non malleable codes in the split state model
play

Non-malleable codes in the split-state model Divesh Aggarwal, - PowerPoint PPT Presentation

Sep 06, 2023 •228 likes •1.06k views

Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) Consider a

  1. Non-malleable codes in the split-state model Divesh Aggarwal, Yevgeniy Dodis , Tomasz Kazana, Shachar Lovett, Maciej Obremski New York University

  2. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel.

  3. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel.

  4. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ .

  5. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ . • Hope: m ∗ "looks like" g ( m ) for some "good" g that we can "tolerate".

  6. Tampering Experiment f Enc Dec m* m c c* (Real) g m g (m) (Ideal) • Consider a tamperable communication channel. • To protect, send c = Enc ( m ) along the channel. • The tampered codeword decodes to some m ∗ . • Hope: m ∗ "looks like" g ( m ) for some "good" g that we can "tolerate". We want ◮ Correctness: ∀ m , Dec ( Enc ( m )) = m . ◮ Simulation: ∀ f ∈ F , ∃ g ∈ G , where ◮ F is large and realistic against attacks/channels. ◮ G small and "easy to handle".

  7. Example: Error-correcting codes f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F G Id (m) = m ◮ G = { Id } is “easy to handle".

  8. Example: Error-correcting codes f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F G Id (m) = m ∆ (c, ) <= c* ρ ◮ G = { Id } is “easy to handle". ◮ F realistic/useful. ◮ Constructions: Hadamard, Reed-Solomon, Reed-Muller, etc..

  9. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m (m) = AMD Codes: Application in robust fuzzy extractors and secret sharing [C D FPW12], NM-codes [DPW10], etc.

  10. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m ∆( c, )<= 2ρ c* (m) = Same constructions as those for ECC.secret sharing [CDFPW12], NM-codes [DPW10], etc.

  11. Example: Error-detecting codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Id (m) = m f (c) = c + δ (m) = δ AMD Codes: Application in robust fuzzy extractors and secret sharing [C D FPW12], NM-codes [DPW10], etc.

  12. Error-correction/detection impossible f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Constant ?? Id (m) = m functions (m) = f (c) = c* c* Let c ∗ = Enc ( m ′ ) for some fixed m ′ . Thus, Dec ( c ∗ ) = m ′ / ∈ { m , ⊥} .

  13. Error-correction/detection impossible f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F G Constant Id (m) = m functions (m) = f (c) = c* c* Let c ∗ = Enc ( m ′ ) for some fixed m ′ . Thus, Dec ( c ∗ ) = m ′ / ∈ { m , ⊥} .

  14. Non-malleable codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F NM Id (m) = m g (m) = m* m*

  15. Non-malleable codes f Enc Dec m* m c c* (Real) g m g (m) (Ideal) F NM Id (m) = m g (m) = m* m* Is NM "realistic/easy-to-handle"? When is it useful?

  16. Application of Non-malleable codes ◮ Consider Sign sk (userID, m ). ◮ Task: How to protect sk against tampering attack. ◮ Encode sk using non-malleable code. ◮ Thus, sk ∗ = Dec ( f ( Enc ( sk ))) is either equal to sk or unrelated. ◮ Thus, cannot use Sign sk ∗ (userID, · ) to forge Sign sk (userID’ , · ).

  17. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F ,

  18. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t.

  19. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) .

  20. Non-malleable codes: Formal Definition Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* m c c* (Real) g (Ideal) m g (m) The coding scheme is non-malleable w.r.t. family F , if ∀ f ∈ F , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) . Note: T is independent of m . Thus, intuitively, either m ∗ = m or they are unrelated.

  21. Which realistic families F can we tolerate? f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F all NM Id (m) = m g (m) = m* m* Impossible [DPW10]. ∀ g ∈ F all , let f ( c ) = Enc ( g ( Dec ( c ))) .

  22. Which realistic families F can we tolerate? f Enc Dec m* (Real) m c c* g m g (m) (Ideal) F all F all Impossible [DPW10]. ∀ g ∈ F all , let f ( c ) = Enc ( g ( Dec ( c ))) .

  23. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently

  24. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing

  25. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more

  26. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10].

  27. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14].

  28. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13]

  29. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13] ◮ Open Question: Efficient construction for t constant, k large.

  30. Non-malleable Codes in the t -split-state model ◮ Tamper t different memory-parts independently ◮ Application to non-malleable secret-sharing ◮ Includes ECC, EDC, Constant functions, bitwise tampering functions but much more ◮ Existential result known [DPW10]. ◮ Efficient construction for family of bitwise-tampering functions ( t = k , the no. of bits in m ) [DPW10, CG14, FNVW14]. ◮ Efficient construction for t = 2, k = 1 [DKO13] ◮ Open Question: Efficient construction for t constant, k large. YES (this talk). We show several constructions, including t = 2 and constant rate (i.e. code length is Θ( k ) ).

  31. NM-codes in the t -split state model f 1 X* X 1 1 f X* X 2 Dec 2 Enc 2 f 3 m* m X* X 3 3 f X* X 4 4 4 f 5 X* X 5 5 The coding scheme is non-malleable w.r.t. family F t-split , if ∀ f 1 , . . . , f t , ∃ T which is a probabilistic combination of: ◮ constant functions ◮ identity function s.t. ∀ m ∈ M , m ∗ ≈ T ( m ) .

  32. Common outline for our results: Non-malleable reductions [A D KO15]

  33. Non-malleable Reduction: Definition [A D KO15] Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m ,

  34. Non-malleable Reduction: Definition [A D KO15] Let ( Enc , Dec ) be a coding scheme with Enc randomized , and Dec deterministic, s.t. ∀ m Dec ( Enc ( m )) = m , f Enc Dec m* (Real) m c c* g The scheme is a non-malleable reduction from F to G , m g (m) (Ideal) denoted as F ⇒ G if ∀ f ∈ F ,

Recommend

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. &amp; FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views • 55 slides
Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD

Optimizing over the Split Closure Optimizing over the Split Closure Anureet Saxena ACO PhD Student, Tepper School of Business, Carnegie Mellon University. (Joint Work with Egon Balas) MIP Model MIP Model min cx Contains x j 0 j 2 N x j

837 views • 56 slides
Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya Brown University I/O Access to a Device Secret s x x D s (x) D s (x) Device for D s ( ) User

683 views • 24 slides
Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio

Non-Malleable Secret Sharing against Bounded Joint-Tampering Attacks in the Plain Model Antonio Faonio Gianluca Brian Maciej Obremski IMDEA Software Institute Sapienza University of Rome National University of Singapore Madrid, Spain Rome,

1.02k views • 74 slides
Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable

Tight Upper and Lower Bounds for Leakage-Resilient Locally Decodable and Updatable Non-Malleable Codes Dana Dachman-Soled University of Maryland Joint work with: Mukul Kulkarni and Aria Shahverdi, University of Maryland Talk is also based on

572 views • 35 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1

Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1

Malleable task-graph scheduling with a practical speed-up model Loris Marchal 1 Bertrand Simon 1 Oliver Sinnen 2 Frdric Vivien 1 1: CNRS, INRIA, ENS Lyon and Univ. Lyon, FR. 2: Univ. Auckland, NZ. New Challenges in Scheduling Theory

596 views • 47 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F

6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F

6.02 Fall 2012 Lecture #4 Linear block codes Rectangular codes Hamming codes 6.02 F all 2012 Lecture 4, Slide #1 Single Link Communication Model End-host Original source computers Receiving app/user Digitize Render/display,

246 views • 21 slides
Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear

Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear

Algorithms in the Real World Error Correcting Codes I Overview Hamming Codes Linear Codes Page 1 General Model message m Errors introduced by the noisy channel: coder changed fields in the codeword (e.g., a flipped bit)

307 views • 28 slides
Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State

Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State

Practical Design and Decoding of Polar Codes Vera Miloslavskaya Saint-Petersburg State Polytechnic University veram@dcn.icc.spbstu.ru January 2015 Polar Codes Polar codes can achieve the capacity of 1 0 0 0 0 0 0 0 an arbitrary

323 views • 4 slides
SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws , 2 magnets 2 split cast plates and 2 retention disks 1 : remove the nut of the screw 2 : Fixe the screws on articulator 3 : Fixe the magnets on

205 views • 9 slides
G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

G ENERALIZED R EED -S OLOMON CODES (GRS CODES ) A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR

A CHARACTERIZATION OF MDS CODES THAT HAVE AN ERROR CORRECTING PAIR I NTRODUCTION TO C ODING T HEORY MDS CODES A CHARACTERIZATION OF MDS CODES THAT GRS CODES HAVE AN ERROR CORRECTING PAIR ECP M OTIVATION O UR GOAL ARQUEZ -C ORBELLA 1 R. P ELLIKAAN

689 views • 19 slides
Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

From word munching to number crunching In 1978 Harvard grad student Dan Bricklin Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the first computer spreadsheet program Excel Vastly expanded

185 views • 7 slides
UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model

UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model

Overview UML State Models U State ode s Basic State Model Concepts/Notations Basic State Model Concepts/Notations History Psudostates State Model Exercise 1 State Model Exercise 1 Composite States Eunjee Song State

437 views • 18 slides
PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite

NEW APPROACH TO GROSS DOMESTIC PRODUCT DECOMPOSITION Ante Rozga, University of Split, Faculty of Economics/Split - Cvite Fiskovia 5, 21 000 Split; CROATIA e-mail: ante.rozga@efst.hr Elza Jurun, University of Split, Faculty of

595 views • 38 slides
Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and RS) codes: R6 Reed-Solomon codes RS codes: R5.13 Mikael Skoglund, Information Theory 1/15 The BCH Bound Theorem : Let C be cyclic of

276 views • 8 slides
Cracking the Tax Codes: How State Tax Laws Influence the Number of Manufacturing Jobs within

Cracking the Tax Codes: How State Tax Laws Influence the Number of Manufacturing Jobs within

Cracking the Tax Codes: How State Tax Laws Influence the Number of Manufacturing Jobs within Their Borders Nick Lorenson Bemidji State University Political Science Senior Thesis Dr. Patrick Donnay, Advisor Spring 2013 Where to Locate a

890 views • 52 slides
Texas Building E Texas Building E nergy Codes nergy Codes Update p Felix A Lopez P E Felix

Texas Building E Texas Building E nergy Codes nergy Codes Update p Felix A Lopez P E Felix

Texas Building E Texas Building E nergy Codes nergy Codes Update p Felix A Lopez P E Felix A. Lopez, P.E Senior Engineer State Energy Conservation Office (SECO) State e gy Co se at o O ce (S CO) 1 Texas Building E nergy Codes

339 views • 12 slides
Model Building: Ensemble Methods Max Kuhn and Kjell Johnson Nonclinical Statistics, Pfizer 1 1

Model Building: Ensemble Methods Max Kuhn and Kjell Johnson Nonclinical Statistics, Pfizer 1 1

Model Building: Ensemble Methods Max Kuhn and Kjell Johnson Nonclinical Statistics, Pfizer 1 1 Splitting Example Boston Housing Searching though the first left split ( ), the best split again uses the lower status % In the

646 views • 40 slides
A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial Pivoting Sandra Cataln, Jose R. Herrero, Enrique S. Quintana-Ort, Rafael Rodrguez-Snchez, Robert van de Geijn BLIS Retreat, 19-20th September

361 views • 25 slides
The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste

The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste

The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste Asanovi c 3 1 Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology, Cambridge, MA 2 Central Research

535 views • 10 slides
Entry and Exit Codes LEA Training Summer 2016 Office of the State Superintendent of Education

Entry and Exit Codes LEA Training Summer 2016 Office of the State Superintendent of Education

Entry and Exit Codes LEA Training Summer 2016 Office of the State Superintendent of Education Division of Data, Assessment, and Research 1 Agenda Introduction Why do entry and exit codes matter? What are LEA responsibilities?

612 views • 47 slides
15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression

15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression

15-853:Algorithms in the Real World Fountain codes and Raptor codes Start with compression 15-853 Page1 The random erasure model We will continue looking at recovering from erasures Q: Why erasure recovery is quite useful in real-world

535 views • 42 slides

More recommend