Maciej Obremski

Non-malleable Codes from Two-Source Extractors

We construct an efficient information-theoretically non-malleable code in the split-state model for one-bit messages. Non-malleable codes were introduced recently by Dziembowski, Pietrzak and Wichs (ICS 2010), as a general tool for storing messages securely on hardware that can be subject to tampering attacks. Informally, a code \((\mathsf{Enc} : {\cal M} \rightarrow {\cal L} \times {\cal R}, \mathsf{Dec} : {\cal L} \times {\cal R} \rightarrow {\cal M})\) is non-malleable in the split-state model if any adversary, by manipulating independently L and R (where (L,R) is an encoding of some message M), cannot obtain an encoding of a message M′ that is not equal to M but is “related” M in some way. Until now it was unknown how to construct an information-theoretically secure code with such a property, even for \({\cal M} = \{0,1\}\). Our construction solves this problem. Additionally, it is leakage-resilient, and the amount of leakage that we can tolerate can be an arbitrary fraction ξ < 1/4 of the length of the codeword. Our code is based on the inner-product two-source extractor, but in general it can be instantiated by any two-source extractor that has large output and has the property of being flexible, which is a new notion that we define.

Leakage-Resilient Non-malleable Codes

A recent trend in cryptography is to construct cryptosystems that are secure against physical attacks. Such attacks are usually divided into two classes: the leakage attacks in which the adversary obtains some information about the internal state of the machine, and the tampering attacks where the adversary can modify this state. One of the popular tools used to provide tamper-resistance are the non-malleable codes introduced by Dziembowski, Pietrzak and Wichs (ICS 2010). These codes can be defined in several variants, but arguably the most natural of them are the information-theoretically secure codes in the k-split-state model (the most desired case being k = 2).