Skip to main content
SpringerLink
Log in

Non-interactive Non-malleability from Quantum Supremacy

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2019 (CRYPTO 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11694))

Included in the following conference series:

Abstract

We construct non-interactive non-malleable commitments without setup in the plain model, under well-studied assumptions.

First, we construct non-interactive non-malleable commitments w.r.t. commitment for \(\epsilon \log \log n\) tags for a small constant \(\epsilon > 0\), under the following assumptions:

  1. 1.

    Sub-exponential hardness of factoring or discrete log.

  2. 2.

    Quantum sub-exponential hardness of learning with errors (LWE).

Second, as our key technical contribution, we introduce a new tag amplification technique. We show how to convert any non-interactive non-malleable commitment w.r.t. commitment for \(\epsilon \log \log n\) tags (for any constant \(\epsilon >0\)) into a non-interactive non-malleable commitment w.r.t. replacement for \(2^n\) tags. This part only assumes the existence of sub-exponentially secure non-interactive witness indistinguishable (NIWI) proofs, which can be based on sub-exponential security of the decisional linear assumption.

Interestingly, for the tag amplification technique, we crucially rely on the leakage lemma due to Gentry and Wichs (STOC 2011). For the construction of non-malleable commitments for \(\epsilon \log \log n\) tags, we rely on quantum supremacy. This use of quantum supremacy in classical cryptography is novel, and we believe it will have future applications. We provide one such application to two-message witness indistinguishable (WI) arguments from (quantum) polynomial hardness assumptions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We will sometimes omit explicitly writing the randomness r.

  2. 2.

    As earlier, \(\widetilde{m}_b\) denotes the message committed to by the \(\mathsf {MIM} \) given \(\mathsf {Com} (m_b)\).

  3. 3.

    Non-malleability w.r.t. replacement implies non-malleability w.r.t. opening, as defined by Goyal et al. [16].

  4. 4.

    Our actual encoding of T to \(\{t_1, t_2, \ldots t_{\alpha /2}\}\) is slightly more sophisticated, but achieves the same effect.

  5. 5.

    To be precise, they need to rely on the fact that the NIZK is “more secure” than the underlying commitment scheme.

  6. 6.

    As with NIZKs used in [24], we also require our NIWI to be more secure than the underlying commitment, which results in a sub-exponential assumption on the NIWI.

  7. 7.

    On the other hand, if we used a NIZK, the resulting scheme would be many-to-1 non-malleable w.r.t. commitment.

  8. 8.

    This is the standard approach used in all previous work on this topic.

  9. 9.

    This problem can be avoided by relying on NIZKs which would prevent the \(\mathsf {MIM}\) from behaving as in the intermediate hybrid. However, we cannot rely on NIZKs because they require a CRS.

  10. 10.

    To simplify our proof, we rely on \(10\ell \) repetitions (instead of \(\ell +1\)) repetitions, to ensure that the messages in most repetitions remain unchanged.

  11. 11.

    We refer the reader to Definition 3 for a one-to-one definition, and Definition 2 for a many-to-many definition.

  12. 12.

    We note that these distributions are indeed indistinguishable if the adversary always generates valid commitments.

  13. 13.

    Note that this definition explicitly considers auxiliary information z, but is equivalent to one that does not consider z. We explicitly consider z for convenience.

  14. 14.

    We overload notation, here \(m_i\) denotes the \(i^{th}\) bit of m, and below each \(\widetilde{m} _i\) consists of p bits.

References

  1. Ball, M., Dachman-Soled, D., Kulkarni, M., Lin, H., Malkin, T.: Non-malleable codes against bounded polynomial time tampering. IACR Cryptology ePrint Archive 2018, 1015 (2018). https://eprint.iacr.org/2018/1015

  2. Barak, B.: Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In: FOCS 2002, pp. 345–355 (2002)

    Google Scholar 

  3. Barak, B., Ong, S.J., Vadhan, S.P.: Derandomization in cryptography. SIAM J. Comput. 37(2), 380–400 (2007). https://doi.org/10.1137/050641958

    Article  MathSciNet  MATH  Google Scholar 

  4. Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_17

    Chapter  Google Scholar 

  5. Bitansky, N., Lin, H.: One-message zero knowledge and non-malleable commitments. IACR Cryptology ePrint Archive 2018, 613 (2018). https://eprint.iacr.org/2018/613

  6. Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_16

    Chapter  MATH  Google Scholar 

  7. Broadnax, B., Fetzer, V., Müller-Quade, J., Rupp, A.: Non-malleability vs. CCA-security: the case of commitments. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part II. LNCS, vol. 10770, pp. 312–337. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76581-5_11

    Chapter  Google Scholar 

  8. Chandran, N., Goyal, V., Mukherjee, P., Pandey, O., Upadhyay, J.: Block-wise non-malleable codes. In: 43rd International Colloquium on Automata, Languages, and Programming, ICALP 2016, Rome, Italy, 11–15 July 2016, pp. 31:1–31:14 (2016). https://doi.org/10.4230/LIPIcs.ICALP.2016.31

  9. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Concurrent non-malleable commitments (and more) in 3 rounds. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 270–299. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_10

    Chapter  MATH  Google Scholar 

  10. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Four-round concurrent non-malleable commitments from one-way functions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 127–157. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_5

    Chapter  Google Scholar 

  11. Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: STOC 1991 (1991)

    Google Scholar 

  12. Fenteany, P., Fuller, B.: Non-malleable digital lockers. Cryptology ePrint Archive, Report 2018/957 (2018). https://eprint.iacr.org/2018/957

  13. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) Proceedings of the 43rd ACM Symposium on Theory of Computing, STOC 2011, San Jose, CA, USA, 6–8 June 2011, pp. 99–108. ACM (2011). http://doi.acm.org/10.1145/1993636.1993651

  14. Goyal, R., Hohenberger, S., Koppula, V., Waters, B.: A generic approach to constructing and proving verifiable random functions. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 537–566. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_18

    Chapter  Google Scholar 

  15. Goyal, V.: Constant round non-malleable protocols using one-way functions. In: STOC 2011, pp. 695–704. ACM (2011)

    Google Scholar 

  16. Goyal, V., Khurana, D., Sahai, A.: Breaking the three round barrier for non-malleable commitments. In: FOCS (2016)

    Google Scholar 

  17. Goyal, V., Lee, C.K., Ostrovsky, R., Visconti, I.: Constructing non-malleable commitments: a black-box approach. In: FOCS (2012)

    Google Scholar 

  18. Goyal, V., Pandey, O., Richelson, S.: Textbook non-malleable commitments. In: STOC, pp. 1128–1141. ACM, New York (2016). http://doi.acm.org/10.1145/2897518.2897657

  19. Goyal, V., Richelson, S., Rosen, A., Vald, M.: An algebraic approach to non-malleability. In: FOCS 2014, pp. 41–50 (2014)

    Google Scholar 

  20. Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM 59(3), 11:1–11:35 (2012). http://doi.acm.org/10.1145/2220357.2220358

    Article  MathSciNet  Google Scholar 

  21. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    Chapter  MATH  Google Scholar 

  22. Kalai, Y., Khurana, D.: Non-interactive non-malleability from quantum supremacy. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 25, p. 203 (2018). https://eccc.weizmann.ac.il/report/2018/203

  23. Khurana, D.: Round optimal concurrent non-malleability from polynomial hardness. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 139–171. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_5

    Chapter  Google Scholar 

  24. Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017, pp. 564–575 (2017). https://doi.org/10.1109/FOCS.2017.58

  25. Komargodski, I., Yogev, E.: Another step towards realizing random oracles: non-malleable point obfuscation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 259–279. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_10

    Chapter  Google Scholar 

  26. Lin, H., Pass, R.: Constant-round non-malleable commitments from any one-way function. In: STOC 2011, pp. 705–714 (2011)

    Google Scholar 

  27. Lin, H., Pass, R.: Non-malleability amplification. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 189–198 (2009)

    Google Scholar 

  28. Lin, H., Pass, R.: Black-box constructions of composable protocols without set-up. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 461–478. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_27

    Chapter  Google Scholar 

  29. Lin, H., Pass, R., Soni, P.: Two-round and non-interactive concurrent non-malleable commitments from time-lock puzzles. Cryptology ePrint Archive, Report 2017/273 (2017). http://eprint.iacr.org/2017/273

  30. Lin, H., Pass, R., Venkitasubramaniam, M.: Concurrent non-malleable commitments from any one-way function. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 571–588. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_31

    Chapter  Google Scholar 

  31. Pandey, O., Pass, R., Vaikuntanathan, V.: Adaptive one-way functions and applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 57–74. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_4

    Chapter  Google Scholar 

  32. Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2005, pp. 563–572 (2005)

    Google Scholar 

  33. Pass, R., Rosen, A.: New and improved constructions of non-malleable cryptographic protocols. In: STOC 2005, pp. 533–542 (2005)

    Google Scholar 

  34. Pass, R., Rosen, A.: New and improved constructions of nonmalleable cryptographic protocols. SIAM J. Comput. 38(2), 702–752 (2008)

    Article  MathSciNet  Google Scholar 

  35. Pass, R., Wee, H.: Constant-round non-malleable commitments from sub-exponential one-way functions. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 638–655. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_32

    Chapter  Google Scholar 

  36. Wee, H.: Black-box, round-efficient secure computation via non-malleability amplification. In: FOCS 2010, pp. 531–540 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research and MIT, Cambridge, USA

    Yael Tauman Kalai

  2. Microsoft Research, Cambridge, USA

    Dakshita Khurana

  3. UIUC, Urbana-Champaign, USA

    Dakshita Khurana

Authors
  1. Yael Tauman Kalai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dakshita Khurana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Yael Tauman Kalai or Dakshita Khurana .

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, Atlanta, GA, USA

    Alexandra Boldyreva

  2. University of California at San Diego, La Jolla, CA, USA

    Daniele Micciancio

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kalai, Y.T., Khurana, D. (2019). Non-interactive Non-malleability from Quantum Supremacy. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11694. Springer, Cham. https://doi.org/10.1007/978-3-030-26954-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26954-8_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26953-1

  • Online ISBN: 978-3-030-26954-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation