1 / 17

Explicit Non-Malleable Codes Resistant to Permutations

Explicit Non-Malleable Codes Resistant to Permutations. Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran (UIUC). Outline. N on-malleability and importance Non-malleable codes, brief survey, contribution More details. Non-Malleability.

adia
Download Presentation

Explicit Non-Malleable Codes Resistant to Permutations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Explicit Non-Malleable Codes Resistant to Permutations Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran (UIUC)

  2. Outline • Non-malleability and importance • Non-malleable codes, brief survey, contribution • More details.

  3. Non-Malleability • Cannot be easilychanged, influenced. • An important property required in several cryptographic applications. • Non-malleable encryption, signatures, commitments,… • Non-malleable code: • Difficult to change encoded message.

  4. Encryption: Sealed-Bid Auction Public Key PK Encrypt (PK, $200) Encrypt (PK, $201) Unfair Advantage!! Image courtesy: http://gweedosplace.wordpress.com/

  5. Signature: Man-in-the-Middle Pay $100 -Bob Pay $100*100*100 -Bob UIUC Grad Student

  6. Non-Malleable Codes

  7. Non-Malleable codes • Tampering function family . • Experiment: • Informally, (Enc, Dec) an NM code if m* is either m or an unrelated value. Dec Enc m c c* = f(c) m*

  8. Related Work • Granular/Compartmentalized Tampering. • Bit-wise independent tampering [DPW10, CG14b]. • Split-state model [DKO13,CG14b,ADL14]. • Global Tampering. • functions mapping n bits to n bits. • For families of smaller size • Inefficient encoding/decoding [DPW10, CG14a]. • Explicit constructions not available [FMVW14]. • Specific global tampering functions not considered.

  9. Our Contribution • Tampering function can PERMUTE bits and perturb them. • EXPLICIT and efficient encoding/decoding procedure. • RATE 1. • Information-theoretic setting.

  10. Detection/Correction? • In coding theory, error detection/correction important. • Family of constant functions where . • If c valid codeword, no way to even detect. • Easy to get non-malleability: Enc(m) = m. • NM codes don’t exist for all functions. • Decode the codeword, flip the first bit, encode it again.

  11. More Details

  12. Definition • Definition of Dziembowski et al. [ICS10] slightly complex. • We have a stronger, simpler definition: robust non-malleability. • Adversary specifies and a message . • Two requirements for all and : • Prob. c* invalid codeword independent of m, • If c* valid then m*=m with high probability. Dec Enc m c c* = f(c) m*

  13. Tampering Family • Admissible channel: Transition probabilities are constants, but output should not be a fixed value. • Adversary can permute the bits in the codeword(global attack). • Then, pass each bit through an admissible channel. • Size of function family infinite! 1/2 0 0 0 0 0 0 1/2 1/2 1/2 1 1 1 1 1 1 Bit Flipping Random output Bit Fixing

  14. Construction: Basic …… AG Codes …… Outer Code Balanced Unary Encoding …… Inner Code

  15. Construction: Rate 1 • Encode m using Reed-Solomon codes to get . • H: almost universal hash-function family. • and . • .

  16. Conclusion • Open problems: There are hardly any closed problems. • Our NM code has applications to NM commitments. • Other interesting families that may have applications to cryptography. • Paper would be on eprint very soon. Keep looking.

  17. Thank you Questions?

More Related