TY - GEN
T1 - Non-malleable codes against bounded polynomial time tampering
AU - Ball, Marshall
AU - Dachman-Soled, Dana
AU - Kulkarni, Mukul
AU - Lin, Huijia
AU - Malkin, Tal
N1 - Funding Information:
Acknowledgments. The first and fifth authors are supported in part by NSF grant #CCF1423306 and the Leona M. & Harry B. Helmsley Charitable Trust. The first author is additionally supported in part by an IBM Research PhD Fellowship.The second and third authors are supported in part by NSF grants #CNS-1840893, #CNS-1453045 (CAREER), by a research partnership award from Cisco and by financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology. The fourth author is supported by NSF grants #CNS-1528178, #CNS-1514526, #CNS-1652849 (CAREER), a Hellman Fellowship, the Defense Advanced Research Projects Agency (DARPA) and Army Research Office (ARO) under Contract No. W911NF-15-C-0236, and a subcontract No. 2017-002 through Galois. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. This work was performed, in part, while the first author was visiting IDC Herzliya’s FACT center and supported in part by ISF grant no. 1790/13 and the Check Point Institute for Information Security.
Funding Information:
The first and fifth authors are supported in part by NSF grant #CCF1423306 and the Leona M. & Harry B. Helmsley Charitable Trust. The first author is additionally supported in part by an IBM Research PhD Fellowship.The second and third authors are supported in part by NSF grants #CNS-1840893, #CNS-1453045 (CAREER), by a research partnership award from Cisco and by financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology. The fourth author is supported by NSF grants #CNS-1528178, #CNS-1514526, #CNS-1652849 (CAREER), a Hellman Fellowship, the Defense Advanced Research Projects Agency (DARPA) and Army Research Office (ARO) under Contract No. W911NF-15-C-0236, and a subcontract No. 2017-002 through Galois. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. This work was performed, in part, while the first author was visiting IDC Herzliya’s FACT center and supported in part by ISF grant no. 1790/13 and the Check Point Institute for Information Security.
Publisher Copyright:
© International Association for Cryptologic Research 2019.
PY - 2019
Y1 - 2019
N2 - We construct efficient non-malleable codes (NMC) that are (computationally) secure against tampering by functions computable in any fixed polynomial time. Our construction is in the plain (no-CRS) model and requires the assumptions that (1) E is hard for NP circuits of some exponential 2 βn (β> 0) size (widely used in the derandomization literature), (2) sub-exponential trapdoor permutations exist, and (3) P -certificates with sub-exponential soundness exist. While it is impossible to construct NMC secure against arbitrary polynomial-time tampering (Dziembowski, Pietrzak, Wichs, ICS ’10), the existence of NMC secure against O(nc) -time tampering functions (for any fixed c), was shown (Cheraghchi and Guruswami, ITCS ’14) via a probabilistic construction. An explicit construction was given (Faust, Mukherjee, Venturi, Wichs, Eurocrypt ’14) assuming an untamperable CRS with length longer than the runtime of the tampering function. In this work, we show that under computational assumptions, we can bypass these limitations. Specifically, under the assumptions listed above, we obtain non-malleable codes in the plain model against O(nc) -time tampering functions (for any fixed c), with codeword length independent of the tampering time bound. Our new construction of NMC draws a connection with non-interactive non-malleable commitments. In fact, we show that in the NMC setting, it suffices to have a much weaker notion called quasi non-malleable commitments—these are non-interactive, non-malleable commitments in the plain model, in which the adversary runs in O(nc) -time, whereas the honest parties may run in longer (polynomial) time. We then construct a 4-tag quasi non-malleable commitment from any sub-exponential OWF and the assumption that E is hard for some exponential size NP -circuits, and use tag amplification techniques to support an exponential number of tags.
AB - We construct efficient non-malleable codes (NMC) that are (computationally) secure against tampering by functions computable in any fixed polynomial time. Our construction is in the plain (no-CRS) model and requires the assumptions that (1) E is hard for NP circuits of some exponential 2 βn (β> 0) size (widely used in the derandomization literature), (2) sub-exponential trapdoor permutations exist, and (3) P -certificates with sub-exponential soundness exist. While it is impossible to construct NMC secure against arbitrary polynomial-time tampering (Dziembowski, Pietrzak, Wichs, ICS ’10), the existence of NMC secure against O(nc) -time tampering functions (for any fixed c), was shown (Cheraghchi and Guruswami, ITCS ’14) via a probabilistic construction. An explicit construction was given (Faust, Mukherjee, Venturi, Wichs, Eurocrypt ’14) assuming an untamperable CRS with length longer than the runtime of the tampering function. In this work, we show that under computational assumptions, we can bypass these limitations. Specifically, under the assumptions listed above, we obtain non-malleable codes in the plain model against O(nc) -time tampering functions (for any fixed c), with codeword length independent of the tampering time bound. Our new construction of NMC draws a connection with non-interactive non-malleable commitments. In fact, we show that in the NMC setting, it suffices to have a much weaker notion called quasi non-malleable commitments—these are non-interactive, non-malleable commitments in the plain model, in which the adversary runs in O(nc) -time, whereas the honest parties may run in longer (polynomial) time. We then construct a 4-tag quasi non-malleable commitment from any sub-exponential OWF and the assumption that E is hard for some exponential size NP -circuits, and use tag amplification techniques to support an exponential number of tags.
UR - http://www.scopus.com/inward/record.url?scp=85065910609&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85065910609&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-17653-2_17
DO - 10.1007/978-3-030-17653-2_17
M3 - Conference contribution
AN - SCOPUS:85065910609
SN - 9783030176525
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 501
EP - 530
BT - Advances in Cryptology – EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Ishai, Yuval
A2 - Rijmen, Vincent
PB - Springer Verlag
T2 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2019
Y2 - 19 May 2019 through 23 May 2019
ER -