Non-Malleable Functions and Their Applications

نویسندگان

  • Yu Chen
  • Baodong Qin
  • Jiang Zhang
  • Yi Deng
  • Sherman S. M. Chow
چکیده

We formally study “non-malleable functions” (NMFs), a general cryptographic primitive which simplifies and relaxes “non-malleable one-way/hash functions” (NMOWHFs) introduced by Boldyreva et al. (Asiacrypt 2009) and refined by Baecher et al. (CT-RSA 2010). NMFs focus on basic functions, rather than one-way/hash functions considered in the literature of NMOWHFs. We mainly follow Baecher et al. to formalize a game-based definition for NMFs. Roughly, a function f is non-malleable if given an image y∗ ← f(x∗) for a randomly chosen x∗, it is hard to output a mauled image y with a transformation φ from some prefixed transformation class s.t. y = f(φ(x∗)). A distinctive strengthening of our non-malleable notion is that φ such that φ(x∗) = x∗ is allowed. We also consider adaptive non-malleability, which stipulates that non-malleability holds even when an inversion oracle is available. We investigate the relations between non-malleability and one-wayness in depth. In non-adaptive setting, we show that for any achievable transformation class, non-malleability implies one-wayness for poly-to-one functions but not vise versa. In adaptive setting, we show that for most algebra-induced transformation class, adaptive non-malleability (ANM) is equivalent to adaptive one-wayness (AOW) for injective functions. These results establish theoretical connections between non-malleability and one-wayness for functions, which extend to trapdoor functions as well, and thus resolve the open problems left by Kiltz et al. (Eurocrypt 2010). We also study the relations between standard OW/NM and hinted OW/NM, where the latter notions are typically more useful in practice. Towards efficient realizations of NMFs, we give a deterministic construction from adaptive trapdoor functions and a randomized construction from all-but-one lossy functions and one-time signature. This partially solves an open problem posed by Boldyreva et al. (Asiacrypt 2009). Finally, we explore applications of NMFs in security against related-key attacks (RKA). We first show that the implication AOW ⇒ ANM provides key conceptual insight into addressing non-trivial copy attacks in RKA security. We then show that NMFs give rise to a generic construction of continuous non-malleable key derivation functions, which have proven to be very useful in achieving RKA security for numerous cryptographic primitives. Particularly, our construction simplifies and clarifies the construction by Qin et al. (PKC 2015). ∗State Key Laboratory of Information Security (SKLOIS), Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China. & Department of Information Engineering, The Chinese University of Hong Kong, Shatin, N.T., Hong Kong. Email: [email protected] †School of Computer Science and Technology, Southwest University of Science and Technology, Mianyang, China. Email: [email protected] ‡State Key Laboratory of Cryptology, Beijing, China. Email: [email protected] §State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; & State Key Laboratory of Cryptology, Beijing, China. Email: [email protected] ¶Department of Information Engineering, The Chinese University of Hong Kong, Shatin, N.T., Hong Kong. Email: [email protected]

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A new security proof for FMNV continuous non-malleable encoding scheme

A non-malleable code is a variant of an encoding scheme which is resilient to tampering attacks. The main idea behind non-malleable coding is that the adversary should not be able to obtain any valuable information about the message. Non-malleable codes are used in tamper-resilient cryptography and protecting memories against tampering attacks. Many different types of non-malleability have alre...

متن کامل

Non-Malleable Codes with Leakage and Applications to Secure Communication

Non-malleable codes are randomized codes that protect coded messages against modification by functions in a tampering function class. These codes are motivated by providing tamper resilience in applications where a cryptographic secret is stored in a tamperable storage device and the protection goal is to ensure that the adversary cannot benefit from their tamperings with the device. In this pa...

متن کامل

Explicit Non-malleable Codes Resistant to Permutations and Perturbations

A non-malleable code protects messages against various classes of tampering. Informally, a code is non-malleable if the message contained in a tampered codeword is either the original message, or a completely unrelated one. Although existence of such codes for various rich classes of tampering functions is known, explicit constructions exist only for “compartmentalized” tampering functions: i.e...

متن کامل

Locally Decodable and Updatable Non-malleable Codes and Their Applications

Non-malleable codes, introduced as a relaxation of error-correcting codes by Dziembowski, Pietrzak and Wichs (ICS ’10), provide the security guarantee that the message contained in a tampered codeword is either the same as the original message or is set to an unrelated value. Various applications of non-malleable codes have been discovered, and one of the most significant applications among the...

متن کامل

The Non-interactive Equivocable Non-malleable Commitment and its Applications

Under the assumption of the existence of one-way functions, we prove that it is possible to construct the non-interactive equivocable non-malleable commitment scheme. Especially importantly, we succeed in implementing concurrent zero-knowledge using our commitment scheme, analysising properties of this concurrent zero-knowledge proof system, comparing it with the existed concurrent zero-knowled...

متن کامل

Explicit Non-malleable Codes Against Bit-Wise Tampering and Permutations

A non-malleable code protects messages against various classes of tampering. Informally, a code is non-malleable if the message contained in a tampered codeword is either the original message, or a completely unrelated one. Although existence of such codes for various rich classes of tampering functions is known, explicit constructions exist only for “compartmentalized” tampering functions: i.e...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015