**Non-malleable Reductions and Applications**

*Divesh Aggarwal and Yevgeniy Dodis and Tomasz Kazana and Maciej Obremski*

**Abstract: **Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs [DPW10], provide a useful message integrity guarantee in situations where traditional error-correction (and even error-detection) is impossible; for example, when the attacker can completely overwrite the encoded message. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message, or a completely "unrelated value". Although such codes do not exist if the family of ``tampering functions'' F allowed to modify the original codeword is completely unrestricted, they are known to exist for many broad tampering families F.
The family which received the most attention [DPW10,LL12,DKO13,ADL14,CG14a,CG14b] is the family of tampering functions in the so called (2-part) *split-state* model: here the message x is encoded into two shares L and R, and the attacker is allowed to arbitrarily tamper with each L and R *individually*.
Despite this attention, the following problem remained open:

*** Build efficient, information-theoretically secure non-malleable codes in the split-state model with constant encoding rate: |L|=|R|=O(|x|). ***

In this work, we resolve this open problem. Our technique for getting our main result is of independent interest. We (a) develop a generalization of non-malleable codes, called *non-malleable reductions*; (b) show simple composition theorem for non-malleable reductions; (c) build a variety of such reductions connecting various (independently interesting) tampering families F to each other; (d) construct several new non-malleable codes in the split-state model by applying the composition theorem to a series of easy to understand reductions.

Most importantly, we show several "independence amplification" reductions, showing how to reduce split-state tampering of very few parts to an easier question of split-state tampering with a much larger number of parts. In particular, our final, constant-rate, non-malleable code composes one of these reductions with the very recent, "9-split-state" code of Chattopadhyay and Zuckerman [CZ14].

**Category / Keywords: **applications / Non malleable codes, tampering-resilient cryptography

**Date: **received 10 Oct 2014, last revised 17 Sep 2015

**Contact author: **divesh aggarwal at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20150918:055007 (All versions of this report)

**Short URL: **ia.cr/2014/821

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]