38 research outputs found
Revisiting the Sanders-Freiman-Ruzsa Theorem in and its Application to Non-malleable Codes
Non-malleable codes (NMCs) protect sensitive data against degrees of
corruption that prohibit error detection, ensuring instead that a corrupted
codeword decodes correctly or to something that bears little relation to the
original message. The split-state model, in which codewords consist of two
blocks, considers adversaries who tamper with either block arbitrarily but
independently of the other. The simplest construction in this model, due to
Aggarwal, Dodis, and Lovett (STOC'14), was shown to give NMCs sending k-bit
messages to -bit codewords. It is conjectured, however, that the
construction allows linear-length codewords. Towards resolving this conjecture,
we show that the construction allows for code-length . This is achieved
by analysing a special case of Sanders's Bogolyubov-Ruzsa theorem for general
Abelian groups. Closely following the excellent exposition of this result for
the group by Lovett, we expose its dependence on for the
group , where is a prime
Efficient non-malleable codes and key derivation for poly-size tampering circuits
Non-malleable codes, defined by Dziembowski, Pietrzak, and Wichs (ICS '10), provide roughly the following guarantee: if a codeword c encoding some message x is tampered to c' = f(c) such that c' ≠ c , then the tampered message x' contained in c' reveals no information about x. The non-malleable codes have applications to immunizing cryptosystems against tampering attacks and related-key attacks. One cannot have an efficient non-malleable code that protects against all efficient tampering functions f. However, in this paper we show 'the next best thing': for any polynomial bound s given a-priori, there is an efficient non-malleable code that protects against all tampering functions f computable by a circuit of size s. More generally, for any family of tampering functions F of size F ≤ 2s , there is an efficient non-malleable code that protects against all f in F . The rate of our codes, defined as the ratio of message to codeword size, approaches 1. Our results are information-theoretic and our main proof technique relies on a careful probabilistic method argument using limited independence. As a result, we get an efficiently samplable family of efficient codes, such that a random member of the family is non-malleable with overwhelming probability. Alternatively, we can view the result as providing an efficient non-malleable code in the 'common reference string' model. We also introduce a new notion of non-malleable key derivation, which uses randomness x to derive a secret key y = h(x) in such a way that, even if x is tampered to a different value x' = f(x) , the derived key y' = h(x') does not reveal any information about y. Our results for non-malleable key derivation are analogous to those for non-malleable codes. As a useful tool in our analysis, we rely on the notion of 'leakage-resilient storage' of Davì, Dziembowski, and Venturi (SCN '10), and, as a result of independent interest, we also significantly improve on the parameters of such schemes
Non-Malleable Codes for Small-Depth Circuits
We construct efficient, unconditional non-malleable codes that are secure
against tampering functions computed by small-depth circuits. For
constant-depth circuits of polynomial size (i.e. tampering
functions), our codes have codeword length for a -bit
message. This is an exponential improvement of the previous best construction
due to Chattopadhyay and Li (STOC 2017), which had codeword length
. Our construction remains efficient for circuit depths as
large as (indeed, our codeword length remains
, and extending our result beyond this would require
separating from .
We obtain our codes via a new efficient non-malleable reduction from
small-depth tampering to split-state tampering. A novel aspect of our work is
the incorporation of techniques from unconditional derandomization into the
framework of non-malleable reductions. In particular, a key ingredient in our
analysis is a recent pseudorandom switching lemma of Trevisan and Xue (CCC
2013), a derandomization of the influential switching lemma from circuit
complexity; the randomness-efficiency of this switching lemma translates into
the rate-efficiency of our codes via our non-malleable reduction.Comment: 26 pages, 4 figure
Efficient public-key cryptography with bounded leakage and tamper resilience
We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions.
The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
FMNV Continuous Non-malleable Encoding Scheme is More Efficient Than Believed
Non-malleable codes are kind of encoding schemes which are resilient to tampering attacks. The main idea behind the non-malleable coding is that the adversary can\u27t be able to obtain any valuable information about the message. Non-malleable codes are used in tamper resilient cryptography and protecting memory against tampering attacks. Several kinds of definitions for the non-malleability exist in the literature. The Continuous non-malleability is aiming to protect messages against the adversary who issues polynomially many tampering queries. The first continuous non-malleable encoding scheme has been proposed by Faust et el. (FMNV) in 2014. In this paper, we propose a new method for proving continuous non-malleability of FMNV scheme. This new proof leads to an improved and more efficient scheme than previous one. The new proof shows we can have the continuous non-malleability with the same security by using a leakage resilient storage scheme with about (k+1)(log(q)-2) bits fewer leakage bound (where k is the output size of the collision resistant hash function and q is the maximum number of tampering queries)
Non-malleable codes for space-bounded tampering
Non-malleable codes—introduced by Dziembowski, Pietrzak and Wichs at ICS 2010—are key-less coding schemes in which mauling attempts to an encoding of a given message, w.r.t. some class of tampering adversaries, result in a decoded value that is either identical or unrelated to the original message. Such codes are very useful for protecting arbitrary cryptographic primitives against tampering attacks against the memory. Clearly, non-malleability is hopeless if the class of tampering adversaries includes the decoding and encoding algorithm. To circumvent this obstacle, the majority of past research focused on designing non-malleable codes for various tampering classes, albeit assuming that the adversary is unable to decode. Nonetheless, in many concrete settings, this assumption is not realistic
A Tamper and Leakage Resilient von Neumann Architecture
We present a universal framework for tamper and leakage resilient computation on a von
Neumann Random Access Architecture (RAM in short). The RAM has one CPU that accesses
a storage, which we call the disk. The disk is subject to leakage and tampering. So is the bus
connecting the CPU to the disk. We assume that the CPU is leakage and tamper-free. For
a fixed value of the security parameter, the CPU has constant size. Therefore the code of the
program to be executed is stored on the disk, i.e., we consider a von Neumann architecture. The
most prominent consequence of this is that the code of the program executed will be subject to
tampering.
We construct a compiler for this architecture which transforms any keyed primitive into a
RAM program where the key is encoded and stored on the disk along with the program to
evaluate the primitive on that key. Our compiler only assumes the existence of a so-called
continuous non-malleable code, and it only needs black-box access to such a code. No further
(cryptographic) assumptions are needed. This in particular means that given an information
theoretic code, the overall construction is information theoretic secure.
Although it is required that the CPU is tamper and leakage proof, its design is independent
of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret
registers are reset between invocations. Hence, our result can be interpreted as reducing the
problem of shielding arbitrary complex computations to protecting a single, simple yet universal
component