Summer 2015

Non-Malleable Codes in the Split-State Model

Thursday, July 9th, 2015 11:00 am12:00 pm

Add to Calendar

Non-malleable (NM) codes provide a useful and meaningful security guarantee in situations where traditional error-correction (and even error-detection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely unrelated value. Although such codes do not exist if the family of tampering functions F is completely unrestricted, they are known to exist for many broad tampering families F. One such natural family is the family of tampering functions in the so called split-state model. Here the message m is encoded into two shares, and the attacker is allowed to arbitrarily tamper with each share individually.

We give several techniques for building NM codes, focusing on the notion of a *non-malleable reduction*, which allows one to gradually reduce the complexity of the tampering family F until the desired NM code can be built directly. We illustrate this technique by giving several constructions of efficient, multi-bit, information-theoretically-secure NM codes in the split-state model, culminating in the first explicit construction achieving a constant encoding rate.