Continuous Non-malleable Codes

Sebastian Faust; Pratyay Mukherjee; Jesper Buus Nielsen; Daniel Venturi

doi:10.1007/978-3-642-54242-8_20

Continuous Non-malleable Codes

Sebastian Faust
, Pratyay Mukherjee
, Jesper Buus Nielsen
, Daniel Venturi

Department of Computer Science

Research output: Contribution to book/anthology/report/proceeding › Article in proceedings › Research › peer-review

87 Citations (Scopus)

Abstract

Non-malleable codes are a natural relaxation of error correcting/ detecting codes that have useful applications in the context of tamper resilient cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a given message can only leave it unchanged or modify it to the encoding of a completely unrelated value. This paper introduces an extension of the standard non-malleability security notion - so-called continuous non-malleability - where we allow the adversary to tamper continuously with an encoding. This is in contrast to the standard notion of non-malleable codes where the adversary only is allowed to tamper a single time with an encoding. We show how to construct continuous non-malleable codes in the common split-state model where an encoding consist of two parts and the tampering can be arbitrary but has to be independent with both parts. Our main contributions are outlined below:

We propose a new uniqueness requirement of split-state codes which states that it is computationally hard to find two codewords X = (X 0,X 1) and X′ = (X 0,X 1′) such that both codewords are valid, but X 0 is the same in both X and X′. A simple attack shows that uniqueness is necessary to achieve continuous non-malleability in the split-state model. Moreover, we illustrate that none of the existing constructions satisfies our uniqueness property and hence is not secure in the continuous setting.

We construct a split-state code satisfying continuous non-malleability. Our scheme is based on the inner product function, collision-resistant hashing and non-interactive zero-knowledge proofs of knowledge and requires an untamperable common reference string.

We apply continuous non-malleable codes to protect arbitrary cryptographic primitives against tampering attacks. Previous applications of non-malleable codes in this setting required to perfectly erase the entire memory after each execution and required the adversary to be restricted in memory. We show that continuous non-malleable codes avoid these restrictions.

Original language	English
Title of host publication	Theory of Cryptography : 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24-26, 2014. Proceedings
Editors	Yehuda Lindell
Number of pages	24
Publisher	Springer
Publication date	2014
Pages	465-488
ISBN (Print)	978-3-642-54241-1
ISBN (Electronic)	978-3-642-54242-8
DOIs	https://doi.org/10.1007/978-3-642-54242-8_20
Publication status	Published - 2014
Event	Theory of Cryptography Conference - San Diego, United States Duration: 24 Feb 2014 → 26 Feb 2014 Conference number: 11

Conference

Conference	Theory of Cryptography Conference
Number	11
Country/Territory	United States
City	San Diego
Period	24/02/2014 → 26/02/2014

Series	Lecture Notes in Computer Science
Volume	8349
ISSN	0302-9743

Access to Document

10.1007/978-3-642-54242-8_20

Library access?

Check availability with the Royal Danish Library

Cite this

@inproceedings{0e46875c6caa4c8cb0a2172c720f5e03,

title = "Continuous Non-malleable Codes",

abstract = "Non-malleable codes are a natural relaxation of error correcting/ detecting codes that have useful applications in the context of tamper resilient cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a given message can only leave it unchanged or modify it to the encoding of a completely unrelated value. This paper introduces an extension of the standard non-malleability security notion - so-called continuous non-malleability - where we allow the adversary to tamper continuously with an encoding. This is in contrast to the standard notion of non-malleable codes where the adversary only is allowed to tamper a single time with an encoding. We show how to construct continuous non-malleable codes in the common split-state model where an encoding consist of two parts and the tampering can be arbitrary but has to be independent with both parts. Our main contributions are outlined below: We propose a new uniqueness requirement of split-state codes which states that it is computationally hard to find two codewords X = (X 0,X 1) and X′ = (X 0,X 1′) such that both codewords are valid, but X 0 is the same in both X and X′. A simple attack shows that uniqueness is necessary to achieve continuous non-malleability in the split-state model. Moreover, we illustrate that none of the existing constructions satisfies our uniqueness property and hence is not secure in the continuous setting. We construct a split-state code satisfying continuous non-malleability. Our scheme is based on the inner product function, collision-resistant hashing and non-interactive zero-knowledge proofs of knowledge and requires an untamperable common reference string. We apply continuous non-malleable codes to protect arbitrary cryptographic primitives against tampering attacks. Previous applications of non-malleable codes in this setting required to perfectly erase the entire memory after each execution and required the adversary to be restricted in memory. We show that continuous non-malleable codes avoid these restrictions. ",

keywords = "non-malleable codes, split-state, tamper resilience",

author = "Sebastian Faust and Pratyay Mukherjee and Nielsen, \{Jesper Buus\} and Daniel Venturi",

year = "2014",

doi = "10.1007/978-3-642-54242-8\_20",

language = "English",

isbn = "978-3-642-54241-1",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "465--488",

editor = "Yehuda Lindell",

booktitle = "Theory of Cryptography",

address = "Netherlands",

note = "Theory of Cryptography Conference ; Conference date: 24-02-2014 Through 26-02-2014",

}

Faust, S, Mukherjee, P, Nielsen, JB & Venturi, D 2014, Continuous Non-malleable Codes. in Y Lindell (ed.), Theory of Cryptography: 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24-26, 2014. Proceedings. Springer, Lecture Notes in Computer Science, vol. 8349, pp. 465-488, Theory of Cryptography Conference, San Diego, United States, 24/02/2014. https://doi.org/10.1007/978-3-642-54242-8_20

Continuous Non-malleable Codes. / Faust, Sebastian; Mukherjee, Pratyay; Nielsen, Jesper Buus et al.
Theory of Cryptography: 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24-26, 2014. Proceedings. ed. / Yehuda Lindell. Springer, 2014. p. 465-488 (Lecture Notes in Computer Science, Vol. 8349).

Research output: Contribution to book/anthology/report/proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Continuous Non-malleable Codes

AU - Faust, Sebastian

AU - Mukherjee, Pratyay

AU - Nielsen, Jesper Buus

AU - Venturi, Daniel

N1 - Conference code: 11

PY - 2014

Y1 - 2014

N2 - Non-malleable codes are a natural relaxation of error correcting/ detecting codes that have useful applications in the context of tamper resilient cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a given message can only leave it unchanged or modify it to the encoding of a completely unrelated value. This paper introduces an extension of the standard non-malleability security notion - so-called continuous non-malleability - where we allow the adversary to tamper continuously with an encoding. This is in contrast to the standard notion of non-malleable codes where the adversary only is allowed to tamper a single time with an encoding. We show how to construct continuous non-malleable codes in the common split-state model where an encoding consist of two parts and the tampering can be arbitrary but has to be independent with both parts. Our main contributions are outlined below: We propose a new uniqueness requirement of split-state codes which states that it is computationally hard to find two codewords X = (X 0,X 1) and X′ = (X 0,X 1′) such that both codewords are valid, but X 0 is the same in both X and X′. A simple attack shows that uniqueness is necessary to achieve continuous non-malleability in the split-state model. Moreover, we illustrate that none of the existing constructions satisfies our uniqueness property and hence is not secure in the continuous setting. We construct a split-state code satisfying continuous non-malleability. Our scheme is based on the inner product function, collision-resistant hashing and non-interactive zero-knowledge proofs of knowledge and requires an untamperable common reference string. We apply continuous non-malleable codes to protect arbitrary cryptographic primitives against tampering attacks. Previous applications of non-malleable codes in this setting required to perfectly erase the entire memory after each execution and required the adversary to be restricted in memory. We show that continuous non-malleable codes avoid these restrictions.

AB - Non-malleable codes are a natural relaxation of error correcting/ detecting codes that have useful applications in the context of tamper resilient cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a given message can only leave it unchanged or modify it to the encoding of a completely unrelated value. This paper introduces an extension of the standard non-malleability security notion - so-called continuous non-malleability - where we allow the adversary to tamper continuously with an encoding. This is in contrast to the standard notion of non-malleable codes where the adversary only is allowed to tamper a single time with an encoding. We show how to construct continuous non-malleable codes in the common split-state model where an encoding consist of two parts and the tampering can be arbitrary but has to be independent with both parts. Our main contributions are outlined below: We propose a new uniqueness requirement of split-state codes which states that it is computationally hard to find two codewords X = (X 0,X 1) and X′ = (X 0,X 1′) such that both codewords are valid, but X 0 is the same in both X and X′. A simple attack shows that uniqueness is necessary to achieve continuous non-malleability in the split-state model. Moreover, we illustrate that none of the existing constructions satisfies our uniqueness property and hence is not secure in the continuous setting. We construct a split-state code satisfying continuous non-malleability. Our scheme is based on the inner product function, collision-resistant hashing and non-interactive zero-knowledge proofs of knowledge and requires an untamperable common reference string. We apply continuous non-malleable codes to protect arbitrary cryptographic primitives against tampering attacks. Previous applications of non-malleable codes in this setting required to perfectly erase the entire memory after each execution and required the adversary to be restricted in memory. We show that continuous non-malleable codes avoid these restrictions.

KW - non-malleable codes

KW - split-state

KW - tamper resilience

U2 - 10.1007/978-3-642-54242-8_20

DO - 10.1007/978-3-642-54242-8_20

M3 - Article in proceedings

SN - 978-3-642-54241-1

T3 - Lecture Notes in Computer Science

SP - 465

EP - 488

BT - Theory of Cryptography

A2 - Lindell, Yehuda

PB - Springer

T2 - Theory of Cryptography Conference

Y2 - 24 February 2014 through 26 February 2014

ER -