non malleable codes for partial functions with
play

Non-Malleable Codes for Partial Functions with Manipulation - PowerPoint PPT Presentation

Jul 06, 2023 •218 likes •772 views

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

  1. Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. & FAU CRYPTO 2018

  2. Outline Introduction to non-malleable codes Adversarial model, motivation Results, constructions Intuition

  3. Encoding schemes An encoding scheme is a pair of algorithms ( Enc , Dec ) , satisfying correctness : for any message s , Dec ( Enc ( s )) = s

  4. Encoding schemes An encoding scheme is a pair of algorithms ( Enc , Dec ) , satisfying correctness : for any message s , Dec ( Enc ( s )) = s Error-correction codes : guarantee correctness in the presence of faults

  5. Non-malleable codes [DPW10,18]

  6. Non-malleable codes [DPW10,18] Non-malleability : any modified codeword does not decode to a message related to/different from, the original

  7. Non-malleable codes [DPW10,18] Non-malleability : any modified codeword does not decode to a message related to/different from, the original f s c c ′ s Enc f Dec ⊥ s ′ (unrelated to s )

  8. Non-malleability [DPW10,18] Real c c ′ f s Enc Dec s ′ s ′ f

  9. Non-malleability [DPW10,18] Real c c ′ s f Enc Dec s ′ s ′ f Simulator

  10. Non-malleability [DPW10,18] Real c c ′ s f Enc Dec s ′ s ′ f Ideal Simulator f s ′

  11. Non-malleability [DPW10,18] Real Real ≈ Ideal c c ′ s f Enc Dec s ′ s ′ f Ideal Simulator f s ′

  12. Application of NMC Black-box adversary Smart-card computing G s ( · ) x G s ( x )

  13. Application of NMC Black-box adversary Smart-card computing G s ( · ) x G s ( x ) Smart-card computing G s ( · ) Tampering adversary f, x G f ( s ) ( x )

  14. Application of NMC Assuming ( Enc , Dec ) is a non-malleable code w.r.t. F . Compiled circuit : ˆ G ˆ Original circuit : G s s x x ˆ s := Enc ( s ) G s ˆ s s G s ( x ) Dec (ˆ s ) y y Non-malleability : for any f ∈ F , f (ˆ s ) is simulatable and independent of s

  15. Admissible function classes Non-malleability is impossible against arbitrary tampering function classes

  16. Admissible function classes Non-malleability is impossible against arbitrary tampering function classes For instance, consider a class containing the function f ( c ) := Enc ( Dec ( c ) + 1)

  17. Admissible function classes Proposed function classes : Split-state functions [ADL14, DKO13, ADKO15, LL12, AAG + 16, DPW10, KLT16], bit-wise tampering and permutations [DPW10, AGM + 15a, AGM + 15b], bounded-size function classes [FMVW14], bounded depth/fan-in circuits [BDKM16], space-bounded tampering [FHMV17,BDKM18], block-wise tampering [CKM11,CGM + 15], AC0 circuits, bounded-depth decision trees and streaming adversaries [BDKM18], small-depth circuits [BDGMT18], and others.

  18. Admissible function classes Proposed function classes : Split-state functions [ADL14, DKO13, ADKO15, LL12, AAG + 16, DPW10, KLT16], bit-wise tampering and permutations [DPW10, AGM + 15a, AGM + 15b], bounded-size function classes [FMVW14], bounded depth/fan-in circuits [BDKM16], space-bounded tampering [FHMV17,BDKM18], block-wise tampering [CKM11,CGM + 15], AC0 circuits, bounded-depth decision trees and streaming adversaries [BDKM18], small-depth circuits [BDGMT18], and others. This work : Partial functions

  19. NMC for Partial Functions We allow read/write access to arbitrary subsets of codeword locations, with bounded cardinality.

  20. Basic definitions

  21. Basic definitions Information rate : the ratio of message to codeword, length, as the message length goes to infinity.

  22. Basic definitions Information rate : the ratio of message to codeword, length, as the message length goes to infinity. Access rate : the fraction of the number of bits (symbols) the attacker is allowed to access over, the total codeword length.

  23. Main Goal Is it possible to construct efficient (high information rate) non-malleable codes for partial functions, while allowing the attacker to access almost the entire codeword (high access rate)?

  24. Motivation Attackers with high access rate could still create correlated codewords

  25. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97]

  26. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications

  27. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications

  28. Motivation Attackers with high access rate could still create correlated codewords Partial functions comply with existing attacks, e.g., [BDL97, BDL01, BS97] The passive analog of the primitive implies All-Or-Nothing-Transforms [Riv97], having numerous applications Constant functions are excluded from the model, thus it potentially allows stronger primitives

  29. Results

  30. Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥}

  31. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC )

  32. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k )

  33. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k ) Assuming OWF, we construct MD-NMC in the standard model, with information rate 1 − 1 / Ω(log k ) and access rate 1 − 1 / Ω(log k ) (alphabet size: O (log k ) )

  34. � Results Stronger notion : Non-malleability with manipulation detection ( MD-NMC ), Dec ( f ( c )) ∈ { s, ⊥} ( MD = ⇒ MD-NMC ) Assuming OWF, we construct MD-NMC in the CRS model, with information rate 1 and access rate 1 − 1 / Ω(log k ) Assuming OWF, we construct MD-NMC in the standard model, with information rate 1 − 1 / Ω(log k ) and access rate 1 − 1 / Ω(log k ) (alphabet size: O (log k ) ) Our results imply efficient All-Or-Nothing-Transforms under standard assumptions

  35. Challenges

  36. Challenges Non-malleability for partial functions with concrete access rate 1 is impossible

  37. Challenges Non-malleability for partial functions with concrete access rate 1 is impossible Impossibility on the information-theoretic setting [CG14] : assuming constant access/information rate, security is achievable only with constant probability

  38. Challenges Towards an encryption-based solution:

  39. Challenges Towards an encryption-based solution: Message: s Secret key: sk e ← Encrypt sk ( s ) (Bits) sk

  40. Challenges Towards an encryption-based solution: Message: s Secret key: sk e ← Encrypt sk ( s ) (Bits) sk Security breaks by accessing O ( | sk | / | s | ) codewords bits

  41. Challenges Towards an encryption-based solution: Message: s e ← Encrypt sk ( s ) Secret key: sk (Bits) InnerEnc( sk ) Security breaks by accessing O ( | sk | / | s | ) codewords bits

  42. Challenges Towards an encryption-based solution: Message: s Secret key: sk InnerEnc( e ) ← Encrypt sk ( s ) (Bits) sk

  43. Challenges Question : Is it possible to achieve access rate greater than O ( | sk | / | c | ) ?

  44. Challenges Question : Is it possible to achieve access rate greater than O ( | sk | / | c | ) ? More generally : Can we achieve access rate greater than what our weakest primitive sustains?

  45. Challenges Main observation : the structure of the codeword is fixed and known to the attacker

  46. Challenges Main observation : the structure of the codeword is fixed and known to the attacker Idea : hide the structure via randomization

  47. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS

  48. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS f Due to the shuffling, the attacker learns nothing about sk, sk 3 . Let ( sk, sk 3 ) → ( sk ′ , sk ′′ )

  49. Construction in the CRS model Message: s e ← AuthEncrypt sk ( s ) Secret key: sk (Bits) z � sk || sk 3 � ← SecretShare Locations defined by the CRS f Due to the shuffling, the attacker learns nothing about sk, sk 3 . Let ( sk, sk 3 ) → ( sk ′ , sk ′′ ) If ( sk, sk 3 ) � = ( sk ′ , sk ′′ ) , then Pr[ sk ′ 3 = sk ′′ ] ≤ negl, otherwise we can recover sk

Recommend

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial Pivoting Sandra Cataln, Jose R. Herrero, Enrique S. Quintana-Ort, Rafael Rodrguez-Snchez, Robert van de Geijn BLIS Retreat, 19-20th September

361 views • 25 slides
Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana,

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana,

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) Consider a

1.06k views • 81 slides
Partial Functions and Domination C T Chong National University of Singapore

Partial Functions and Domination C T Chong National University of Singapore

Partial Functions and Domination C T Chong National University of Singapore chongct@math.nus.edu.sg CTFM, Tokyo 711 September 2015 Domination for Partial Functions Definition Let f , g be partial functions. Then g dominates f if

664 views • 28 slides
Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Introduction Natural numbers objects in monoidal categories Weak representability of partial recursive functions Strong representability of partial recursive functions Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the

800 views • 58 slides
Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien

Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien

Motivation of Partial Functions Formally Defining Partial Functions Categories Restriction Categories Partial Functions and Categories of Partial Maps Science Atlantic at Acadia University Darien DeWolf October 24, 2015 Darien DeWolf

194 views • 17 slides
Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

639 views • 52 slides
Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract,

Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract,

Partial Recursive Functions Computation Theory , L 8 101/171 Aim A more abstract, machine-independent description of the collection of computable partial functions than provided by register/Turing machines: they form the smallest collection

349 views • 16 slides
JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the

JUST THE MATHS SLIDES NUMBER 14.1 PARTIAL DIFFERENTIATION 1 (Partial derivatives of the first order) by A.J.Hobson 14.1.1 Functions of several variables 14.1.2 The definition of a partial derivative UNIT 14.1 PARTIAL DIFFERENTIATION

295 views • 8 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

Representing Recursive Functions The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and Definitions Main Categories theorems Statements Proof Total recursive functions Yan Steimle Conclusion

574 views • 32 slides
Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk

Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk

Partial Computable Functions: Analysis and Complexity Margarita Korovina IIS SbRAS, Novosibirsk Oleg Kudinov Inst. of Math SbRAS, Novosibirsk CCC 2017 Nancy, June 2017 Goals Does the class of partial computable functions have a universal

515 views • 23 slides
CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements

CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements

CURVES AND CODES by John R. Kerl A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Arts ARIZONA STATE UNIVERSITY April 2005 1 Overview Coding Theory Algebraic Geometry (key: Riemann-Roch)

430 views • 25 slides
MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial

MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial

Partial derivatives BUSINESS MATHEMATICS 1 CONTENTS Derivatives for functions of two variables Higher-order partial derivatives Derivatives for functions of many variables Old exam question Further study 2 DERIVATIVES FOR FUNCTIONS OF TWO

472 views • 20 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
BEEM103 Optimization Techniques for Economists Level Curves Multivariate Functions Isoquants

BEEM103 Optimization Techniques for Economists Level Curves Multivariate Functions Isoquants

Functions in two variables Functions in two variables Partial derivatives Partial derivatives Optimization Optimization Unconstrained Optimization Unconstrained Optimization Second order conditions Second order conditions Functions in two

234 views • 20 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
Curried functions Currying and partial application and other tasty

Curried functions Currying and partial application and other tasty

10/8/15 More idioms for closures Function composition Curried functions Currying and partial application and other tasty closure recipes Callbacks (e.g., in reactive

672 views • 6 slides
Partial MDS Codes with Local Regeneration Lukas Holzbaur , Sven Puchinger, Eitan Yaakobi, Antonia

Partial MDS Codes with Local Regeneration Lukas Holzbaur , Sven Puchinger, Eitan Yaakobi, Antonia

Partial MDS Codes with Local Regeneration Lukas Holzbaur , Sven Puchinger, Eitan Yaakobi, Antonia Wachter-Zeh Technical University of Munich Institute for Communications Engineering Introduction Large scale distributed storage systems need to

462 views • 33 slides
Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES

Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES

Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES Anne.Canteaut@inria.fr http://www-rocq.inria.fr/codes/Anne.Canteaut/ ECRYPT summer school - May 2007 Outline Basic properties of Boolean functions for

878 views • 48 slides
Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on Boolean Functions and their Applications (BFA) Outline Introduction Maximum rank distance codes Quadratic bent-Negabent functions Vectorial

2.09k views • 179 slides
JUST THE MATHS SLIDES NUMBER 14.5 PARTIAL DIFFERENTIATION 5 (Partial derivatives of

JUST THE MATHS SLIDES NUMBER 14.5 PARTIAL DIFFERENTIATION 5 (Partial derivatives of

JUST THE MATHS SLIDES NUMBER 14.5 PARTIAL DIFFERENTIATION 5 (Partial derivatives of composite functions) by A.J.Hobson 14.5.1 Single independent variables 14.5.2 Several independent variables UNIT 14.5 PARTIAL DIFFERENTIATION 5

379 views • 8 slides
PARTIAL DERIVATIVES MATH 200 GOALS Figure out how to take derivatives of functions of

PARTIAL DERIVATIVES MATH 200 GOALS Figure out how to take derivatives of functions of

MATH 200 WEEK 4 - MONDAY PARTIAL DERIVATIVES MATH 200 GOALS Figure out how to take derivatives of functions of multiple variables and what those derivatives mean. Be able to compute first-order and second-order partial derivatives .

1.82k views • 24 slides
JUST THE MATHS SLIDES NUMBER 14.9 PARTIAL DIFFERENTIATION 9 (Taylors series) for

JUST THE MATHS SLIDES NUMBER 14.9 PARTIAL DIFFERENTIATION 9 (Taylors series) for

JUST THE MATHS SLIDES NUMBER 14.9 PARTIAL DIFFERENTIATION 9 (Taylors series) for (Functions of several variables) by A.J.Hobson 14.9.1 The theory and formula UNIT 14.9 PARTIAL DIFFERENTIATION 9 TAYLORS SERIES FOR FUNCTIONS

469 views • 8 slides
Bar recursion over finite partial functions Thomas Powell (joint work with Paulo Oliva)

Bar recursion over finite partial functions Thomas Powell (joint work with Paulo Oliva)

Bar recursion over finite partial functions Thomas Powell (joint work with Paulo Oliva) University of Innsbruck CCC 2015 Kochel am See, Germany 15 September 2015 Thomas Powell (Innsbruck) Bar recursion over partial functions 1 / 32

839 views • 63 slides

More recommend