**Optimal Computational Split-state Non-malleable Codes**

*Divesh Aggarwal and Shashank Agrawal and Divya Gupta and Hemanta K. Maji and Omkant Pandey and Manoj Prabhakaran*

**Abstract: **Non-malleable codes are a generalization of classical error-correcting codes where the act of ``corrupting'' a codeword is replaced by a ``tampering'' adversary. Non-malleable codes guarantee that the message contained in the tampered codeword is either the original message m, or a completely unrelated one. In the common split-state model, the codeword consists of multiple blocks (or states) and each block is tampered with independently.

The central goal in the split-state model is to construct high rate non-malleable codes against all functions with only two states (which are necessary). Following a series of long and impressive line of work, constant rate, two-state, non-malleable codes against all functions were recently achieved by Aggarwal et al. (STOC 2015). Though constant, the rate of all known constructions in the split state model, is very far from optimal (even with more than two states).

In this work, we consider the question of improving the rate of split-state non-malleable codes. In the ``information theoretic'' setting, it is not possible to go beyond rate 1/2. We therefore focus on the standard computational setting. In this setting, each tampering function is required to be efficiently computable, and the message in the tampered codeword is required to be either the original message m or a ``computationally'' independent one.

In this setting, assuming only the existence of one-way functions, we present a compiler which converts any poor rate, two-state, (sufficiently strong) non-malleable code into a rate 1, two-state, computational non-malleable code. These parameters are asymptotically optimal. Furthermore, for the qualitative optimality of our result, we generalize the result of Cheraghchi and Guruswami (ITCS 2014) to show that the existence of one-way functions is necessary to achieve rate >1/2 for such codes.

Our compiler requires a stronger form of non-malleability, called augmented non-malleability. This notion requires a stronger simulation guarantee for non-malleable codes and simplifies their modular usage in cryptographic settings where composition occurs. Unfortunately, this form of non-malleability is neither straightforward nor generally guaranteed by known results. Nevertheless, we prove this stronger form of non-malleability for the two-state construction of Aggarwal, Dodis, and Lovett (STOC 14). This result is of independent interest.

**Category / Keywords: **Non-malleable Codes, Split State, Explicit Construction, Computational Setting, One-way Functions, Pseudorandom Generators, Authenticated Encryption Schemes, Rate 1

**Original Publication**** (in the same form): **IACR-TCC-2016

**Date: **received 30 Oct 2015

**Contact author: **Divesh Aggarwal at epfl ch, sagrawl2@illinois edu, divyag@cs ucla edu, hemanta maji@gmail com, omkant@gmail com, mmp@illinois edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20190305:125121 (All versions of this report)

**Short URL: **ia.cr/2015/1063

[ Cryptology ePrint archive ]