Abstract
We construct efficient, unconditional non-malleable codes that are secure against tampering functions computed by decision trees of depth \(d= n^{1/4-o(1)}\). In particular, each bit of the tampered codeword is set arbitrarily after adaptively reading up to d arbitrary locations within the original codeword. Prior to this work, no efficient unconditional non-malleable codes were known for decision trees beyond depth \(O(\log ^2 n)\).
Our result also yields efficient, unconditional non-malleable codes that are \(\exp (-n^{\varOmega (1)})\)-secure against constant-depth circuits of \(\exp (n^{\varOmega (1)})\)-size. Prior work of Chattopadhyay and Li (STOC 2017) and Ball et al. (FOCS 2018) only provide protection against \(\exp (O(\log ^2n))\)-size circuits with \(\exp (-O(\log ^2n))\)-security.
We achieve our result through simple non-malleable reductions of decision tree tampering to split-state tampering. As an intermediary, we give a simple and generic reduction of leakage-resilient split-state tampering to split-state tampering with improved parameters. Prior work of Aggarwal et al. (TCC 2015) only provides a reduction to split-state non-malleable codes with decoders that exhibit particular properties.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
[CL17] also gave a construction for local functions with polynomial length codewords and sub-exponential error.
- 2.
Actually, the construction of [BDG+18] can handle a slightly wider range of parameters including polynomial size circuits of depth \(o(\log n/\log \log n)\) and constant depth circuits of size \(n^{O(\log n)}\). Note that depth d decision trees are also a strict subclass of \(2^d\)-local functions. Accordingly, Ball et al.’s codes for \(n^{1-\varepsilon }\)-local tampering handle decision tree tampering of depth up to \((1-\varepsilon )\log n\).
- 3.
Note that any decision tree of depth d can also be represented by a \(2^d\)-local function or as a DNF with \(2^d\) clauses of width d.
- 4.
Note that if security \(2^{-\lambda }\) is required, these codes will no longer be efficient. In particular, the codeword lengths in both cases will be super-polynomial in \(\lambda \).
- 5.
For tampering functions such that each output bit is in the class \(\mathcal {C}\), the implications follows so long as \(\mathcal {C}\) contains the constant functions and is closed under negation.
- 6.
- 7.
References
Aggarwal, D., Briët, J.: Revisiting the Sanders-Bogolyubov-Ruzsa theorem in fp\({}^{\text{n}}\) and its application to non-malleable codes. In: IEEE International Symposium on Information Theory, ISIT 2016, Barcelona, Spain, 10–15 July 2016, pp. 1322–1326 (2016)
Aggarwal, D., Dodis, Y., Kazana, T., Obremski, M.: Non-malleable reductions and applications. In: Servedio, R.A., Rubinfeld, R. (eds.) Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 459–468. ACM (2015)
Aggarwal, D., Dziembowski, S., Kazana, T., Obremski, M.: Leakage-resilient non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 398–426. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_17
Aggarwal, D., Dodis, Y., Lovett, S.: Non-malleable codes from additive combinatorics. In: Shmoys, D.B. (ed.) Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May–03 June 2014, pp. 774–783. ACM (2014)
Aggarwal, D.: Affine-evasive sets modulo a prime. Inf. Process. Lett. 115(2), 382–385 (2015)
Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: Explicit non-malleable codes against bit-wise tampering and permutations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 538–557. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_26
Ball, M., Dachman-Soled, D., Guo, S., Malkin, T., Tan, L.-Y.: Non-malleable codes for small-depth circuits. IACR Cryptology ePrint Archive 2018, p. 207 (2018)
Ball, M., Dachman-Soled, D., Kulkarni, M., Malkin, T.: Non-malleable codes for bounded depth, bounded fan-in circuits. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 881–908. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_31
Ball, M., Dachman-Soled, D., Kulkarni, M., Malkin, T.: Non-malleable codes from average-case hardness: AC\(^0\), decision trees, and streaming space-bounded tampering. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 618–650. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_20
Ball, M., Dachman-Soled, D., Kulkarni, M., Lin, H., Malkin, T.: Non-malleable codes against bounded polynomial time tampering. Cryptology ePrint Archive, Report 2018/1015 (2018). https://eprint.iacr.org/2018/1015
Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM J. Comput. 17(2), 230–261 (1988)
Cheraghchi, M., Guruswami, V.: Non-malleable coding against bit-wise and split-state tampering. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 440–464. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_19
Chattopadhyay, E., Goyal, V., Li, X.: Non-malleable extractors and codes, with their many tampered extensions. In: Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, 18–21 June 2016, pp. 285–298 (2016)
Chattopadhyay, E., Li, X.: Non-malleable codes and extractors for small-depth circuits, and affine functions. In: Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, Montreal, QC, Canada, 19–23 June 2017, pp. 1171–1184 (2017)
Chattopadhyay, E., Li, X.: Non-malleable extractors and codes in the interleaved split-state model and more. CoRR, abs/1804.05228 (2018)
Chattopadhyay, E., Zuckerman, D.: Non-malleable codes against constant split-state tampering. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, 18–21 October 2014, pp. 306–315. IEEE Computer Society (2014)
Davì, F., Dziembowski, S., Venturi, D.: Leakage-resilient storage. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 121–137. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_9
Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 239–257. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_14
Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Yao, A.C.-C. (ed.) Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, Proceedings, pp. 434–452. Tsinghua University Press (2010)
Dziembowski, S.: On forward-secure storage. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 251–270. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_15
Guruswami, V., Umans, C., Vadhan, S.P.: Unbalanced expanders and randomness extractors from parvaresh-vardy codes. J. ACM 56(4), 20:1–20:34 (2009)
Kanukurthi, B., Obbattu, S.L.B., Sekar, S.: Four-state non-malleable codes with explicit constant rate. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 344–375. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_11
Li, X.: Improved non-malleable extractors, non-malleable codes and independent source extractors. In: Hatami, H., McKenzie, P., King, V. (eds.) Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, Montreal, QC, Canada, 19–23 June 2017, pp. 1144–1156. ACM (2017)
Li, X.: Pseudorandom correlation breakers, independence preserving mergers and their applications. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 25, p. 28 (2018)
Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)
Panconesi, A., Srinivasan, A.: Randomized distributed edge coloring via an extension of the Chernoff-Hoeffding bounds. SIAM J. Comput. 26(2), 350–368 (1997)
Acknowledgements
We would like to thank Dana Dachman-Soled, Tal Malkin, and Li Yang Tan for many insightful conversations and helping to pose the initial question and its connections to small depth circuits. We would like to additionally thank Justin Holmgren and Ron Rothblum for stimulating discussions. The first author is supported by an IBM Research PhD Fellowship, NSF grant CCF1423306, and the Leona M. & Harry B. Helmsley Charitable Trust. Part of this work was completed while the author was visiting IDC Herzilya. The second author is supported by NSF grants CNS1314722 and CNS-1413964. The third author is supported by NSF grants CNS-1314722, CNS-1413964, CNS-1750795 and the Alfred P. Sloan Research Fellowship.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A Leaky Function Classes
A Leaky Function Classes
Ball et al. [BDG+18] considered a leaky variant of a given tampering class \(\mathcal {C}\).
Definition 12
(Leaky Function Families). [BDG+18] Let \(\mathrm {LL}^{i,m,N}[\mathcal {C}]\) denote tampering functions generated via the following game:
-
1.
The adversary first commits to N functions from a class \(\mathcal {C}\), \(F_1,\ldots ,F_N = \varvec{F}\).
(Note: \(F_j:\{0,1\}^N\rightarrow \{0,1\}\) for all \(j\in [N]\).)
-
2.
The adversary then has i-adaptive rounds of leakage. In each round \(j\in [i]\),
-
the adversary selects s indices from [N], denoted \(S_j\),
-
the adversary receives \(\varvec{F}(x)_{S_j}\).
Formally, we take \(h_j:\{0,1\}^{m(j-1)}\rightarrow [N]^m\) to be the selection function such that
$$\begin{aligned} h_j(F(X)_{S_1},\ldots ,F(X)_{S_{j-1}})=S_{j}. \end{aligned}$$Let \(h_1\) be the constant function that outputs \(S_1\).
-
-
3.
Finally, selects a sequence of n functions \((F_{t_1},\ldots ,F_{t_n})\) (\(T=\{t_1,\ldots ,t_n\}\subseteq [N]\) such that \(t_1<t_2<\cdots <t_n\)) to tamper with.
Formally, we take \(h:\{0,1\}^{mi}\rightarrow [N]^n\) such that \(h(F(X)_{S_1},\ldots ,F(X)_{S_i})=T\).
Thus, any \(\tau \in \mathrm {LL}^{i,m,N}[\mathcal {C}]\) can be described as \((\varvec{F},h_1,\cdots ,h_i,h)\) and denote the tampering function described above via \(\tau = \mathrm {Eval}(\varvec{F},h_1,\cdots ,h_i,h)\).
Rights and permissions
Copyright information
© 2019 International Association for Cryptologic Research
About this paper
Cite this paper
Ball, M., Guo, S., Wichs, D. (2019). Non-malleable Codes for Decision Trees. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11692. Springer, Cham. https://doi.org/10.1007/978-3-030-26948-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-26948-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26947-0
Online ISBN: 978-3-030-26948-7
eBook Packages: Computer ScienceComputer Science (R0)