Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.

Published byMichael Paul Modified over 8 years ago

Similar presentations

Presentation on theme: "Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors."— Presentation transcript:

1 Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors 1 * New York University ** University of Warsaw

2 Plan Introduction to Non-Malleable Codes Split-state Model and Recent Results Non-malleable Reductions Non-Malleable Codes from Two-Source Extractors 2

3 Definition of Non-Malleable Codes Non-Malleable Codes from Two-Source Extractors 3 Scheme is non-malleable with respect to family H if h can be represented as a probabilistic combination constant functions identity function

4 We have to limit class H Non-Malleable Codes from Two-Source Extractors 4 can not be represented as combination of constant functions and identity

5 Existential Result Non-Malleable Codes (ICS 2010) S.Dziembowski, K.Pietrzak and D.Wichs Existence of codes for small enough manipulation families via probabilistic argument Non-Malleable Codes from Two-Source Extractors 5 Where n is a size of codeword

6 Formal Definition for 1-bit Message Non-Malleable Codes from Two-Source Extractors 6 Scheme (Enc, Dec) is ε-non-malleable with respect to family H If for every h in H: Where B is uniformly distributed over {0,1} and This definition is equivalent to the general definition in 1-bit message case

7 Plan Introduction to Non-Malleable Codes Split-state Model and Recent Results Non-malleable Reductions Non-Malleable Codes from Two-Source Extractors 7 DONE

8 2-Split State Model Enc(m)= L, R Manipulation functions (f,g) are any arbitrary functions, f,g are applied separately to L and R : Non-Malleable Codes from Two-Source Extractors 8 L R L’ R’ f g Dec(L’,R’)=m’ Enc(m)

9 t-Split State Model Non-Malleable Codes from Two-Source Extractors 9

10 Recent Results Non-malleable Codes from Two-source Extractors (Crypto’13) S.Dziembowski (UW), T.Kazana (UW), M.Obremski (UW) Non-malleable coding against bit-wise and split-state tampering (TCC’14) M.Cheraghchi (MIT), V.Guruswami (CMU) Non-malleable Codes from Additive Combinatorics (STOC’14) D.Aggarwal (NYU), Y.Dodis (NYU), S.Lovett (UCSD) Non-malleable Codes in the Constant Split-state Model (FOCS’14) E.Chattopadhyay (U.Texas), D. Zuckerman (U.Texas) Non-Malleable Codes from Two-Source Extractors 10

11 Recent Results Non-Malleable Codes from Two-Source Extractors 11 [ADL’14] [u.m.] [CZ’14] Number of statesCodeword length n- length of message

12 The more parts the easier it gets.. Non-Malleable Codes from Two-Source Extractors 12

13 Plan Introduction to Non-Malleable Codes Split-state Model and Recent Results Non-malleable Reductions Non-Malleable Codes from Two-Source Extractors 13 DONE

14 Non-malleable Reductions Non-Malleable Codes from Two-Source Extractors 14

15 Non-malleable Reductions Non-Malleable Codes from Two-Source Extractors 15

16 Non-malleable Code as Reduction Non-Malleable Codes from Two-Source Extractors 16

17 Composition Non-Malleable Codes from Two-Source Extractors 17

18 Remark Non-Malleable Codes from Two-Source Extractors 18

19 Codeword length Non-Malleable Codes from Two-Source Extractors 19

20 Composition v.2 Non-Malleable Codes from Two-Source Extractors 20

21 Recent Results Non-Malleable Codes from Two-Source Extractors 21 [ADL’14] [u.m.] [CZ’14] Number of states Codeword length n- length of message

22 Captain Obvious strikes again Non-Malleable Codes from Two-Source Extractors 22 That does not give us much..

23 Our result Non-malleable Reductions and Applications D.Aggarwal, Y.Dodis, T.Kazana, M.Obremski Non-Malleable Codes from Two-Source Extractors 23 Which combined with [CZ’14] Gives first constant rate (linear length codeword) Non-malleable Code construction in 2-split-state model

24 Thank You! Non-Malleable Codes from Two-Source Extractors 24

25 Related Work Non-Malleable Codes (ICS 2010) S.Dziembowski, K.Pietrzak and D.Wichs Existence of codes for small enough manipulation families via probabilistic argument Explicit construction of non-malleable codes with respect to Independent Bit Tampering Tamper and leakage resilience in the split-state model(Crypto 2012) F. Liu and A. Lysyanskaya Explicit construction, computational-security, assuming common reference string Bonus feature- resilient to leakage. Non-Malleable Codes from Two-Source Extractors 25

26 Our Contribution We give explicit, Non-Malleable Code for 1-bit messages in Split State Model Additionally our constructions is resilient against the adversary who can leak adaptively some information before choosing manipulation functions. Non-Malleable Codes from Two-Source Extractors 26

27 Plan Introduction to Non-Malleable Codes Our construction of a Non-Malleable Code Leakage feature Non-Malleable Codes from Two-Source Extractors 27 DONE

28 Secret Sharing It is easy to see that non-malleable scheme needs to be 2-out-of-2 secret sharing Non-Malleable Codes from Two-Source Extractors 28 If it is not secret sharing (example for 1-bit secret): S=1 S=0

29 Secret Sharing is not enough- counterexample Non-Malleable Codes from Two-Source Extractors 29 Attack example function h can not be represented as combination of identity and constant functions

30 Secret Sharing with enhanced security - two-source extractors Non-Malleable Codes from Two-Source Extractors 30 Attack example

31 Will extractors work on smaller field? Non-Malleable Codes from Two-Source Extractors 31 That is still not enough. Attack example:

32 Problem with Inner Product Main issue with Inner Product approach is that for large field the adversary can exploit its linear structure For small field the adversary can exploit non-uniform distributions of bits multiplication results Non-Malleable Codes from Two-Source Extractors 32 We want to combine advantages of a large field and a small one

33 Our Construction Non-Malleable Codes from Two-Source Extractors 33 0 1 How to encode a bit? Unfortunately we require additional features from chosen extractor namely flexibility

34 Remarks Security parameter depends only on the size of field If then parameter plays role in the leakage feature Non-Malleable Codes from Two-Source Extractors 34

35 Plan Introduction to Non-Malleable Codes Our construction of a Non-Malleable Code Leakage feature Non-Malleable Codes from Two-Source Extractors 35 DONE

36 Bonus Feature - Leakage Adversary before choosing manipulation functions can adaptively leak Non-Malleable Codes from Two-Source Extractors 36 L R A A L’ R’ f g Total leakage <

37 Recent Paper Non-malleable Codes from Additive Combinatorics Divesh Aggarwal, Yevgeniy Dodis, Shachar Lovett Non-Malleable Codes from Two-Source Extractors 37

38 A little bit of history Non-Malleable Codes (ICS 2010) Stefan Dziembowski, Krzysztof Pietrzak and Daniel Wichs Existence of codes via probabilistic argument Explicit construction of non-malleable codes with respect to Independent Bit Tampering Non-Malleable Codes from Two-Source Extractors 38

39 Definition of Non-Malleable Codes Non-Malleable Codes from Two-Source Extractors 39 M=M’ M’ is independent of M or

40 Basic remarks Non-Malleable Codes from Two-Source Extractors 40 We have to limit manipulations family take f(x)=Enc(Dec(x)+1) It is not Manipulation Detection Adversary can overwrite secret

41 Formal Definition Scheme (Enc, Dec) is Non-Malleable with respect to functions family if for every exists distribution such that for every message following experiments are indistinguishable Non-Malleable Codes from Two-Source Extractors 41

42 Two-Source Extractors Ext is (k,ε)-Two-Source Extractor if for every X,Y such that H ∞ (X)≥k and H ∞ (Y)≥k Non-Malleable Codes from Two-Source Extractors 42 Ext is Strong (k,ε)-Two-Source Extractor if

43 Flexible Two-Source Extractors Ext is Flexible (2k,ε)-Two-Source Extractor if for every X,Y random variables such that H ∞ (X)+H ∞ (Y) ≥ 2k Non-Malleable Codes from Two-Source Extractors 43 Strong Flexible Extractor fulfills

44 Why Flexibility? Non-Malleable Codes from Two-Source Extractors 44 High H ∞ Standard notion Extractor Uniform distribution Very High H ∞ Low H ∞ Extractor Uniform distribution Flexibility (Leftover Hash Lemma)

45 Some Remarks and Examples Obviously if X,Y random variables on, then k≥n Non-Malleable Codes from Two-Source Extractors 45 First is Strong Flexible with log (1/ε) = (k − (n + 4) log |F|)/3 − 1 Second is Flexible with log (1/ε) = (k-n)/2-λ+1 Two examples of Flexible Extractors:

46 Why one bit only? - Example Chose c 1,c 2,c 3,…,c k elements of field F. To encode i=1,2,…k : To encode k+1 : Non-Malleable Codes from Two-Source Extractors 46 Possible attack:

47 Intuition If the adversary wants to maintain correlation with message m he has to be “close” to one-to-one function Non-Malleable Codes from Two-Source Extractors 47 Ext( LR )=x fg L’R’ Do not reveal information about x Think of it as a loss of information Output does not necessarly need to be small

48 The Trick! If the adversary uses almost “one-to-one” functions he can not change 1 to 0 Non-Malleable Codes from Two-Source Extractors 48 10 huge small This set is

49 Unfortunately the adversary is a very mean person There is significant technical problem when Adversary choses to mix two strategies “Almost” one-to-one function “Almost” constant function Non-Malleable Codes from Two-Source Extractors 49 Function which on a part of domain keeps all information and on the rest of domain choses to ignore it

50 Far From Constant Non-Malleable Codes from Two-Source Extractors 50

51 Drive-Through Proof - Part I Non-Malleable Codes from Two-Source Extractors 51 For this theorem we require flexibility notion

52 Drive-Through Proof – Part II Non-Malleable Codes from Two-Source Extractors 52 For this theorem we require standard extractor notion

Download ppt "Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors."

Similar presentations

Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.

Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.

PRATYAY MUKHERJEE AARHUS UNIVERSITY AARHUS UNIVERSITY PRATYAY MUKHERJEE 25. FEB 2014 CONTINUOUS NON-MALLEABLE CODES JOINT WORK WITH SEBASTIAN FAUST, JESPER.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.

Efficient Non-Malleable Codes and Key-derivations against Poly-size Tampering Circuits PRATYAY MUKHERJEE (Aarhus University) Joint work with Sebastian.
PRATYAY MUKHERJEE Aarhus University Joint work with

PRATYAY MUKHERJEE Aarhus University Joint work with
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.

A Rate-Optimizing Compiler for Non- malleable Codes against Bit-wise Tampering and Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta K.
NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.

NON-MALLEABLE CODES AND TAMPER-RESILIENT SECURITY ( ICS 2010 ) Joint work with: Stefan Dziembowski, Krzysztof Pietrzak Speaker: Daniel Wichs.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.

Dual System Encryption: Concept, History and Recent works Jongkil Kim.
Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Similar presentations

Ads by Google