Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden.
powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden.
powered by
Abstract
We construct efficient non-malleable codes (NMC) that are (computationally) secure against tampering by functions computable in any fixed polynomial time. Our construction is in the plain (no-CRS) model and requires the assumptions that (1) \(\mathbf {E}\) is hard for \(\mathbf {NP}\) circuits of some exponential \(2^{\beta n}\) (\(\beta >0\)) size (widely used in the derandomization literature), (2) sub-exponential trapdoor permutations exist, and (3) \(\mathbf {P}\)-certificates with sub-exponential soundness exist.
While it is impossible to construct NMC secure against arbitrary polynomial-time tampering (Dziembowski, Pietrzak, Wichs, ICS ’10), the existence of NMC secure against \(O(n^c)\)-time tampering functions (for any fixedc), was shown (Cheraghchi and Guruswami, ITCS ’14) via a probabilistic construction. An explicit construction was given (Faust, Mukherjee, Venturi, Wichs, Eurocrypt ’14) assuming an untamperable CRS with length longer than the runtime of the tampering function. In this work, we show that under computational assumptions, we can bypass these limitations. Specifically, under the assumptions listed above, we obtain non-malleable codes in the plain model against \(O(n^c)\)-time tampering functions (for any fixed c), with codeword length independent of the tampering time bound.
Our new construction of NMC draws a connection with non-interactive non-malleable commitments. In fact, we show that in the NMC setting, it suffices to have a much weaker notion called quasi non-malleable commitments—these are non-interactive, non-malleable commitments in the plain model, in which the adversary runs in \(O(n^c)\)-time, whereas the honest parties may run in longer (polynomial) time. We then construct a 4-tag quasi non-malleable commitment from any sub-exponential OWF and the assumption that \(\mathbf {E}\) is hard for some exponential size \(\mathbf {NP}\)-circuits, and use tag amplification techniques to support an exponential number of tags.
Anzeige
Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.
As we will see, in our setting of non-malleable codes against polynomially-bounded adversaries, our construction requires such derandomization assumptions in any case and so only standard one-way function is required in addition. However, for simplicity we will assume injective one-way function in the remainder of the exposition in this section.
For this exposition, we assume for simplicity that \(\psi '\) can be computed in deterministic time \(2^{\text{ input } \text{ length }}\) and that the injective OWF has linear circuit size. Recall that we do not require injective OWF and that any statistically binding, non-interactive commitment scheme is sufficient, but that for simplicity we assuming injective OWF in this exposition.