Non-malleable Randomness Encoders and Their Applications

Bhavana Kanukurthi; Sai Lakshmi Bhavana Obbattu; Sruthi Sekar

doi:10.1007/978-3-319-78372-7_19

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2018: Advances in Cryptology – EUROCRYPT 2018 pp 589-617 | Cite as

Non-malleable Randomness Encoders and Their Applications

Authors
Authors and affiliations

Bhavana KanukurthiEmail author
Sai Lakshmi Bhavana ObbattuEmail author
Sruthi SekarEmail author

Conference paper

First Online: 31 March 2018

Part of the Lecture Notes in Computer Science book series (LNCS, volume 10822)

Abstract

Non-malleable Codes (NMCs), introduced by Dziembowski, Peitrzak and Wichs (ITCS 2010), serve the purpose of preventing “related tampering” of encoded messages. The most popular tampering model considered is the 2-split-state model where a codeword consists of 2 states, each of which can be tampered independently. While NMCs in the 2-split state model provide the strongest security guarantee, despite much research in the area we only know how to build them with poor rate ($\varOmega (\frac{1}{logn})$, where n is the codeword length). However, in many applications of NMCs one only needs to be able to encode randomness i.e., security is not required to hold for arbitrary, adversarially chosen messages. For example, in applications of NMCs to tamper-resilient security, the messages that are encoded are typically randomly generated secret keys. To exploit this, in this work, we introduce the notion of “Non-malleable Randomness Encoders” (NMREs) as a relaxation of NMCs in the following sense: NMREs output a random message along with its corresponding non-malleable encoding.

Our main result is the construction of a 2-split state, rate-$\frac{1}{2}$ NMRE. While NMREs are interesting in their own right and can be directly used in applications such as in the construction of tamper-resilient cryptographic primitives, we also show how to use them, in a black-box manner, to build a 3-split-state (standard) NMCs with rate $\frac{1}{3}$. This improves both the number of states, as well as the rate, of existing constant-rate NMCs.

This is a preview of subscription content, to check access

Notes

Acknowledgement

We thank Eshan Chattopadhyay for helpful discussions on connections between non-malleable codes and extractors. We also thank the reviewers of Eurocrypt for their useful comments.

A Proofs of Claims 2 and 3 in Sect. 4.4

A.1 Proof of Claim 2 in Sect. 4.4

We define the following events:

Let E be the event that $ same^{*} $ is sampled from $\mathsf {NMSim}_{f_w,g}$ and $ \tilde{E} $ be its compliment.
Let F be the event that $ \tilde{w}=w$ and $ \tilde{F} $ its complement.

By Proposition 1 we get:

Open image in new window

So, now remains the case when $\mathsf {NMSim}_{f_w,g}$ outputs $ same^{*} $. By using unforgeability of $ \mathsf {(\mathsf {Tag'},\mathsf {Vrfy'})} $ we show the that two hybrids are statistically close. $ 2.\Pr [E].\mathbf {SD}\left( {\mathsf {Hybrid1}_{f,g}|E;\mathsf {Hybrid2}_{f,g}|E} \right) $

Open image in new window

$$\therefore \; \mathsf {Hybrid1}_{f,g}\approx _{\varepsilon _{2}} \mathsf {Hybrid2}_{f,g}$$

A.2 Alternate proof of Claim 3 in Sect. 4.4

Claim 3. If $ \mathsf{{Ext}}$ is an $ (n,t,d,l+\tau ,\varepsilon _{3}) $ average case extractor, then

$ \mathsf {Hybrid2}_{f,g}\approx _{\varepsilon _{3}} \mathsf {Hybrid3}_{f,g}$.

Proof

As the function modifying the state L, $f_w$, is dependent on W, hence $\mathsf {NMSim}_{f_w,g}$ is also dependent on W. Hence, before analyzing the auxiliary information leaked in each case, corresponding to the value of $\mathsf {NMSim}_{f_w,g}$, we define the following indicator random variables, which are also auxiliary information, w.r.t. to the source W:

$$b_{same^{*}} = {\left\{ \begin{array}{ll} 1 &{}\text { if } \tilde{k_{a_1}}||\tilde{t_{1}}||\tilde{s}= same^{*}\\ 0 &{}\text { otherwise} \end{array}\right. }$$

$$b_{\bot } = {\left\{ \begin{array}{ll} 1 &{}\text { if } \tilde{k_{a_1}}||\tilde{t_{1}}||\tilde{s}= \bot \\ 0 &{}\text { otherwise} \end{array}\right. }$$

By Proposition 1, we get:

$\mathbf {SD}\left( {\mathsf {Hybrid2}_{f,g},\mathsf {Hybrid3}_{f,g}} \right) $

$$\begin{aligned} \begin{aligned}&\le Pr[b_{same^{*}} = 1]\; \mathbf {SD}\left( {\mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 1,\mathsf {Hybrid3}_{f,g}|b_{same^{*}} = 1} \right) \\&\quad + Pr[b_{same^{*}} = 0\wedge b_{\bot } = 1]\; \mathbf {SD}\left( {\mathsf {Hybrid2}_{f,g};\mathsf {Hybrid3}_{f,g}\bigg \vert b_{same^{*}} = 0\wedge b_{\bot } = 1} \right) \\&\quad +Pr[b_{same^{*}} = 0\wedge b_{\bot } = 0]\; \mathbf {SD}\left( {\mathsf {Hybrid2}_{f,g};\mathsf {Hybrid3}_{f,g}\bigg \vert b_{same^{*}} = 0\wedge b_{\bot } = 0} \right) \end{aligned} \end{aligned}$$

(4)

Now, in order to analyze the auxiliary information leaked in each of the three cases, and use the extractor security, we first consider the conditional distribution on W, when conditioned on each of the three cases. We denote the three conditional distributions by: $W_1 := W|b_{same^{*}} = 1$, $W_2 := W|b_{same^{*}} = 0\wedge b_{\bot } = 1$ and $W_3 := W|b_{same^{*}} = 0\wedge b_{\bot } = 0$. By [Lemma 2.2a, [DORS08]], we get:

$$\Pr [\mathbf {H}_{\infty }(W_1) \ge {\widetilde{\mathbf {H}}_{\infty }}(W|b_{same^*}) - \lambda ] \ge 1-2^{-\lambda }$$

which by [Lemma 2.2b, [DORS08]] further gives:

$$\Pr [\mathbf {H}_{\infty }(W_1) \ge n-1-\lambda ] \ge 1-2^{-\lambda }$$

Similarly, we get

$$\begin{aligned}&\Pr [\mathbf {H}_{\infty }(W_2) \ge n-2- \lambda ] \ge 1-2^{-\lambda }\\&\Pr [\mathbf {H}_{\infty }(W_3) \ge n-2- \lambda ] \ge 1-2^{-\lambda } \end{aligned}$$

Now, we analyze the additional auxiliary information in each subcase:

$Case1 : b_{same^{*}} = 1 $

In this case, the additional auxiliary information just includes a single bit, indicating whether $w$ is modified or remains the same. So, we first define this indicator function:

$$eq(w) = {\left\{ \begin{array}{ll}0\ if\ f_L(w)\ne w\\ 1\ if\ f_L(w)=w\end{array}\right. } $$

Let the auxiliary information be denoted by ${E_1}\equiv eq(W) $. ${E_1} $ is independent of S because $ E_1 $ is determined given $ W$ and $ W$ is independent of S. Now, $ {E_1} $ and $ W$ are correlated and $ E_1 $ can take at most two possible values.

$\text {Hence, } \; {\widetilde{\mathbf {H}}_{\infty }}(W_1|E_1)\ge {\mathbf {H}_{\infty }}(W_1) - 1\ge n-1-\lambda -1 $ w.p. $\ge 1 - 2^{-\lambda }$. Let $G_1$ denote the event ${\widetilde{\mathbf {H}}_{\infty }}(W_1|E_1)\ge n-\lambda -2$. As $ n-\lambda -2>t$, by security of average case extractor, we get:

$$ {E_1},\mathsf{{Ext}}(W_1;S)|G_1\approx _{\varepsilon _{3}}{E_1},U_{l}|G_1 $$

Now, clearly, in this case, the output of $\mathsf {Hybrid2}_{f,g}$ and $\mathsf {Hybrid3}_{f,g}$ are functions of above random variables. Hence, by Lemma 2, we get:

$$\begin{aligned} \mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 1,G_1 \approx _{\varepsilon _{3}} \mathsf {Hybrid3}_{f,g}|b_{same^{*}} = 1,G_1 \end{aligned}$$

Hence, by further using Proposition 1, as $\Pr [G_1^{c}] \le 2^{-\lambda }$, we get:

$$\begin{aligned} \mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 1 \approx _{\varepsilon _{3}+2^{-\lambda }} \mathsf {Hybrid3}_{f,g}|b_{same^{*}} = 1 \end{aligned}$$

(5)

$Case2: b_{same^{*}} = 0$

This case is further divided into two mutually exclusive events of Case2.

$ Case 2a: b_{\bot } = 1 $

Now, let $G_2$ denote the event $\mathbf {H}_{\infty }(W_2) \ge n-2- \lambda $. Then as $\Pr [G_2^{c}] \le 2^{-\lambda }$ and using extractor security, we get:

$$\begin{aligned} \mathbf {SD}\left( {\mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 1,\mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 1} \right) \le \varepsilon _{3}+ 2^{-\lambda } \end{aligned}$$

(6)

$ Case 2b: b_{\bot } = 0 $

In this case, the additional auxiliary information consists of an indicator of verification of $\tilde{w}$ and the extractor output on modified source and seed. We first define the indicator of verification bit:

$$ Verify(w) = \mathsf {\mathsf {Vrfy'}}_{\tilde{k_{a_1}}}(f_L(w),\tilde{t_{1}}) $$

Now, let the auxiliary information be denoted by $ {E_2}\equiv (Verify(W),\mathsf{{Ext}}(\tilde{W};\tilde{S})) $, where $\tilde{K_{a_1}}, \tilde{T_{1}}, \tilde{S}$ denote the distributions on the authentication key, tag spaces and the seed, when sampled from the simulator conditioned on the event Case2b. $ E_2 $ is clearly a deterministic function of $\tilde{K_{a_1}}, \tilde{W}, \tilde{T_{1}}, \tilde{S}$, all of which are independent of $S$ (as we use the simulator). Hence, $E_2$ is independent of $S$. Now, $ {E_2} $ and $ W$ are correlated. $ E_2 $ can take at most $ 2^{1+l+\tau } $ possible values.

$\text {Hence, } \; {\widetilde{\mathbf {H}}_{\infty }}(W_3|E_2)\ge {\mathbf {H}_{\infty }}(W_3) - (1+l+\tau )\ge n-2-\lambda -(1+l+\tau ) $ w.p. $\ge 1 - 2^{-\lambda }$. Let $G_3$ denote the event ${\widetilde{\mathbf {H}}_{\infty }}(W_3|E_2)\ge n-(3+\lambda +l+\tau )$. As $ n-(3+\lambda +l+\tau )>t$ (if we set parameters appropriately), by security of average case extractor and using Proposition 1, we get:

$$ {E_2},\mathsf{{Ext}}(W;S)|G_3\approx _{\varepsilon _{3}}{E_2},U_{l}|G_3 $$

Now, clearly, in this case, the output of $\mathsf {Hybrid2}_{f,g}$ and $\mathsf {Hybrid3}_{f,g}$ are functions of above random variables. Hence, by Lemma 2, we get:

$$\begin{aligned} \mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 0,G_3 \approx _{\varepsilon _{3}} \mathsf {Hybrid3}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 0,G_3 \end{aligned}$$

Further, since $\Pr [G_3^{c}] \le 2^{-\lambda }$, using Proposition 1, we get

$$\begin{aligned} \mathsf {Hybrid2}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 0 \approx _{\varepsilon _{3}+2^{-\lambda }} \mathsf {Hybrid3}_{f,g}|b_{same^{*}} = 0\wedge b_{\bot } = 0 \end{aligned}$$

(7)

Hence, by Proposition 1, Eqs. 4, 5, 6 and 7 give:

$$\mathsf {Hybrid2}_{f,g}\approx _{\varepsilon _{3}+2^{-\lambda }} \mathsf {Hybrid3}_{f,g}$$

B Appendix: From t-source Strong Non-malleable Extractors to t-state 1-augmented NMC

We generalize the connection known between seedless non-malleable extractors for t independent sources and non-malleable codes for the t-split-state family ([CG14b]), to establish a connection between strong seedless non-malleable extractors for t independent sources and augmented non-malleable codes for t-split-state family. We first define strong seedless non-malleable t-source extractor.

Definition 6

[Li17]. A function $nmExt: (\{0,1\}^n)^t \rightarrow \{0,1\}^m$ is a $(k,\epsilon )$-seedless strong non-malleable extractor for t independent sources w.r.t. family $\mathcal {F}= \{(f_1,\cdots f_t):f_i:\{0,1\}^n \rightarrow \{0,1\}^n\}$, if it satisfies the following property: Let $X_1,\cdots ,X_t$ be t independent (n, k)-sources and $(f_1,\cdots ,f_t) \in \mathcal {F}$ be t arbitrary functions such that there exists an $f_j$ with no fixed points, then for every i:

$$\begin{aligned} (nmExt(X_1,\cdots ,X_t),nmExt(f_1(X_1),\cdots ,f_t(X_t)), X_i) \\ \approx _{\epsilon } (U_m,nmExt (f_1(X_1),\cdots ,f_t(X_t)), X_i) \end{aligned}$$

Now, we formulate an alternate definition of a t-source relaxed strong non-malleable extractor, generalizing the definition of seedless relaxed non-malleable extractors in [CG14b]. This definition captures the property that the output of non-malleable extractor on the modified sources along with one of the source, is simulatable independent of the output of non-malleable extractor on original sources.

Definition 7

A function $nmExt:(\{0,1\}^n)^t \rightarrow \{0,1\}^m$ is a $(k,\epsilon )$-seedless relaxed strong non-malleable extractor for t independent sources w.r.t. family $\mathcal {F}= \{(f_1,\cdots f_t):f_i:\{0,1\}^n \rightarrow \{0,1\}^n \text { and } \exists \text { at least one } j \; s.t. \; f_j \text { has no fixed point}\}$, if it satisfies the following property: Let $X_1,\cdots ,X_t$ be t independent (n, k)-sources and $(f_1,\cdots ,f_t) \in \mathcal {F}$, then the following hold:

nmExt is a t-source extractor for $(X_1,\cdots ,X_t)$, i.e., $nmExt(X_1,\cdots ,X_t) \approx _{\epsilon } U_m$.
There exists a distribution $\mathcal {D}$ over $\{0,1\}^{n} \times (\{0,1\}^m \cup \{same^*\})$ s.t. for an independent $(X_1, Y) \sim \mathcal {D}$,
$$\begin{aligned}&(nmExt(X_1,\cdots ,X_t),X_1, nmExt(f_1(X_1),\cdots ,f_t(X_t))) \\&\quad \approx _{\epsilon } (nmExt(X_1,\cdots ,X_t),copy((X_1, Y),(X_1, nmExt(X_1,\cdots ,X_t)))) \end{aligned}$$

Remark 1

It is clear that the non-malleability condition in Definition 6 (for $i = 1$) is sufficient for the conditions in Definition 7 to be satisfied.

But then, this relaxed notion of strong non-malleable extractor is equivalent to the following general notion of strong non-malleable extractor (where, the tampering functions can have fixed points) upto a slight loss of parameters. (This proof follows from [Lemma 5.6, [CG14b]]).

Definition 8

A function $nmExt:(\{0,1\}^n)^t \rightarrow \{0,1\}^m$ is a $(k,\epsilon )$-seedless strong non-malleable extractor for t independent sources w.r.t. family $\mathcal {F}= \{(f_1,\cdots f_t):f_i:\{0,1\}^n \rightarrow \{0,1\}^n\}$, if it satisfies the following property: Let $X_1,\cdots ,X_t$ be t independent (n, k)-sources and $(f_1,\cdots ,f_t) \in \mathcal {F}$, then the following hold:

nmExt is a t-source extractor for $(X_1,\cdots ,X_t)$, i.e., $nmExt(X_1,\cdots ,X_t) \approx _{\epsilon } U_m$.
There exists a distribution $\mathcal {D}$ over $\{0,1\}^{n} \times (\{0,1\}^m \cup \{same^*\})$ s.t. for an independent $(X_1, Y) \sim \mathcal {D}$,
$$\begin{aligned}&(nmExt(X_1,\cdots ,X_t),X_1, nmExt(f_1(X_1),\cdots ,f_t(X_t))) \\&\quad \quad \approx _{\epsilon } (nmExt(X_1,\cdots ,X_t),copy((X_1, Y),(X_1, nmExt(X_1,\cdots ,X_t)))) \end{aligned}$$

Hence, we take the above Definition 8 for strong non-malleable extractors and prove the following theorem.

Proposition 2

Let $nmExt: (\{0,1\}^n)^t \rightarrow \{0,1\}^k$ be a $(n,\epsilon )$-seedless strong non-malleable extractor for t independent sources (by Definition 8). Define a coding scheme $(\mathsf {Enc},\mathsf {Dec})$ with message length k and block length tn as follows. The decoder $\mathsf {Dec}$ is defined by

$$\mathsf {Dec}(x_1,\cdots ,x_t) = nmExt(x_1,\cdots ,x_t)$$

The encoder $\mathsf {Enc}$ is defined as:

$$\mathsf {Enc}(m) := {\left\{ \begin{array}{ll} x_1,\cdots ,x_t \xleftarrow {\$} nmExt^{-1}(m)\\ o/p: (x_1,\cdots ,x_t) \end{array}\right. }$$

Then, $(\mathsf {Enc},\mathsf {Dec})$ is a $[\epsilon ',1]$-augmented non-malleable code with error $\epsilon ' = \epsilon (2^k + 1)$ for the t-split state family and with rate = $\frac{k}{tn}$.

Proof

Let $m \in \{0,1\}^k$ and $f=(f_1,\cdots ,f_t) \in \mathcal {F}$, the t-split-state family be arbitrary. Since $\mathsf {Dec}= nmExt$ is a strong non-malleable extractor, by Definition 8, $\exists $ a distribution $\mathcal {D}$ s.t. for $(X_1,Y) \sim \mathcal {D}_{f_1,\cdots ,f_t}$, we have:

$$\begin{aligned}&(nmExt(X_1,\cdots ,X_t),X_1, nmExt(f_1(X_1),\cdots ,f_t(X_t))) \nonumber \\&\quad \quad \quad \,\,\approx _{\epsilon } (nmExt(X_1,\cdots ,X_t),copy((X_1, Y),(X_1, nmExt(X_1,\cdots ,X_t)))) \end{aligned}$$

(8)

Claim

$\mathsf {Enc}(U_{k})$ is $\epsilon $-close to uniform.

Proof

By extractor security, we have:

$$ \mathsf {Dec}(U_{tn}) \approx _{\epsilon } U_{k} $$

Further, as $\mathsf {Enc}(.)$ samples uniformly random element of $nmExt^{-1}(.)$, it follows that

$$ \mathsf {Enc}(\mathsf {Dec}(U_{tn})) = U_{tn} $$

Hence, we get $\mathsf {Enc}(U_{k}) \approx _{\epsilon } \mathsf {Enc}(\mathsf {Dec}(U_{tn})) = U_{tn}$.

Thus, at cost of $\epsilon $ increase in error, we assume codeword is of uniform distribution.

Let $(X_1, Y) \sim \mathcal {D}_{f_1,\cdots ,f_t}$. Now by Eq. 8, just by substitution, we get:

$$\begin{aligned} (M,X_1, \mathsf {Dec}(f(\mathsf {Enc}(M))) \approx _{\epsilon } (M,copy((X_1, Y),(X_1, M))) \end{aligned}$$

Now, for the arbitrary m that we chose, we get:

$$(m,X_1, \mathsf {Dec}(f(\mathsf {Enc}(m))) \approx _{\epsilon 2^k} (m,copy((X_1, Y),(X_1, m)))$$

which proves the theorem.

Augmented-non-malleability of 2-state Construction in [Li17]

Corollary 2

For any $ \beta \in \mathbb {N} $ there exists an explicit augmented-non-malleable code with efficient encoder/decoder in 2-split state model with block length $ 2\beta $, rate $ \varOmega \left( \dfrac{1}{\log \ \beta }\right) $ and error $ =2^{-\varOmega \left( {\dfrac{\beta }{\log \ \beta }}\right) }. $

Proof

As proved in [Theorem 7.9, [Li17]], the seedless 2 source non-malleable extractor constructed in [Li17] satisfies: For any (f, g) in 2-split-state family, such that atleast one of f or g has no fixed point, we have:

$$nmExt(X,Y), X, nmExt(f(X),g(Y)) \approx _{\epsilon } U_{m}, X, nmExt(f(X),g(Y))$$

which, by Remark 1, is sufficient to imply the conditions in Definition 7. Hence, by Proposition 2, it is proved that the 2-split-state construction given in [Li17] is actually a 2-split-state augmented-non-malleable code.

Further, the specific non-malleable extractor of [Li17] gives error and rate parameters for the augmented-non-malleable code, exactly as obtained in Lemma 8.

References

[AAG+16]
Aggarwal, D., Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: Optimal computational split-state non-malleable codes. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 393–417. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_15CrossRefGoogle Scholar
[ADKO15]
Aggarwal, D., Dodis, Y., Kazana, T., Obremski, M.: Non-malleable reductions and applications. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 459–468 (2015)Google Scholar
[ADL14]
Aggarwal, D., Dodis, Y., Lovett, S.: Non-malleable codes from additive combinatorics. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May–03 June 2014, pp. 774–783 (2014)Google Scholar
[AGM+15]
Agrawal, S., Gupta, D., Maji, H.K., Pandey, O., Prabhakaran, M.: A rate-optimizing compiler for non-malleable codes against bit-wise tampering and permutations. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 375–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_16Google Scholar
[AKO15]
Aggarwal, D., Kazana, T., Obremski, M.: Inception makes non-malleable codes stronger. IACR Cryptology ePrint Archive, 2015:1013 (2015)Google Scholar
[CG14a]
Cheraghchi, M., Guruswami, V.: Capacity of non-malleable codes. In: Innovations in Theoretical Computer Science, ITCS 2014, Princeton, NJ, USA, 12–14 January 2014, pp. 155–168 (2014)Google Scholar
[CG14b]
Cheraghchi, M., Guruswami, V.: Non-malleable coding against bit-wise and split-state tampering. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 440–464. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_19CrossRefGoogle Scholar
[CKR16]
Chandran, N., Kanukurthi, B., Raghuraman, S.: Information-theoretic local non-malleable codes and their applications. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 367–392. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_14CrossRefGoogle Scholar
[CZ14]
Chattopadhyay, E., Zuckerman, D.: Non-malleable codes against constant split-state tampering. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, 18–21 October 2014, pp. 306–315 (2014)Google Scholar
[DKO13]
Dziembowski, S., Kazana, T., Obremski, M.: Non-malleable codes from two-source extractors. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 239–257. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_14CrossRefGoogle Scholar
[DKS17]
Dachman-Soled, D., Kulkarni, M., Shahverdi, A.: Tight upper and lower bounds for leakage-resilient, locally decodable and updatable non-malleable codes. IACR Cryptology ePrint Archive, 2017:15 (2017)Google Scholar
[DLSZ14]
Dachman-Soled, D., Liu, F.-H., Shi, E., Zhou, H.-S.: Locally decodable and updatable non-malleable codes and their applications. IACR Cryptology ePrint Archive, 2014:663 (2014)Google Scholar
[DNO17]
Döttling, N., Nielsen, J.B., Obremski, M.: Information theoretic continuously non-malleable codes in the constant split-state model. Electronic Colloquium on Computational Complexity (ECCC) 24:78 (2017)Google Scholar
[DORS08]
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008). arXiv:cs/0602007
[DPW10]
Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Proceedings of Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, pp. 434–452 (2010)Google Scholar
[FMNV14]
Faust, S., Mukherjee, P., Nielsen, J.B., Venturi, D.: Continuous non-malleable codes. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 465–488. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_20CrossRefGoogle Scholar
[GUV07]
Guruswami, V., Umans, C., Vadhan, S.P.: Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes. In: IEEE Conference on Computational Complexity, pp. 96–108 (2007)Google Scholar
[JKS93]
Johansson, T., Kabatianskii, G., Smeets, B.: On the relation between a-codes and codes correcting independent errors. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 1–11. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_1CrossRefGoogle Scholar
[JW15]
Jafargholi, Z., Wichs, D.: Tamper detection and continuous non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 451–480. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_19Google Scholar
[KOS17]
Kanukurthi, B., Obbattu, S.L.B., Sekar, S.: Four-state non-malleable codes with explicit constant rate. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 344–375. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_11CrossRefGoogle Scholar
[Li17]
Li, X.: Improved non-malleable extractors, non-malleable codes and independent source extractors. In: Symposium on Theory of Computing, STOC 2017, Montreal, Canada, 19–23 June 2017 (2017)Google Scholar
[LL12]
Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. IACR Cryptology ePrint Archive, 2012:297 (2012)Google Scholar

Copyright information

Authors and Affiliations

Bhavana Kanukurthi
- 1
Email author
Sai Lakshmi Bhavana Obbattu
- 1
Email author
Sruthi Sekar
- 2
Email author

1.Department of Computer Science and AutomationIndian Institute of ScienceBangaloreIndia
2.Department of MathematicsIndian Institute of ScienceBangaloreIndia

Non-malleable Randomness Encoders and Their Applications

Abstract

Notes

Acknowledgement

References

Copyright information

Authors and Affiliations

Personalised recommendations

Cite paper

Cookies