non malleable codes in the split state model
play

Non-malleable codes in the split-state model Divesh Aggarwal, - PowerPoint PPT Presentation

Sep 06, 2023 •228 likes •1.06k views

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) Consider a

  1. Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University

  2. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel.

  3. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel.

  4. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ .

  5. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ . • Hope: m ∗ "looks like" g ( m ) for some "good" g that we can "tolerate".

  6. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ . • Hope: m ∗ "looks like" g ( m ) for some "good" g that we can "tolerate". We want ◮ Correctness: ∀ m , Dec ( Enc ( m )) = m . ◮ Simulation: ∀ f ∈ F , ∃ g ∈ G , where ◮ F is large and realistic against attacks/channels. ◮ G small and "easy to handle".

  7. Example: Error-correcting codes f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F G Id (m) = m ◮ G = { Id } is “easy to handle".

  8. Example: Error-correcting codes f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F G Id (m) = m ∆ (c, ) <= c* ρ ◮ G = { Id } is “easy to handle". ◮ F realistic/useful. ◮ Constructions: Hadamard, Reed-Solomon, Reed-Muller, etc..

  9. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m (m) = AMD Codes: Application in robust fuzzy extractors and secret sharing [C D FPW12], NM-codes [DPW10], etc.

  10. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m ∆( c, )<= 2ρ c* (m) = Same constructions as those for ECC.secret sharing [CDFPW12], NM-codes [DPW10], etc.

  11. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m f (c) = c + δ (m) = δ AMD Codes: Application in robust fuzzy extractors and secret sharing [C D FPW12], NM-codes [DPW10], etc.

  12. Error-correction/detection impossible f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Constant ?? Id (m) = m functions (m) = f (c) = c* c* Let c ∗ = Enc ( m ′ ) for some fixed m ′ . Thus, Dec ( c ∗ ) = m ′ / ∈ { m , ⊥} .

  13. Error-correction/detection impossible f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Constant Id (m) = m functions (m) = f (c) = c* c* Let c ∗ = Enc ( m ′ ) for some fixed m ′ . Thus, Dec ( c ∗ ) = m ′ / ∈ { m , ⊥} .

  14. Non-malleable codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F NM Id (m) = m g (m) = m* m*

  15. Non-malleable codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F NM Id (m) = m g (m) = m* m* Is NM "realistic/easy-to-handle"? When is it useful?

  16. Application of Non-malleable codes ◮ Consider Sign sk (userID, m ). ◮ Task: How to protect sk against tampering attack. ◮ Encode sk using non-malleable code. ◮ Thus, sk ∗ = Dec ( f ( Enc ( sk ))) is either equal to sk or unrelated. ◮ Thus, cannot use Sign sk ∗ (userID, · ) to forge Sign sk (userID’ , · ).

  17. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F ,

  18. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t.

  19. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) .

  20. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) . Note: T is independent of m . Thus, intuitively, either m ∗ = m or they are unrelated.

  21. Which realistic families F can we tolerate? f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F all NM Id (m) = m g (m) = m* m* Impossible [DPW10]. ∀ g ∈ F all , let f ( c ) = Enc ( g ( Dec ( c ))) .

  22. Which realistic families F can we tolerate? f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F all F all Impossible [DPW10]. ∀ g ∈ F all , let f ( c ) = Enc ( g ( Dec ( c ))) .

  23. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently

  24. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing

  25. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more

  26. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10].

  27. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14].

  28. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13]

  29. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13] ◮ Open Question: Efficient construction for t constant, k large.

  30. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13] ◮ Open Question: Efficient construction for t constant, k large. YES (this talk). We show several constructions, including t = 2 and constant rate (i.e. code length is Θ( k ) ).

  31. NM-codes in the t -split state model f 1 X* X 1 1 f X* X 2 Dec 2 Enc 2 f 3 m* m X* X 3 3 f X* X 4 4 4 f 5 X* X 5 5 The coding scheme is non-malleable w.r.t. family F t-split , if ∀ f 1 , . . . , f t , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) .

  32. Common outline for our results: Non-malleable reductions [A D KO15]

  33. Non-malleable Reduction: Definition [A D KO15] Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m ,

  34. Non-malleable Reduction: Definition [A D KO15] Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* (Real) m c c* g The scheme is a non-malleable reduction from F to G , m g (m) (Ideal) denoted as F ⇒ G if ∀ f ∈ F ,

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. &amp; FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views • 55 slides
Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD Student, Tepper School of Business, Carnegie Mellon University. (Joint Work with Egon Balas) MIP Model MIP Model min cx Contains x j 0 j 2 N x j

837 views • 56 slides
Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya Brown University I/O Access to a Device Secret s x x D s (x) D s (x) Device for D s ( ) User

683 views • 24 slides
Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio Faonio Gianluca Brian Maciej Obremski IMDEA Software Institute Sapienza University of Rome National University of Singapore Madrid, Spain Rome,

1.02k views • 74 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1

Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1

Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1 Oliver Sinnen 2 Frdric Vivien 1 1: CNRS, INRIA, ENS Lyon and Univ. Lyon, FR. 2: Univ. Auckland, NZ. New Challenges in Scheduling Theory

596 views • 47 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F

6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F

6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F all 2012 Lecture 4, Slide #1 Single Link Communication Model End-host Original source computers Receiving app/user Digitize Render/display,

246 views • 21 slides
Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear

Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear

Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear Codes Page 1 General Model message m Errors introduced by the noisy channel: coder changed fields in the codeword (e.g., a flipped bit)

307 views • 28 slides
Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State

Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State

Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State Polytechnic University veram@dcn.icc.spbstu.ru January 2015 Polar Codes Polar codes can achieve the capacity of 1 0 0 0 0 0 0 0 an arbitrary

323 views • 4 slides
SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws , 2 magnets 2 split cast plates and 2 retention disks 1 : remove the nut of the screw 2 : Fixe the screws on articulator 3 : Fixe the magnets on

205 views • 9 slides
G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR CORRECTING PAIR I NTRODUCTION TO C ODING T HEORY MDS CODES A CHARACTERIZATION OF MDS CODES THAT GRS CODES HAVE AN ERROR CORRECTING PAIR ECP M OTIVATION O UR GOAL ARQUEZ -C ORBELLA 1 R. P ELLIKAAN

689 views • 19 slides
Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

From word munching to number crunching In 1978 Harvard grad student Dan Bricklin Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the first computer spreadsheet program Excel Vastly expanded

185 views • 7 slides
UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model

UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model

Overview UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model Concepts/Notations History Psudostates State Model Exercise 1 State Model Exercise 1 Composite States Eunjee Song State

437 views • 18 slides
PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

NEW APPROACH TO GROSS DOMESTIC PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite Fiskovia 5, 21 000 Split; CROATIA e-mail: ante.rozga@efst.hr Elza Jurun, University of Split, Faculty of

595 views • 38 slides
Security oriented codes: What we know and what we dont Osnat Keren Bar-Ilan University On

Security oriented codes: What we know and what we dont Osnat Keren Bar-Ilan University On

ENICS -Emerging Nanoscaled Integrated Circuits and Systems Labs Security oriented codes: What we know and what we dont Osnat Keren Bar-Ilan University On security oriented codes Outline Fault injection attacks &amp; HW countermeasures

878 views • 20 slides
RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

CS 4410 Operating Systems RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need for performance Disks are improving, but not as fast as CPUs. 1970s seek time: 50-100 ms. 2000s seek time:

462 views • 15 slides
Multimedia Systems WS 2010/2011 15.11.2010 M. Rahamatullah Khondoker (Room # 36/410 )

Multimedia Systems WS 2010/2011 15.11.2010 M. Rahamatullah Khondoker (Room # 36/410 )

Multimedia Systems WS 2010/2011 15.11.2010 M. Rahamatullah Khondoker (Room # 36/410 ) University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY http://www.icsy.de Outline Error Detection and

664 views • 34 slides
Number Systems and Codes 1 Number Systems Decimal number: 123.45 = 1 10 2 + 2 10 1 + 3 10 0 + 4

Number Systems and Codes 1 Number Systems Decimal number: 123.45 = 1 10 2 + 2 10 1 + 3 10 0 + 4

Number Systems and Codes 1 Number Systems Decimal number: 123.45 = 1 10 2 + 2 10 1 + 3 10 0 + 4 10 -1 + 5 10 -2 Base b number: N = a q- 1 b q- 1 + + a 0 b 0 + + a -p b -p b &gt;1, 0 &lt;= a i &lt;= b -1 Integer part: a q -1 a q -2

453 views • 12 slides
Error model Independent errors - error probability per bit p Error probability per word

Error model Independent errors - error probability per bit p Error probability per word

379 views • 8 slides
Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other unusual events during the execution of a program. 1 Control In a language without exception handling: When an exception occurs, control

1.15k views • 19 slides
Di Digi gital tal Co Comm mmuni unication cation Sy Syst stem ems ECS 452 EC Asst.

Di Digi gital tal Co Comm mmuni unication cation Sy Syst stem ems ECS 452 EC Asst.

Di Digi gital tal Co Comm mmuni unication cation Sy Syst stem ems ECS 452 EC Asst. Prof. Dr. Prapun Suksompong prapun@siit.tu.ac.th Channel Capacity Office Hours: Rangsit Library: Tuesday 16:20-17:20 BKD3601-7: Thursday

424 views • 25 slides
Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December 2014 Bryan Eastin Fault-tolerant Quantum Computing What do we mean by quantum computer ? Quantum computer properties (in theory) General purpose -

860 views • 55 slides

More recommend