Non-malleable Codes from Two-Source Extractors

  • Stefan Dziembowski
  • Tomasz Kazana
  • Maciej Obremski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)


We construct an efficient information-theoretically non-malleable code in the split-state model for one-bit messages. Non-malleable codes were introduced recently by Dziembowski, Pietrzak and Wichs (ICS 2010), as a general tool for storing messages securely on hardware that can be subject to tampering attacks. Informally, a code \((\mathsf{Enc} : {\cal M} \rightarrow {\cal L} \times {\cal R}, \mathsf{Dec} : {\cal L} \times {\cal R} \rightarrow {\cal M})\) is non-malleable in the split-state model if any adversary, by manipulating independentlyL and R (where (L,R) is an encoding of some message M), cannot obtain an encoding of a message M′ that is not equal to M but is “related” M in some way. Until now it was unknown how to construct an information-theoretically secure code with such a property, even for \({\cal M} = \{0,1\}\). Our construction solves this problem. Additionally, it is leakage-resilient, and the amount of leakage that we can tolerate can be an arbitrary fraction ξ < 1/4 of the length of the codeword. Our code is based on the inner-product two-source extractor, but in general it can be instantiated by any two-source extractor that has large output and has the property of being flexible, which is a new notion that we define.

We also show that the non-malleable codes for one-bit messages have an equivalent, perhaps simpler characterization, namely such codes can be defined as follows: if M is chosen uniformly from {0,1} then the probability (in the experiment described above) that the output message M′ is not equal to M can be at most 1/2 + ε.


  1. 1.
    Aggarwal, D., Dodis, Y., Lovett, S.: Non-malleable codes from additive combinatorics. Cryptology ePrint Archive, Report 2013/201 (2013),
  2. 2.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Anderson, R., Kuhn, M.: Tamper resistance - a cautionary note. In: The Second USENIX Workshop on Electronic Commerce Proceedings (November 1996)Google Scholar
  4. 4.
    Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: Rka-prps, rka-prfs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 647–647. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Biham, E.: New types of cryptanalytic attacks using related keys. Journal of Cryptology 7(4), 229–246 (1994)CrossRefMATHGoogle Scholar
  6. 6.
    Bourgain, J.: More on the sum-product phenomenon in prime fields and its applications. International Journal of Number Theory 1(1), 1–32 (2005)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage. In: 51st Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 501–510. IEEE (2010)Google Scholar
  8. 8.
    Chabanne, H., Cohen, G., Flori, J., Patey, A.: Non-malleable codes from the wire-tap channel. In: 2011 IEEE Information Theory Workshop (ITW), pp. 55–59. IEEE (2011)Google Scholar
  9. 9.
    Chabanne, H., Cohen, G., Patey, A.: Secure network coding and non-malleable codes: Protection against linear tampering. In: 2012 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 2546–2550 (2012)Google Scholar
  10. 10.
    Choi, S.G., Kiayias, A., Malkin, T.: BiTR: Built-in tamper resilience. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 740–758. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing 17(2), 230–261 (1988)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Cohen, G., Raz, R., Segev, G.: Non-malleable extractors with short seeds and applications to privacy amplification. In: Computational Complexity (CCC), pp. 298–308 (2012)Google Scholar
  13. 13.
    Dachman-Soled, D., Kalai, Y.T.: Securing circuits against constant-rate tampering. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 533–551. Springer, Heidelberg (2012)Google Scholar
  14. 14.
    Davì, F., Dziembowski, S., Venturi, D.: Leakage-resilient storage. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 121–137. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Dodis, Y., Haralambiev, K., Lopez-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: 51st Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 511–520. IEEE Computer Society (2010)Google Scholar
  16. 16.
    Dodis, Y., Lewko, A., Waters, B., Wichs, D.: Storing secrets on continually leaky devices. In: 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 688–697. IEEE (2011)Google Scholar
  17. 17.
    Dodis, Y., Li, X., Wooley, T., Zuckerman, D.: Privacy amplification and non-malleable extractors via character sums. In: FOCS 2011, pp. 668–677 (2011)Google Scholar
  18. 18.
    Dodis, Y., Wichs, D.: Non-malleable extractors and symmetric key cryptography from weak secrets. In: STOC, pp. 601–610 (2009)Google Scholar
  19. 19.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM Review 45(4), 727–784 (2003)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Dziembowski, S., Faust, S.: Leakage-resilient circuits without computational assumptions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 230–247. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. Cryptology ePrint Archive (2013), Full version of this paper,
  22. 22.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS 2008, pp. 293–302. IEEE (2008)Google Scholar
  23. 23.
    Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: ICS, pp. 434–452 (2010)Google Scholar
  24. 24.
    ECRYPT. European Network of Excellence. Side Channel Cryptanalysis Lounge,
  25. 25.
    Faust, S., Pietrzak, K., Venturi, D.: Tamper-proof circuits: How to trade leakage for tamper-resilience. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 391–402. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258–277. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  27. 27.
    Goldwasser, S., Rothblum, G.: How to compute in the presence of leakage. In: FOCS 2012, pp. 31–40 (2012)Google Scholar
  28. 28.
    Halevi, S., Lin, H.: After-the-fact leakage in public-key encryption. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 107–124. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: Keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308–327. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Kalai, Y.T., Kanukurthi, B., Sahai, A.: Cryptography with tamperable and leaky memory. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 373–390. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 517–532. Springer, Heidelberg (2012)Google Scholar
  34. 34.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  35. 35.
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  36. 36.
    Rao, A.: An exposition of bourgain 2-source extractor. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 14, p. 034 (2007)Google Scholar
  37. 37.
    Wee, H.: Public key encryption against related key attacks. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 262–279. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Stefan Dziembowski
    • 1
    • 2
  • Tomasz Kazana
    • 2
  • Maciej Obremski
    • 2
  1. 1.Sapienza University of RomeItaly
  2. 2.University of WarsawPoland

Personalised recommendations