Skip to main content
SpringerLink
Log in

Four-State Non-malleable Codes with Explicit Constant Rate

  • Research Article
  • Published:
Journal of Cryptology Aims and scope Submit manuscript

Abstract

Non-malleable codes (NMCs), introduced by Dziembowski, Pietrzak and Wichs (ITCS 2010), provide a powerful guarantee in scenarios where the classical notion of error-correcting codes cannot provide any guarantee: a decoded message is either the same or completely independent of the underlying message, regardless of the number of errors introduced into the codeword. Informally, NMCs are defined with respect to a family of tampering functions \(\mathcal {F}\) and guarantee that any tampered codeword decodes either to the same message or to an independent message, so long as it is tampered using a function \(f \in \mathcal {F}\). One of the well-studied tampering families for NMCs is the t-split-state family, where the adversary tampers each of the t“states” of a codeword, arbitrarily but independently. Cheraghchi and Guruswami (TCC 2014) obtain a rate-1 non-malleable code for the case where \(t = \mathcal {O}(n)\) with n being the codeword length and, in (ITCS 2014), show an upper bound of \(1-1/t\) on the best achievable rate for any t-split state NMC. For \(t=10\), Chattopadhyay and Zuckerman (FOCS 2014) achieve a constant-rate construction where the constant is unknown. In summary, there is no known construction of an NMC with an explicit constant rate for any \(t= o(n)\), let alone one that comes close to matching Cheraghchi and Guruswami’s lowerbound! In this work, we construct an efficient non-malleable code in the t-split-state model, for \(t=4\), that achieves a constant rate of \(\frac{1}{3+\zeta }\), for any constant \(\zeta > 0\), and error \(2^{-\varOmega (\ell / log^{c+1} \ell )}\), where \(\ell \) is the length of the message and \(c > 0\) is a constant.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1

Similar content being viewed by others

Notes

  1. For example, this input–output behaviour may be decryption of ciphertexts in the case of Chosen Ciphertext Security of Encryption or signatures of messages in the case of Digital Signatures.

  2. LECSS ensures that the bits of a codeword are t-wise independent and detects tampering if the codeword is modified by an offset \(\Delta \), when \(\Delta \) is not a valid codeword of the scheme.

  3. AMD codes detect tampering attacks that add some pre-determined offset \(\Delta \) to the codeword.

  4. This tampering family captures other tampering attacks such as bit-wise tampering, identity function, and constant function. A motivation to study this model comes from practical applications like cloud storage, where a single file may be stored in t parts at t different locations and an adversary tampers each of these parts independent of the other. It is therefore both of theoretical and practical interest to obtain non-malleable codes for the t-split-state family where \(t>1\) is as small as possible.

  5. Specifically, Liu and Lysyanskaya [34] present a computational non-malleable code w.r.t. split-state tampering functions in the common reference string (CRS) model, using number theoretic assumptions and assuming existence of robust non-interactive zero-knowledge proof systems for an appropriate NP language.

  6. This problem does not arise with a \(\textsf {MAC}\) such as \(ax+b\) where (ab) is the \(\textsf {MAC}\) key and x is the underlying message. There, for a fixed key and fixed tag, there is a unique message which satisfies the linear equation.

  7. We ensure this by encoding \(s\) using a non-malleable code.

  8. It is crucial to authenticate them separately as, a construction where we do not authenticate them separately is insecure. This is brought out in the security proof later.

  9. A key point to note is that the existing efficient 2-state non-malleable code constructions [3, 32] are augmented-non-malleable codes, and hence we can in fact start with a 2-split-state augmented-non-malleable code.

  10. Although the paper explicitly doesn’t state that the construction is augmented, the construction is in fact an augmented-non-malleable code(as observed in [31]).

  11. The explicit two-state non-malleable code construction given in [32] is in fact an augmented-non-malleable code (as observed in [31]).

  12. The preliminary version of this paper at TCC 2017 did not show the augmented-non-malleability feature.

  13. Capital letters \(L_1, C\) and \({\tilde{M}}\) denote the distributions on respective states and the tampered message.

  14. If we instantiate our construction with the improved rate (\(\varOmega ((\log \log \log n)/(\log \log n))\)) construction of [33], we get an improved error, but our rate remains the same.

References

  1. D. Aggarwal, S. Agrawal, D. Gupta, H.K. Maji, O. Pandey, M. Prabhakaran, Optimal computational split-state non-malleable codes, in Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10–13, 2016, Proceedings, Part II, 2016, pp. 393–417

  2. D. Aggarwal, Y. Dodis, T. Kazana, M. Obremski, Non-malleable reductions and applications, in Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, June 14–17, 2015, pp. 459–468

  3. D. Aggarwal, Y. Dodis, S. Lovett, Non-malleable codes from additive combinatorics, in Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31–June 03, 2014, pp. 774–783

  4. S. Agrawal, D. Gupta, H.K. Maji, O. Pandey, M. Prabhakaran, Explicit non-malleable codes resistant to permutations and perturbations. IACR Cryptology ePrint Archive, 2014, p. 841

    Google Scholar 

  5. S. Agrawal, D. Gupta, H.K. Maji, O. Pandey, M. Prabhakaran, A rate-optimizing compiler for non-malleable codes against bit-wise tampering and permutations, in Theory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23–25, 2015, Proceedings, Part I, 2015, pp. 375–397

  6. M. Ball, D. Dachman-Soled, M. Kulkarni, T. Malkin, Non-malleable codes for bounded depth, bounded fan-in circuits, in M. Fischlin, J.-S. Coron, eds., Advances in Cryptology – EUROCRYPT 2016 (Springer, Berlin), pp. 881–908

  7. M. Ball, D. Dachman-Soled, M. Kulkarni, T. Malkin, Non-malleable codes from average-case hardness: Ac \(^0\), decision trees, and streaming space-bounded tampering, in J.B. Nielsen, V. Rijmen, (eds.,) Advances in Cryptology – EUROCRYPT 2018 (Springer International Publishing, Cham, 2018), pp. 618–650

  8. S. Coretti, Y. Dodis, B. Tackmann, D. Venturi, Non-malleable encryption: Simpler, shorter, stronger, in E. Kushilevitz, T. Malkin, (eds.), Theory of Cryptography (Springer, Berlin, Heidelberg, 2016), pp. 306–335

  9. M. Cheraghchi, V. Guruswami, Capacity of non-malleable codes, in Innovations in Theoretical Computer Science, ITCS’14, Princeton, NJ, USA, January 12–14, 2014, pp. 155–168

  10. M. Cheraghchi, V. Guruswami, Non-malleable coding against bit-wise and split-state tampering, in Theory of Cryptography - 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24–26, 2014. Proceedings, 2014, pp. 440–464

  11. N. Chandran, V. Goyal, P. Mukherjee, O. Pandey, J. Upadhyay, Block-wise non-malleable codes, in ICALP volume 55 of LIPIcs (Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2016), pp. 31:1–31:14

  12. N. Chandran, B. Kanukurthi, S. Raghuraman, Information-theoretic local non-malleable codes and their applications, in Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10–13, 2016, Proceedings, Part II, 2016, pp. 367–392

  13. E. Chattopadhyay, X. Li, Non-malleable codes and extractors for small-depth circuits, and affine functions, in STOC (ACM, 2017), pp. 1171–1184

  14. S. Coretti, U. Maurer, B. Tackmann, D. Venturi, From single-bit to multi-bit public-key encryption via non-malleable codes. IACR Cryptology ePrint Archive, 2014:324 (2014)

  15. J.L. Carter, M.N. Wegman, Universal classes of hash functions. J. Comput. Syst. Sci.18, 143–154 (1979)

    Article  MathSciNet  Google Scholar 

  16. E. Chattopadhyay, D. Zuckerman, Non-malleable codes against constant split-state tampering, in 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, October 18–21, 2014, pp. 306–315

  17. Y. Dodis, B. Kanukurthi, J. Katz, L. Reyzin, A. Smith, Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans. Inf. Theory (2012)

  18. S. Dziembowski, T. Kazana, M. Obremski.,Non-malleable codes from two-source extractors, in Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2013. Proceedings, Part II, 2013, pp. 239–257

  19. D. Dachman-Soled, M. Kulkarni, A. Shahverdi, Tight upper and lower bounds for leakage-resilient, locally decodable and updatable non-malleable codes. IACR Cryptology ePrint Archive, 2017:15 (2017)

  20. D. Dachman-Soled, F.-H. Liu, El. Shi, H.-S. Zhou, Locally decodable and updatable non-malleable codes and their applications. IACR Cryptology ePrint Archive, 2014:663 (2014)

  21. Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput.38(1), 97–139 (2008). arXiv:cs/0602007

  22. S. Dziembowski, K. Pietrzak, D. Wichs, Non-malleable codes, in Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, January 5–7, 2010. Proceedings, 2010, pp. 434–452

  23. S. Faust, K. Hostáková, P. Mukherjee, D. Venturi, Non-malleable codes for space-bounded tampering, in CRYPTO (2), volume 10402 of Lecture Notes in Computer Science (Springer, 2017), pp. 95–126

  24. S. Faust, P. Mukherjee, J.B. Nielsen, D. Venturi, Continuous non-malleable codes, in Theory of Cryptography - 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24–26, 2014. Proceedings, 2014, pp. 465–488

  25. D. Gupta, H.K. Maji, M. Wang, Non-malleable codes against lookahead tampering, in Progress in Cryptology - INDOCRYPT 2018 - 19th International Conference on Cryptology in India, New Delhi, India, December 9–12, 2018, Proceedings, 2018, pp. 307–328

  26. V. Goyal, O. Pandey, S. Richelson, Textbook non-malleable commitments. in Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, June 18–21, 2016, pp. 1128–1141

  27. V. Guruswami, C. Umans, S.P. Vadhan, Unbalanced expanders and randomness extractors from Parvaresh–ardy codes, in IEEE Conference on Computational Complexity, 2007, pp. 96–108

  28. J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, Construction of pseudorandom generator from any one-way function. SIAM J. Comput.28(4), 1364–1396 (1999)

    Article  MathSciNet  Google Scholar 

  29. T. Johansson, G. Kabatianskii, B.J.M. Smeets, On the relation between a-codes and codes correcting independent errors, in Advances in Cryptology - EUROCRYPT ’93, Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, Norway, May 23–27, 1993, Proceedings, 1993, pp. 1–11

  30. Z. Jafargholi, D. Wichs, Tamper detection and continuous non-malleable codes, in Theory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23–25, 2015, Proceedings, Part I, 2015, pp. 451–480

  31. B. Kanukurthi, S.L.B. Obbattu, S. Sekar, Non-malleable randomness encoders and their applications, in Eurocrypt 2018, April 28–May 3 (2018)

  32. X. Li, Improved non-malleable extractors, non-malleable codes and independent source extractors, in Symposium on Theory of Computing, STOC 2017, Montreal, Canada, June 19–23, 2017

  33. X. Li, Non-malleable extractors and non-malleable codes: Partially optimal constructions. Cryptology ePrint Archive, Report 2018/353, 2018. https://eprint.iacr.org/2018/353

  34. F.-H. Liu, A. Lysyanskaya, Tamper and leakage resilience in the split-state model, IACR Cryptology ePrint Archive, p. 297 (2012)

    MATH  Google Scholar 

  35. N. Nisan D. Zuckerman, Randomness is linear in space. J. Comput. Syst. Sci.52(1), 43–53 (1996)

    Article  MathSciNet  Google Scholar 

  36. T. Sanders, On the Bogolyubov–Ruzsa lemma. Anal. PDE5(3), 627–655 (2012)

  37. D.R. Stinson, Universal hash families and the leftover hash lemma, and applications to cryptography and computing. J. Combin. Math. Combin. Comput., 42, 3–31 (2002). Available at http://www.cacr.math.uwaterloo.ca/~dstinson/publist.html

  38. S. Vadhan, Pseudorandomness. Foundations and Trends in Theoretical Computer Science. Now Publishers, 2012. Available at http://people.seas.harvard.edu/~salil/pseudorandomness/

Download references

Acknowledgements

We thank Yevgeniy Dodis for insightful comments related to the generalization in Sect. 5. We also thank the anonymous referees for several helpful comments. Research of the first author was supported, in part, by Department of Science and Technology Inspire Faculty Award.

Author information

Authors and Affiliations

  1. Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India

    Bhavana Kanukurthi & Sai Lakshmi Bhavana Obbattu

  2. Department of Mathematics, Indian Institute of Science, Bangalore, India

    Sruthi Sekar

Authors
  1. Bhavana Kanukurthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sai Lakshmi Bhavana Obbattu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sruthi Sekar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sruthi Sekar.

Additional information

Communicated by Rafail Ostrovsky.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A preliminary version of this paper appeared in the Proceedings of TCC 2017.

A Appendix

A Appendix

Lemma 9

If \( \alpha = \varOmega (\dfrac{\beta }{\log (\beta )}) \), then \( \beta = \mathcal {O}(\alpha .\log (\alpha )) \)

Proof

By the definition of \( \varOmega \), \( \exists \) a constant \( c>0 \) such that for large \( \alpha , \beta \)

$$\begin{aligned}&0\le c.\dfrac{\beta }{\log (\beta )} \le \alpha \nonumber \\&c \beta \le \alpha . \log (\beta ) \nonumber \\&c \beta \le \alpha \sqrt{\beta } \end{aligned}$$
(15)

If \( c\ge 1 \)

$$\begin{aligned}&\sqrt{\beta } \le \alpha \\&\log (\beta ) \le 2.\log (\alpha ) \end{aligned}$$

Multiplying with Eq. 15, we get

$$\begin{aligned} 0 \le \dfrac{c}{2}. \beta \le \alpha \log (\alpha ) \end{aligned}$$
(16)

If \( c<1 \), let \( c' = \dfrac{1}{c} \)

$$\begin{aligned}&\sqrt{\beta } \le c' .\alpha \\&\log (\beta ) \le 2(\log (c') + \log (\alpha )) \\&\log (\beta ) \le 4.\log (\alpha ) \end{aligned}$$

Multiplying with Eq. 15

$$\begin{aligned} 0 \le \dfrac{c}{4}. \beta \le \alpha \log (\alpha ) \end{aligned}$$
(17)

In either case, for large \( \alpha , \beta \), for a constant \( \dfrac{c}{4}>0 \)

$$\begin{aligned}&0 \le \dfrac{c}{4}. \beta \le \alpha \log (\alpha )\\&\quad \implies \alpha \log (\alpha ) = \varOmega (\beta ) \\&\quad \implies \beta = \mathcal {O}(\alpha \log (\alpha )) \end{aligned}$$

\(\square \)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kanukurthi, B., Obbattu, S.L.B. & Sekar, S. Four-State Non-malleable Codes with Explicit Constant Rate. J Cryptol 33, 1044–1079 (2020). https://doi.org/10.1007/s00145-019-09339-7

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00145-019-09339-7

Search

Navigation