International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2009: Advances in Cryptology – ASIACRYPT 2009 pp 524-541

Foundations of Non-malleable Hash and One-Way Functions

  • Alexandra Boldyreva
  • David Cash
  • Marc Fischlin
  • Bogdan Warinschi
Conference paper

DOI: 10.1007/978-3-642-10366-7_31

Volume 5912 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Boldyreva A., Cash D., Fischlin M., Warinschi B. (2009) Foundations of Non-malleable Hash and One-Way Functions. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg

Abstract

Non-malleability is an interesting and useful property which ensures that a cryptographic protocol preserves the independence of the underlying values: given for example an encryption \({\cal E}(m)\) of some unknown message m, it should be hard to transform this ciphertext into some encryption \({\cal E}(m^*)\) of a related message m*. This notion has been studied extensively for primitives like encryption, commitments and zero-knowledge. Non-malleability of one-way functions and hash functions has surfaced as a crucial property in several recent results, but it has not undergone a comprehensive treatment so far. In this paper we initiate the study of such non-malleable functions. We start with the design of an appropriate security definition. We then show that non-malleability for hash and one-way functions can be achieved, via a theoretical construction that uses perfectly one-way hash functions and simulation-sound non-interactive zero-knowledge proofs of knowledge (NIZKPoK). We also discuss the complexity of non-malleable hash and one-way functions. Specifically, we show that such functions imply perfect one-wayness and we give a black-box based separation of non-malleable functions from one-way permutations (which our construction bypasses due to the “non-black-box” NIZKPoK based on trapdoor permutations). We exemplify the usefulness of our definition in cryptographic applications by showing that (some variant of) non-malleability is necessary and sufficient to securely replace one of the two random oracles in the IND-CCA encryption scheme by Bellare and Rogaway, and to improve the security of client-server puzzles.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Alexandra Boldyreva
    • 1
  • David Cash
    • 1
  • Marc Fischlin
    • 2
  • Bogdan Warinschi
    • 3
  1. 1.Georgia Institute of TechnologyUSA
  2. 2.Darmstadt University of TechnologyGermany
  3. 3.University of BristolUK