A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K. Maji (UCLA), Manoj Prabhakaran (UIUC), Omkant Pandey (UCLA)
Non-malleable codes Introduced by Dziembowski et al. [DPW’10]. A fundamental object at the intersection of coding theory and cryptography. Message contained in a tampered codeword is either original or unrelated.
Intense Study Existential: [DPW’10, CG14a, FMVW’14]. Explicit constructions: Bit-wise tampering: [DPW’10, CG’14b]. Split-state model: [DKO’13, ADL’14, CZ’14, ADKO’15]. Variants: Continuous: [FMNV’14, JW’15]. Properties: Leakage-resilience: [ADKO’15, DLSZ’15]. Locality: [DLSZ’15].
Tampering models Bit-wise, Split-state.... tamper Known “a priori” which parts of the tampered codeword are affected by which parts of the original codeword affect
Bit-wise tampering + Permutation... Any part of the tampered codeword can be affected by any part of the original codeword
Our result Non-malleable Code against bit-wise tampering + permutation Rate-0Rate-1 Compiler New technique for boot-strapping non-malleability by introducing errors
Highlights Two components: Rate-0 non-malleable code (NMC0). Rate-1 error-correcting secret sharing scheme (ECSS). Black-box use of NMC0 and ECSS. Explicit rate-1 code: NMC0 from [AGMPP’14]. ECSS from Reed-Solomon Codes. Bit-wise tampering: Simpler alternative to [CG’14b].
Rest of the talk Formally define non-malleable codes. Discuss compiler at a high level.
Non-malleable Codes
Security m... m* encode tamper decode tamper Sim z z could be ‘same’
Rate-1 Code Two components: Rate-0 non-malleable code (NMC0). Rate-1 error-correcting secret sharing scheme (ECSS). [M, L, T, D] - ECSS scheme: L is message-length, M is the codeword-length. T-privacy. D-error-correction. Rate-1: M = L (1 + o(1)). T, D sub-linear in M. Instantiated using Reed-Solomon Codes.
Encoding
... c1 = ECSS (m)c2 = NMC0(tag)...
Why it works?
Decoding
Summary Compiler for optimizing rate. Introducing errors: a new technique. Optimize rate in other attack models.
Thank you