non malleable codes for partial functions with
play

Non-Malleable Codes for Partial Functions with Manipulation - PowerPoint PPT Presentation

Jul 06, 2023 •218 likes •772 views

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

  1. Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018

  2. Outline Introduction to non-malleable codes Adversarial model, motivation Results, constructions Intuition

  3. Encoding schemes An encoding scheme is a pair of algorithms ( Enc , Dec ) , satisfying correctness : for any message s , Dec ( Enc ( s )) = s

  4. Encoding schemes An encoding scheme is a pair of algorithms ( Enc , Dec ) , satisfying correctness : for any message s , Dec ( Enc ( s )) = s Error-correction codes : guarantee correctness in the presence of faults

  5. Non-malleable codes [DPW10,18]

  6. Non-malleable codes [DPW10,18] Non-malleability : any modified codeword does not decode to a message related to/different from, the original

  7. Non-malleable codes [DPW10,18] Non-malleability : any modified codeword does not decode to a message related to/different from, the original f s c c ′ s Enc f Dec ⊥ s ′ (unrelated to s )

  8. Non-malleability [DPW10,18] Real c c ′ f s Enc Dec s ′ s ′ f

  9. Non-malleability [DPW10,18] Real c c ′ s f Enc Dec s ′ s ′ f Simulator

  10. Non-malleability [DPW10,18] Real c c ′ s f Enc Dec s ′ s ′ f Ideal Simulator f s ′

  11. Non-malleability [DPW10,18] Real Real ≈ Ideal c c ′ s f Enc Dec s ′ s ′ f Ideal Simulator f s ′

  12. Application of NMC Black-box adversary Smart-card computing G s ( · ) x G s ( x )

  13. Application of NMC Black-box adversary Smart-card computing G s ( · ) x G s ( x ) Smart-card computing G s ( · ) Tampering adversary f, x G f ( s ) ( x )

  14. Application of NMC Assuming ( Enc , Dec ) is a non-malleable code w.r.t. F . Compiled circuit : ˆ G ˆ Original circuit : G s s x x ˆ s := Enc ( s ) G s ˆ s s G s ( x ) Dec (ˆ s ) y y Non-malleability : for any f ∈ F , f (ˆ s ) is simulatable and independent of s

  15. Admissible function classes Non-malleability is impossible against arbitrary tampering function classes

  16. Admissible function classes Non-malleability is impossible against arbitrary tampering function classes For instance, consider a class containing the function f ( c ) := Enc ( Dec ( c ) + 1)

  17. Admissible function classes Proposed function classes : Split-state functions [ADL14, DKO13, ADKO15, LL12, AAG + 16, DPW10, KLT16], bit-wise tampering and permutations [DPW10, AGM + 15a, AGM + 15b], bounded-size function classes [FMVW14], bounded depth/fan-in circuits [BDKM16], space-bounded tampering [FHMV17,BDKM18], block-wise tampering [CKM11,CGM + 15], AC0 circuits, bounded-depth decision trees and streaming adversaries [BDKM18], small-depth circuits [BDGMT18], and others.

  18. Admissible function classes Proposed function classes : Split-state functions [ADL14, DKO13, ADKO15, LL12, AAG + 16, DPW10, KLT16], bit-wise tampering and permutations [DPW10, AGM + 15a, AGM + 15b], bounded-size function classes [FMVW14], bounded depth/fan-in circuits [BDKM16], space-bounded tampering [FHMV17,BDKM18], block-wise tampering [CKM11,CGM + 15], AC0 circuits, bounded-depth decision trees and streaming adversaries [BDKM18], small-depth circuits [BDGMT18], and others. This work : Partial functions

  19. NMC for Partial Functions We allow read/write access to arbitrary subsets of codeword locations, with bounded cardinality.

  20. Basic definitions

  21. Basic definitions Information rate : the ratio of message to codeword, length, as the message length goes to infinity.

  22. Basic definitions Information rate : the ratio of message to codeword, length, as the message length goes to infinity. Access rate : the fraction of the number of bits (symbols) the attacker is allowed to access over, the total codeword length.

  23. Main Goal Is it possible to construct efficient (high information rate) non-malleable codes for partial functions, while allowing the attacker to access almost the entire codeword (high access rate)?

  24. Motivation Attackers with high access rate could still create correlated codewords

  25. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97]

  26. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications

  27. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications

  28. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications Constant functions are excluded from the model, thus it potentially allows stronger primitives

  29. Results

  30. Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥}

  31. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC )

  32. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k )

  33. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k ) Assuming OWF, we construct MD-NMC in the standard model, with information rate 1 − 1 / Ω(log k ) and access rate 1 − 1 / Ω(log k ) (alphabet size: O (log k ) )

  34. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k ) Assuming OWF, we construct MD-NMC in the standard model, with information rate 1 − 1 / Ω(log k ) and access rate 1 − 1 / Ω(log k ) (alphabet size: O (log k ) ) Our results imply efficient All-Or-Nothing-Transforms under standard assumptions

  35. Challenges

  36. Challenges Non-malleability for partial functions with concrete access rate 1 is impossible

  37. Challenges Non-malleability for partial functions with concrete access rate 1 is impossible Impossibility on the information-theoretic setting [CG14] : assuming constant access/information rate, security is achievable only with constant probability

  38. Challenges Towards an encryption-based solution:

  39. Challenges Towards an encryption-based solution: Message: s Secret key: sk e ← Encrypt sk ( s ) (Bits) sk

  40. Challenges Towards an encryption-based solution: Message: s Secret key: sk e ← Encrypt sk ( s ) (Bits) sk Security breaks by accessing O ( | sk | / | s | ) codewords bits

  41. Challenges Towards an encryption-based solution: Message: s e ← Encrypt sk ( s ) Secret key: sk (Bits) InnerEnc( sk ) Security breaks by accessing O ( | sk | / | s | ) codewords bits

  42. Challenges Towards an encryption-based solution: Message: s Secret key: sk InnerEnc( e ) ← Encrypt sk ( s ) (Bits) sk

  43. Challenges Question : Is it possible to achieve access rate greater than O ( | sk | / | c | ) ?

  44. Challenges Question : Is it possible to achieve access rate greater than O ( | sk | / | c | ) ? More generally : Can we achieve access rate greater than what our weakest primitive sustains?

  45. Challenges Main observation : the structure of the codeword is fixed and known to the attacker

  46. Challenges Main observation : the structure of the codeword is fixed and known to the attacker Idea : hide the structure via randomization

  47. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS

  48. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS f Due to the shuffling, the attacker learns nothing about sk, sk 3 . Let ( sk, sk 3 ) → ( sk ′ , sk ′′ )

  49. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS f Due to the shuffling, the attacker learns nothing about sk, sk 3 . Let ( sk, sk 3 ) → ( sk ′ , sk ′′ ) If ( sk, sk 3 ) � = ( sk ′ , sk ′′ ) , then Pr[ sk ′ 3 = sk ′′ ] ≤ negl, otherwise we can recover sk

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial Pivoting Sandra Cataln, Jose R. Herrero, Enrique S. Quintana-Ort, Rafael Rodrguez-Snchez, Robert van de Geijn BLIS Retreat, 19-20th September

361 views • 25 slides
Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana,

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana,

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) Consider a

1.06k views • 81 slides
Partial Functions and Domination C T Chong National University of Singapore

Partial Functions and Domination C T Chong National University of Singapore

Partial Functions and Domination C T Chong National University of Singapore chongct@math.nus.edu.sg CTFM, Tokyo 711 September 2015 Domination for Partial Functions Definition Let f , g be partial functions. Then g dominates f if

664 views • 28 slides
Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Introduction Natural numbers objects in monoidal categories Weak representability of partial recursive functions Strong representability of partial recursive functions Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the

800 views • 58 slides
Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien

Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien

Motivation of Partial Functions Formally Defining Partial Functions Categories Restriction Categories Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien DeWolf October 24, 2015 Darien DeWolf

194 views • 17 slides
Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

639 views • 52 slides
Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract,

Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract,

Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract, machine-independent description of the collection of computable partial functions than provided by register/Turing machines: they form the smallest collection

349 views • 16 slides
JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the first order) by A.J.Hobson 14.1.1 Functions of several variables 14.1.2 The definition of a partial derivative UNIT 14.1 PARTIAL DIFFERENTIATION

295 views • 8 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

Representing Recursive Functions The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and Definitions Main Categories theorems Statements Proof Total recursive functions Yan Steimle Conclusion

574 views • 32 slides
Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk

Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk

Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk Oleg Kudinov Inst. of Math SbRAS, Novosibirsk CCC 2017 Nancy, June 2017 Goals Does the class of partial computable functions have a universal

515 views • 23 slides
CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements

CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements

CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Arts ARIZONA STATE UNIVERSITY April 2005 1 Overview Coding Theory Algebraic Geometry (key: Riemann-Roch)

430 views • 25 slides
MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial

MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial

Partial derivatives BUSINESS MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial derivatives Derivatives for functions of many variables Old exam question Further study 2 DERIVATIVES FOR FUNCTIONS OF TWO

472 views • 20 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
BEEM103 Optimization Techniques for Economists Level Curves Multivariate Functions Isoquants

BEEM103 Optimization Techniques for Economists Level Curves Multivariate Functions Isoquants

Functions in two variables Functions in two variables Partial derivatives Partial derivatives Optimization Optimization Unconstrained Optimization Unconstrained Optimization Second order conditions Second order conditions Functions in two

234 views • 20 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
Logicless Non-Standard Analysis: An Axiom System Abhijit Dasgupta University of Detroit Mercy

Logicless Non-Standard Analysis: An Axiom System Abhijit Dasgupta University of Detroit Mercy

Logicless Non-Standard Analysis: An Axiom System Abhijit Dasgupta University of Detroit Mercy June 3, 2008 Abhijit Dasgupta Logicless Non-Standard Analysis: An Axiom System Getting reals from rationals: Construction vs Axiomatic setup Reals

604 views • 26 slides
Modular Proof Systems for Partial Functions with Weak Equality Harald Ganzinger Viorica

Modular Proof Systems for Partial Functions with Weak Equality Harald Ganzinger Viorica

Modular Proof Systems for Partial Functions with Weak Equality Harald Ganzinger Viorica Sofronie-Stokkermans Uwe Waldmann 1 Three (Unrelated?) Topics Topic 1: Hierarchic extensions of theories. Let 0 be a signature, let T 0 be a 0

462 views • 27 slides
Discrete Mathematics in Computer Science B8. Functions Malte Helmert, Gabriele R oger

Discrete Mathematics in Computer Science B8. Functions Malte Helmert, Gabriele R oger

Discrete Mathematics in Computer Science B8. Functions Malte Helmert, Gabriele R oger University of Basel October 19, 2020 Malte Helmert, Gabriele R oger (University of Basel) Discrete Mathematics in Computer Science October 19, 2020 1

451 views • 34 slides
Partiality and Non-Termination in Type Theory Niccol` o Veltri Department of Software Science

Partiality and Non-Termination in Type Theory Niccol` o Veltri Department of Software Science

Partiality and Non-Termination in Type Theory Niccol` o Veltri Department of Software Science Tallinn University of Technology EWSC17, 08 March 2017 Introduction In type theory, all functions are total. ((1 0) + proposition as

460 views • 11 slides
Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest

Typical Applications Map functions on data structures Scheduling functions PolyTest polymorphic testing monomorphic testing over functions Many, many more...? Today: quantification over functions is avoided No Show

329 views • 16 slides
Laplace Transforms of Step Functions Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Laplace Transforms of Step Functions Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Transforms and New Formulas A Model The Initial Value Problem Double Check Laplace Transforms of Step Functions Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science Laplace Transforms of

1.3k views • 91 slides
Effects and State Liam OConnor CSE, UNSW (and Data61) Term 2 2019 1 Effects State IO

Effects and State Liam OConnor CSE, UNSW (and Data61) Term 2 2019 1 Effects State IO

Effects State IO QuickChecking Effects Software System Design and Implementation Effects and State Liam OConnor CSE, UNSW (and Data61) Term 2 2019 1 Effects State IO QuickChecking Effects Effects Effects Effects are observable

221 views • 20 slides
FUNCTIONAL PROGRAMMING Maths & Natural Sciences (MN) programme at Uppsala University, Sweden

FUNCTIONAL PROGRAMMING Maths & Natural Sciences (MN) programme at Uppsala University, Sweden

FUNCTIONAL PROGRAMMING Maths & Natural Sciences (MN) programme at Uppsala University, Sweden Course Notes by Pierre Flener, PhD, docent, IT Dept, Uppsala University, Sweden Based on the notes of Prof. Yves Deville, Universit e

399 views • 6 slides

More recommend