IACR News item: 20 October 2014
Shashank Agrawal, Divya Gupta, Hemanta K. Maji, Omkant Pandey, Manoj Prabhakaran
ePrint ReportInformally, a code is non-malleable if the message contained in a tampered
codeword is either the original message, or a completely unrelated one.
Although existence of such codes for
various rich classes of tampering functions is known, \\emph{explicit} constructions
exist only for ``compartmentalized\'\' tampering functions: \\ie the codeword
is partitioned into {\\em a priori fixed} blocks and each block can {\\em only
be tampered independently}. The prominent examples of this model are the
family of bit-wise independent tampering functions and the split-state
model.
In this paper, for the first time we construct explicit non-malleable codes
against a natural class of non-compartmentalized tampering functions. We
allow the tampering functions to {\\em permute the bits} of the codeword and
(optionally) perturb them by flipping or setting them to 0 or 1. We
construct an explicit, efficient non-malleable code for arbitrarily long
messages in this model (unconditionally).
We give an application of our construction to non-malleable commitments, as
one of the first direct applications of non-malleable codes to
computational cryptography. We show that non-malleable {\\em string} commitments
can be ``entirely based on\'\' non-malleable {\\em bit} commitments. More
precisely, we show that simply encoding a string using our code, and then
committing to each bit of the encoding using a {\\em CCA-secure bit
commitment} scheme results in a non-malleable string commitment scheme. This
reduction is unconditional, does not require any extra properties from the
bit-commitment such as ``tag-based\'\' non-malleability, and works even with
physical implementations (which may not imply standard one-way functions).
Further, even given a partially malleable bit commitment scheme which allows
toggling the committed bit (instantiated, for illustration, using a variant
of the Naor commitment scheme under a non-standard assumption on the PRG
involved), this transformation gives a fully non-malleable string commitment
scheme. This application relies on the non-malleable code being explicit.
Additional news items may be found on the IACR news page.