Results 1 
5 of
5
Nonmalleable codes from twosource extractors. Unpublished manuscript
, 2013
"... Abstract. We construct an efficient informationtheoretically nonmalleable code in the splitstate model for onebit messages. Nonmalleable codes were introduced recently by Dziembowski, Pietrzak and Wichs (ICS 2010), as a general tool for storing messages securely on hardware that can be subject t ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
Abstract. We construct an efficient informationtheoretically nonmalleable code in the splitstate model for onebit messages. Nonmalleable codes were introduced recently by Dziembowski, Pietrzak and Wichs (ICS 2010), as a general tool for storing messages securely on hardware that can be subject to tampering attacks. Informally, a code (Enc: M → L×R, Dec: L × R → M) is nonmalleable in the splitstate model if any adversary, by manipulating independently L and R (where (L, R) is an encoding of some message M), cannot obtain an encoding of a message M ′ that is not equal to M but is “related ” M in some way. Until now it was unknown how to construct an informationtheoretically secure code with such a property, even for M = {0, 1}. Our construction solves this problem. Additionally, it is leakageresilient, and the amount of leakage that we can tolerate can be an arbitrary fraction ξ < 1/4 of the length of the codeword. Our code is based on the innerproduct twosource extractor, but in general it can be instantiated by any twosource extractor that has large output and has the property of being flexible, which is a new notion that we define. We also show that the nonmalleable codes for onebit messages have an equivalent, perhaps simpler characterization, namely such codes can be defined as follows: if M is chosen uniformly from {0, 1} then the probability (in the experiment described above) that the output message M ′ is not equal to M can be at most 1/2 + ɛ. 1
Nonmalleable Codes from Additive Combinatorics
, 2013
"... Nonmalleable codes provide a useful and meaningful security guarantee in situations where traditional errorcorrection (and even errordetection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is nonmalleable if the message contained ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
(Show Context)
Nonmalleable codes provide a useful and meaningful security guarantee in situations where traditional errorcorrection (and even errordetection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is nonmalleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. Although such codes do not exist if the family of “tampering functions ” F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so called splitstate model. Here the message m is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with L and R individually. The splitstate tampering arises in many realistic applications, such as the design of nonmalleable secret sharing schemes, motivating the question of designing efficient nonmalleable codes in this model. Prior to this work, nonmalleable codes in the splitstate model received considerable attention in the literature, but were constructed either (1) in the random oracle model [14], or (2) relied on advanced cryptographic assumptions (such as noninteractive zeroknowledge proofs and leakageresilient
Tamper and Leakage Resilience in the SplitState Model
, 2011
"... It is notoriously difficult to create hardware that is immune from side channel and tampering attacks. A lot of recent literature, therefore, has instead considered algorithmic defenses from such attacks. In this paper, we show how to algorithmically secure any cryptographic functionality from conti ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
It is notoriously difficult to create hardware that is immune from side channel and tampering attacks. A lot of recent literature, therefore, has instead considered algorithmic defenses from such attacks. In this paper, we show how to algorithmically secure any cryptographic functionality from continual splitstate leakage and tampering attacks. A splitstate attack on cryptographic hardware is one that targets separate parts of the hardware separately. Our construction does not require the hardware to have access to randomness. On contrast, prior work on protecting from continual combined leakage and tampering [KKS11] required true randomness for each update. Our construction is in the common reference string (CRS) model; the CRS must be hardwired into the device. We note that prior negative results show that it is impossible to algorithmically secure a cryptographic functionality against a combination of arbitrary continual leakage and tampering attacks without true randomness; therefore restricting our attention to the splitstate model is justified. Our construction is simple and modular, and relies on a new construction, in the CRS model, of nonmalleable codes with respect to splitstate tampering functions, which may be of independent interest. 1
Optimal computational splitstate nonmalleable codes
 IN TCC
, 2016
"... Nonmalleable codes are a generalization of classical errorcorrecting codes where the act of “corrupting” a codeword is replaced by a “tampering” adversary. Nonmalleable codes guarantee that the message contained in the tampered codeword is either the original message m, or a completely unrelated ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Nonmalleable codes are a generalization of classical errorcorrecting codes where the act of “corrupting” a codeword is replaced by a “tampering” adversary. Nonmalleable codes guarantee that the message contained in the tampered codeword is either the original message m, or a completely unrelated one. In the common splitstate model, the codeword consists of multiple blocks (or states) and each block is tampered with independently. The central goal in the splitstate model is to construct high rate nonmalleable codes against all functions with only two states (which are necessary). Following a series of long and impressive line of work, constant rate, twostate, nonmalleable codes against all functions were recently achieved by Aggarwal et al. (STOC 2015). Though constant, the rate of all known constructions in the split state model is very far from optimal (even with more than two states). In this work, we consider the question of improving the rate of splitstate
On the Impossibility of Cryptography with Tamperable Randomness
, 2014
"... We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider ptampering attackers that may efficiently tamper with each bit of the honest parties ’ random tape with probability p, but ..."
Abstract
 Add to MetaCart
We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider ptampering attackers that may efficiently tamper with each bit of the honest parties ’ random tape with probability p, but have to do so in an “online ” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zeroknowledge protocol can be “broken ” with probability p by a ptampering attacker. The core of this result is a new Fourier analytic technique for biasing the output of boundedvalue functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of oneway functions, such primitives can