Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Published byBenjamin Shireman Modified over 10 years ago

Similar presentations

Presentation on theme: "Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian."— Presentation transcript:

1 Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian Faust, Daniele Venturi and Daniel Wichs EUROCRYPT 2014, COPENHAGEN May 12, 2014

2 Two Parts Part-1 Efficient Non-malleable Codes against Poly-size circuits Part-2 Efficient Non-malleable Key-derivation against Poly-size circuits This talk More Less

3 Part-1 Efficient Non-malleable Codes against Poly-size circuits Non-malleable Codes (Informally) A modified codeword contains either original or unrelated message. E.g. Can not flip one bit of encoded message by modifying the codeword.

4 The “Tampering Experiment”  Consider the following experiment for some encoding scheme (ENC,DEC) f ENC s Tamper 2F2F C DEC s* C*=f(C) Goal: Design encoding scheme (ENC,DEC) which is Non-malleable for an “interesting” class F Note ENC can be randomized. There is no secret Key.

5 f ENC s Tamper 2F2F C DEC s* C*=f(C) If C* = C return same Else return s* Tamper f ( s )

6 Application : Tamper-Resilient Cryptography Non-malleable codes are used to protect against key-tampering attacks. How ? – Encode the key using NMC. – The tampering adversary can not modify the encoded key to some related key.

7 Limitation and Possibility Limitation: For any (ENC, DEC) there exists f bad which decodes C, flips 1-bit and re-encodes to C*. Corollary-1: It is impossible to construct encoding scheme which is non-malleable w.r.t. all functions F all. Corollary-2: It is impossible to construct efficient encoding scheme which is non-malleable w.r.t. all efficient functions F eff. Question: How to restrict F ? Way-1: Restrict granularity  Codeword consists of components which are independently tamperable.  Example: Split-state tampering [ DPW10, LL12, DKO13, ADL13, CG13, FMNV13, ADK14 ]: Way-2: Restrict complexity  The whole codeword is tamperable but only with functions that are not “too complicated”. Our Focus!

8 Our Result Main Result: “The next best thing” recall Corollary-2: It is impossible to construct efficient encoding scheme which is non-malleable w.r.t. all efficient functions F eff. Corollary-3

9 Our Result Corollary-3 Main Result: “The next best thing” A similar result [CG 14] But the encoding/decoding becomes “inefficient” in order to get negligible error Caveat: Our results hold in CRS model.

10 NMC in CRS model  Fix some polynomial P.  We construct a family of efficient codes parameterized by CRS: (ENC CRS, DEC CRS )

11 The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Ingredient: a t-wise independent hash function h C C1C1 || h( ) C1C1 is Valid C C is of the form R || h( ) R Intuitions (outer encoding) Fixed by CRS  For every tampering function f there is a “small set” S f such that if a tampered codeword is valid, then it is in S f w.h.p.

12 The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Intuitions (outer encoding)  For every tampering function f there is a “small set” S f such that if a tampered codeword is valid, then it is in S f w.h.p. We call this property Bounded Malleability which ensures that the tampered codeword does not contain “too much information” about the input codeword

13 The Construction Overview Input: s Inner Encoding C1C1 Outer Encoding C Intuitions (Inner encoding) recall  f can guess some bit(s) of C 1 and if the guess is correct, leave C same otherwise overwrites to some invalid code. Example A leakage- resilient code

14 Leakage-Resilient Code Our Inner Encoding

15 Putting it together Input: s Inner Encoding C1C1 Outer Encoding C Bounded Malleable Code Leakage Resilient Code Non-Malleable Code

16 Part-2 Efficient Non-malleable Key-derivation (NMKD) against Poly-size circuits

17 NMKD: A new primitive Source: X Output: Y Tampered Source: f(X) Output: Y’ A dual of Non- Malleable Extractor

18 NMKD: Defintion Theorem (NMKD)

19 Conclusion The first construction of non-granular efficient Non- malleable code. – Our construction is information theoretic and achieves optimal rate. A new primitive Non-Malleable Key-derivation. – Application to construct Tamper-resilient Stream Cipher. Open: – New Application of NMKD.

20 Thank You !

Download ppt "Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian."

Similar presentations

Merkle Puzzles Are Optimal

Merkle Puzzles Are Optimal
Quantum Software Copy-Protection Scott Aaronson (MIT) |

Quantum Software Copy-Protection Scott Aaronson (MIT) |
Tight Lower Bounds for the Distinct Elements Problem David Woodruff MIT Joint work with Piotr Indyk.

Tight Lower Bounds for the Distinct Elements Problem David Woodruff MIT Joint work with Piotr Indyk.
Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.

Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.

EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
PRATYAY MUKHERJEE Aarhus University Joint work with

PRATYAY MUKHERJEE Aarhus University Joint work with
Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.
Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.

Circuits Resilient to Additive Manipulation with Applications to Secure Computation Yuval Ishai Technion Daniel Genkin Manoj Prabhakaran Amit Sahai Eran.
Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.
Multiplicity Codes Swastik Kopparty (Rutgers) (based on [K-Saraf-Yekhanin ’11], [K ‘12], [K ‘14])

Multiplicity Codes Swastik Kopparty (Rutgers) (based on [K-Saraf-Yekhanin ’11], [K ‘12], [K ‘14])
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
The Hash Function “Fugue” Shai Halevi William E. Hall Charanjit S. Jutla IBM T. J. Watson Research Center.

The Hash Function “Fugue” Shai Halevi William E. Hall Charanjit S. Jutla IBM T. J. Watson Research Center.
A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

Similar presentations

Ads by Google