Non-malleable extractors and symmetric key cryptography from weak secrets

Dodis, Yevgeniy; Wichs, Daniel

doi:10.1145/1536414.1536496

Cited by 112 publications

(223 citation statements)

References 34 publications

Supporting

Mentioning

218

Contrasting

Unclassified

Order By: Relevance

“…While we believe that non-malleable key derivation is an interesting notion on its own (e.g., it can be viewed as a dual version of non-malleable extractors [17]), we also show it has useful applications for tamper resilience. For instance, consider some cryptographic scheme G using a uniform key in y ← {0, 1} k .…”

Section: Our Contributionmentioning

confidence: 84%

“…Note that the above definition can be interpreted as a dual version of the definition of nonmalleable extractors [17]. 2 The theorem below states that by sampling a function h from a set H of t-wise independent hash functions, we obtain a non-malleable key derivation function with overwhelming probability.…”

Section: Figure 1: Experiments Defining a Non-malleable Key Derivatiomentioning

confidence: 99%

See 1 more Smart Citation

Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits

Faust

Mukherjee

Venturi

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Non-malleable codes, defined by Dziembowski, Pietrzak and Wichs (ICS '10), provide roughly the following guarantee: if a codeword c encoding some message x is tampered to c = f (c) such that c = c, then the tampered message x contained in c reveals no information about x. Nonmalleable codes have applications to immunizing cryptosystems against tampering attacks and related-key attacks.One cannot have an efficient non-malleable code that protects against all efficient tampering functions f . However, in this work we show "the next best thing": for any polynomial bound s given a-priori, there is an efficient non-malleable code that protects against all tampering functions f computable by a circuit of size s. More generally, for any family of tampering functions F of size |F| ≤ 2 s , there is an efficient non-malleable code that protects against all f ∈ F. The rate of our codes, defined as the ratio of message to codeword size, approaches 1. Our results are information-theoretic and our main proof technique relies on a careful probabilistic method argument using limited independence. As a result, we get an efficiently samplable family of efficient codes, such that a random member of the family is non-malleable with overwhelming probability. Alternatively, we can view the result as providing an efficient non-malleable code in the "common reference string" (CRS) model.We also introduce a new notion of non-malleable key derivation, which uses randomness x to derive a secret key y = h(x) in such a way that, even if x is tampered to a different value x = f (x), the derived key y = h(x ) does not reveal any information about y. Our results for non-malleable key derivation are analogous to those for non-malleable codes.As a useful tool in our analysis, we rely on the notion of "leakage-resilient storage" of Davì, Dziembowski and Venturi (SCN '10) and, as a result of independent interest, we also significantly improve on the parameters of such schemes.

show abstract

Section: Our Contributionmentioning

confidence: 84%

Section: Figure 1: Experiments Defining a Non-malleable Key Derivatiomentioning

confidence: 99%

Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits

Faust

Mukherjee

Venturi

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Next, we consider the case of q = 2, where the notion of (2, ε)-wise independence in the k = (m − d)-real 2 model becomes a non-malleable extractor [14] (for Renyi entropy; the case q = 1 collapses to the setting of weak PRF considered in the previous section).…”

Section: Definition 6 (Weak (Q δ)-Wise Independence)mentioning

confidence: 99%

Overcoming Weak Expectations

Dodis

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recently, there has been renewed interest in basing cryptographic primitives on weak secrets, where the only information about the secret is some non-trivial amount of (min-) entropy. From a formal point of view, such results require to upper bound the expectation of some function f (X), where X is a weak source in question. We show an elementary inequality which essentially upper bounds such 'weak expectation' by two terms, the first of which is independent of f , while the second only depends on the 'variance' of f under uniform distribution. Quite remarkably, as relatively simple corollaries of this elementary inequality, we obtain some 'unexpected' results, in several cases noticeably simplifying/improving prior techniques for the same problem. Examples include non-malleable extractors, leakage-resilient symmetric encryption, alternative to the dense model theorem, seed-dependent condensers and improved entropy loss for the leftover hash lemma.

show abstract

“…Randomness extractors are widely used in cryptographic applications (see, e.g., [25,87,99,100,199,200,218,348]). This includes applications in construction of pseudorandom generators from one-way functions, design of cryptographic functionalities from noisy and weak sources, construction of key derivation functions, and extracting many private bits even when the adversary knows all except log Ω(1) n of the n bits [251] (see also [250]).…”

Section: A|mentioning

confidence: 99%

Additive Combinatorics: With a View Towards Computer Science and Cryptography—An Exposition

Bibak

2013

Springer Proceedings in Mathematics &Amp; Statistics

View full text Add to dashboard Cite

Recently, additive combinatorics has blossomed into a vibrant area in mathematical sciences. But it seems to be a difficult area to define -perhaps because of a blend of ideas and techniques from several seemingly unrelated contexts which are used there. One might say that additive combinatorics is a branch of mathematics concerning the study of combinatorial properties of algebraic objects, for instance, Abelian groups, rings, or fields. This emerging field has seen tremendous advances over the last few years, and has recently become a focus of attention among both mathematicians and computer scientists. This fascinating area has been enriched by its formidable links to combinatorics, number theory, harmonic analysis, ergodic theory, and some other branches; all deeply cross-fertilize each other, holding great promise for all of them! In this exposition, we attempt to provide an overview of some breakthroughs in this field, together with a number of seminal applications to sundry parts of mathematics and some other disciplines, with emphasis on computer science and cryptography.

show abstract

Non-malleable extractors and symmetric key cryptography from weak secrets

Cited by 112 publications

References 34 publications

Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits

Efficient Non-malleable Codes and Key-Derivation for Poly-size Tampering Circuits

Overcoming Weak Expectations

Additive Combinatorics: With a View Towards Computer Science and Cryptography—An Exposition

Contact Info

Product

Resources

About