Non-Malleable Codes

Dziembowski, Stefan; Pietrzak, Krzysztof; Wichs, Daniel

doi:10.1145/3178432

Cited by 76 publications

(184 citation statements)

References 60 publications

Supporting

Mentioning

182

Contrasting

Order By: Relevance

“…This special family of TD codes are of particular interest because, despite their simple definition, they can be used as basic tools of generic constructions for coding scheme that achieve security against tampering family larger than F amd (see for example [DPW10] and our Construction 1). Clearly, the parameters (i.e.…”

Section: Building Blocks For Constructionmentioning

confidence: 99%

“…Non-malleable codes [DPW10] are a relaxation of error-correcting and errordetecting codes that have useful applications in cryptography. For example, they can be used to protect keys that are stored in non-robust devices against tampering attacks.…”

Section: Introductionmentioning

confidence: 99%

“…Many of the known constructions of non-malleable codes, such as [DPW10], [CG14b,AGM + 15a,AGM + 15b] use linear secret-sharing schemes (LSSS) as one of the main building blocks. Roughly speaking, a secret-sharing scheme is a randomised algorithm that encodes a message m as a longer vector s such that m can be computed from large enough sets of entries in s, while smaller set give no information about m. LSSS with extra properties (uniformity and distance) are used already by Dziembowski et al in [DPW10] where they introduce and motivate the formal notion of non-malleable codes and also construct the first family of non-malleable codes in the bit-wise independent tampering model.…”

Section: Introductionmentioning

confidence: 99%

“…Roughly speaking, a secret-sharing scheme is a randomised algorithm that encodes a message m as a longer vector s such that m can be computed from large enough sets of entries in s, while smaller set give no information about m. LSSS with extra properties (uniformity and distance) are used already by Dziembowski et al in [DPW10] where they introduce and motivate the formal notion of non-malleable codes and also construct the first family of non-malleable codes in the bit-wise independent tampering model. The computational complexity of the code is quadratic in the size of the input length.…”

Section: Introductionmentioning

confidence: 99%

“…Overview of our Constructions. As mentioned, we present two deterministic constructions for linear-time non-malleable codes: Construction 1 can be seen as a generalization of the original construction of [DPW10] and gives rise to the first linear-time non-malleable codes with constant rate in the symbol-wise independent tampering model. More generally, we prove that given a family of tamper-detection codes with any computational complexity and rate, it is possible to explicitly construct a family of non-malleable codes with constant rate and linear-time complexity (Theorem 2).…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Linear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model

Cramer

Damgård

Döttling

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Non-malleable codes were introduced by Dziembowski et al. (ICS 2010) as coding schemes that protect a message against tampering attacks. Roughly speaking, a code is non-malleable if decoding an adversarially tampered encoding of a message m produces the original message m or a value m (eventually ⊥) completely unrelated with m. It is known that non-malleability is possible only for restricted classes of tampering functions. Since their introduction, a long line of works has established feasibility results of non-malleable codes against different families of tampering functions. However, for many interesting families the challenge of finding "good" non-malleable codes remains open. In particular, we would like to have explicit constructions of non-malleable codes with high-rate and efficient encoding/decoding algorithms (i.e. low computational complexity). In this work we present two explicit constructions: the first one is a natural generalization of the work of Dziembowski et al. and gives rise to the first constant-rate non-malleable code with linear-time complexity (in a model including bit-wise independent tampering). The second construction is inspired by the recent works about non-malleable codes of Agrawal et al. (TCC 2015) and of Cheraghchi and Guruswami (TCC 2014) and improves the previous result in the bit-wise tampering model: it builds the first non-malleable codes with linear-time complexity and optimal-rate (i.e. rate 1 − o(1)).

show abstract

Section: Building Blocks For Constructionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Linear-Time Non-Malleable Codes in the Bit-Wise Independent Tampering Model

Cramer

Damgård

Döttling

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Security of Hedged Fiat–Shamir Signatures Under Fault Attacks

Aranha

Orlandi

Takahashi

et al. 2020

Advances in Cryptology – EUROCRYPT 2020

View full text Add to dashboard Cite

Deterministic generation of per-signature randomness has been a widely accepted solution to mitigate the catastrophic risk of randomness failure in Fiat-Shamir type signature schemes. However, recent studies have practically demonstrated that such de-randomized schemes, including EdDSA, are vulnerable to differential fault attacks, which enable adversaries to recover the entire secret signing key, by artificially provoking randomness reuse or corrupting computation in other ways. In order to balance concerns of both randomness failures and the threat of fault injection, some signature designs are advocating a "hedged" derivation of the per-signature randomness, by hashing the secret key, message, and a nonce. Despite the growing popularity of the hedged paradigm in practical signature schemes, to the best of our knowledge, there has been no attempt to formally analyze the fault resilience of hedged signatures. We perform a formal security analysis of the fault resilience of signature schemes constructed via the Fiat-Shamir transform. We propose a model to characterize bit-tampering fault attacks, and investigate their impact across different steps of the signing operation. We prove that, for some types of faults, attacks are mitigated by the hedged paradigm, while attacks remain possible for others. As concrete case studies, we then apply our results to XEdDSA, a hedged version of EdDSA used in the Signal messaging protocol, and to Picnic2, a hedged Fiat-Shamir signature scheme in Round 2 of the NIST Post-Quantum standardization process.

show abstract