Abstract

Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization of standard non-malleability where the adversary is allowed to tamper continuously with the same encoding. This is in contrast to the standard definition of non-malleable codes, where the adversary can only tamper a single time. The only restriction is that after the first invalid codeword is ever generated, a special self-destruct mechanism is triggered and no further tampering is allowed; this restriction can easily be shown to be necessary. We focus on the split-state model, where an encoding consists of two parts and the tampering functions can be arbitrary as long as they act independently on each part. Our main contributions are outlined below.We show that continuous non-malleability in the split-state model is impossible without relying on computational assumptions.We construct a computationally secure split-state code satisfying continuous non-malleability in the common reference string (CRS) model. Our scheme can be instantiated assuming the existence of collision-resistant hash functions and (doubly enhanced) trapdoor permutations, but we also give concrete instantiations based on standard number-theoretic assumptions.We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks. Previous applications of non-malleable codes in this setting required perfect erasures and the adversary to be restricted in memory. We show that continuously non-malleable codes allow to avoid these restrictions.

Highlights

  • Physical attacks targeting cryptographic implementations instead of breaking the blackbox security of the underlying algorithm are amongst the most severe threats for cryptographic systems

  • We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks

  • Tampering attacks are rather easy to carry out: A virus corrupting a machine can gain partial control over the state, or an adversary that penetrates the cryptographic implementation with physical equipment may induce faults into keys stored in memory

Read more

Summary

Introduction

Physical attacks targeting cryptographic implementations instead of breaking the blackbox security of the underlying algorithm are amongst the most severe threats for cryptographic systems. A important attack on implementations is the so-called tampering attack, where the adversary changes the secret key to some related value and observes the effect of such changes at the output. As long as the adversary can only apply tampering functions from the family F, the non-malleability property guarantees that the (possibly tampered) decoded value is not related to the original key. The standard notion of non-malleability considers a one-shot game: the adversary is allowed to tamper a single time with the codeword, after which it obtains the decoded output. We show that our new security notion is a natural extension of the standard definition, but allows to protect against tampering attacks in important settings where earlier constructions fall short to achieve security

Continuous Non-malleability
Our Contribution
We consider three different cases:
Related Work
Notation
Collision-Resistant Hashing
Non-interactive Zero Knowledge
Leakage-Resilient Storage
Continuous Non-Malleability
The Definition
Codewords Uniqueness
The Code
Description
Hybrids
Concrete Instantiation
Application to Tamper-Resilient Security
Stateless Functionalities
Stateful Functionalities

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.