Constant-rate Non-malleable Codes in the Split-state Model

Dziembowski, Pietrzak, and Wichs (ICS–2010) introduced the notion of non-malleable codes as a useful message integrity assurance for scenarios where error-correction or, even, errordetection is impossible. Intuitively, a non-malleable code ensures that the tampered codeword encodes the original message or a message that is entirely independent of the original message. However, if the family of tampering functions is sophisticated enough to include the decoding algorithm itself, then such codes are impossible. Motivated by several applications like non-malleable secret sharing schemes, one of the fundamental research directions in the field of non-malleable code construction considers encoding the message into k separate states, where k > 2, such that each state is tampered independently by an arbitrary function. The decoding procedure in this k-split-state model, on the other hand, relies on aggregating the information stored across all the k states. The general goal is to reduce the number of states k, thus, protecting from stronger tampering functions, and, simultaneously, achieve high encoding rate, i.e., the ratio of the message-length to the cumulative size of all the k encoded states. The ideal result for this line of inquiry will be a 2-split-state non-malleable code with rate (close to) 1/2, the upper-bound to maximum achievable rate. The current state-of-the-art construction, following a sequence of highly influential works guided by this goal, achieves rate 1/ log ` (Li, STOC–2017), where ` is the length of the encoded message. Our work contributes to this research effort by constructing the first constant-rate (≈ 1/3) non-malleable code in the 3-split-state model, which is only half of the upper-bound on the maximal achievable rate in this model. The primary technical contribution of our work is a general bootstrapping technique to construct non-malleable codes that achieve high rate by leveraging a unique characteristic of the (rate-0) non-malleable code for 2-states provided by Aggarwal, Dodis, and Lovett (STOC–2014) in conjunction with an additional state. We also study the construction of non-malleable codes in the streaming version of the ksplit-state model, i.e., the tampering function of each state encounters the state as a stream, and it tampers each bit of the state based only on the part of the state seen thus far. We show that similar to the general k-split-state model, the maximum achievable rate of a non-malleable code is at most 1 − 1/k in the streaming version as well. We construct the first constant-rate (≈ 1/3) non-malleable code in the 2-split-state streaming model, which is only a factor-(3/2) smaller than the upper-bound on the maximum rate. ∗Microsoft Research, Bangalore, India. [email protected] †Department of Computer Science, Purdue University. [email protected]. ‡The research effort is supported in part by an NSF CRII Award CNS–1566499, an NSF SMALL Award CNS– 1618822, and an REU CNS–1724673. The research effort is supported in part by a Purdue Research Foundation grant. ¶Department of Computer Science, Purdue University. [email protected].