithm of setting everyone's valuations to infinity (which rationalizes all the edges present in the input graphs) or to zero (which rationalizes all the non-edges present in the input graphs) is the best possible assuming P ≠ NP To do this we prove a tight (1/2 + δ) -approximation hardness for a variant of I-SAT in which all coefficients are non-negative. This in turn follows from a tight hardness result for MAX-LlN_(R_+) (linear equations over the reals, with non-negative coefficients), which we prove by a (non-trivial) modification of the recent result of Guruswami and Raghavendra [10] which achieved tight hardness for this problem without the non-negativity constraint. Our technical contributions regarding the hardness of I-SAT and MAX-LIN_(R_+) may be of independent interest, given the generality of these problem

Resilience: an all-encompassing solution to global problems? A biopolitical analysis of resilience in the policies of EC, FEMA, UNDP, USAID, WB, and WEF

This thesis examines the use of resilience in international policy-making. A concept that originally meant an ability of ecosystems to absorb disturbance has not only been welcomed in many disciplines outside ecology, but lately become popular in the policies of international organisations that claim resilience as a solution to various ‘global problems’ such as climate change, underdevelopment, or economic crises. The study contributes to the ongoing critical discussion on the governance effects of resilience. Here, the Foucauldian theory of biopolitics and the concept of governmentality are useful. Resilience now addresses human systems and communities with concepts from natural sciences, thus making it a biopolitical phenomenon. Specifically, the thesis asks how mainstreaming resilience affects the pursuit of agendas in six organisations: European Commission, Federal Emergency Management Agency, United Nations Development Programme, United States Agency for International Development, World Bank, and World Economic Forum. Using Foucauldian discourse analysis, the study is thematically divided into adaptive, entrepreneurial and governing aspects of resilience. Each part explicates how truth, power and subjectivity are constructed in the discourse. The analysis shows that contrary to the policy claims, resilience does not function as a solution but is constitutive of the problems it attempts to solve. The current policy discourse confirms pre-existing practices and power relations, and further problematizes issues on the agendas. The thesis confirms that the policies are trapped in a neoliberal biopolitics that has problematic implications for human subjectivity and political agency. It further concludes that if resilience is to have any practical relevance and positive effects, the policy discourse has to be changed, for which current critical accounts do not offer a plausible direction. Therefore, a distinction between resilience as a policy tool and social resilience is needed, whereby the use of resilience as a policy solution is reduced to disaster risk reduction and similar technical functions, and social resilience is recognised as a communal capacity that cannot be subject to policy regulation

Limits to Non-Malleability

There have been many successes in constructing explicit non-malleable codes for various classes of tampering functions in recent years, and strong existential results are also known. In this work we ask the following question: When can we rule out the existence of a non-malleable code for a tampering class ?? First, we start with some classes where positive results are well-known, and show that when these classes are extended in a natural way, non-malleable codes are no longer possible. Specifically, we show that no non-malleable codes exist for any of the following tampering classes: - Functions that change d/2 symbols, where d is the distance of the code; - Functions where each input symbol affects only a single output symbol; - Functions where each of the n output bits is a function of n-log n input bits. Furthermore, we rule out constructions of non-malleable codes for certain classes ? via reductions to the assumption that a distributional problem is hard for ?, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for NC, even assuming average-case variants of P ? NC

Efficient public-key cryptography with bounded leakage and tamper resilience

We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack

Minimising flood risk accumulation through effective private and public sector engagement

Flooding is a global problem affecting both developing and developed countries. Academics and practitioners in climate science frequently argue that changing climatic conditions are likely to worsen the length and severity of these flood events, which will have catastrophic consequences to economies and social lives of communities world over. Whilst the overall consequences affecting many regions have been established, effective and efficient strategies to cope with the effects of flooding and building up resilience strategies have not properly evolved. This paper examines this issue by exploring effective strategies undertaken in partnerships between private and public stakeholders. The paper details two case studies conducted in a developed and a developing country to investigate what global strategies for coping and resilience to flooding have worked in practice. The two case studies: Cockermouth in Cumbria, UK and Patuakhali in Bangladesh provide interesting insights on how some of the strategies work within the chosen developed and developing country contexts. The case study findings are mapped against UNISDR’s ten-point checklist under the “Making Cities Resilient Campaign”. In conclusion the paper examines how these findings can be incorporated within city development plans to develop stakeholder capacity and capability and eventually build up resilient cities