Table of Contents
Fetching ...

Leakage-resilient Algebraic Manipulation Detection Codes with Optimal Parameters

Divesh Aggarwal, Tomasz Kazana, Maciej Obremski

TL;DR

Leakage-resilient AMD codes extend standard AMD codes to adversaries with partial leakage about the codeword. The paper derives tight bounds on leakage rate $\rho$ and code rate $\kappa$ for strong and weak variants, showing $2\rho + \kappa < 1$ for strong codes and $\rho + \kappa < 1$ for weak codes, with constructions that achieve these limits asymptotically. It also analyzes the Ideal Cipher Model, where barrier-breaking results allow $\rho$ to be made arbitrarily close to $1$ under certain conditions, illustrating the limits of leakage resilience under different computational models. These results illuminate the design of leakage-tolerant authentication schemes and have implications for applications like robust secret sharing and fuzzy extractors.

Abstract

Algebraic Manipulation Detection (AMD) codes is a cryptographic primitive that was introduced by Cramer, Dodis, Fehr, Padro and Wichs. They are keyless message authentication codes that protect messages against additive tampering by the adversary assuming that the adversary cannot "see" the codeword. For certain applications, it is unreasonable to assume that the adversary computes the added offset without any knowledge of the codeword c. Recently, Ahmadi and Safavi-Naini, and then Lin, Safavi-Naini, and Wang gave a construction of leakage-resilient AMD codes where the adversary has some partial information about the codeword before choosing added offset, and the scheme is secure even conditioned on this partial information. In this paper we establish bounds on the leakage rate r and the code rate k for leakage-resilient AMD codes. In particular we prove that 2r + k < 1 and for the weak case (security is averaged over a uniformly random message) r + k < 1. These bounds hold even if adversary is polynomial-time bounded, as long as we allow leakage function to be arbitrary. We present constructions of AMD codes that (asymptotically) fulfill the above bounds for almost full range of parameters r and k. This shows that the above bounds and constructions are in-fact optimal. In the last section we show that if a leakage function is computationally bounded (we use the Ideal Cipher Model) then it is possible to break these bounds.

Leakage-resilient Algebraic Manipulation Detection Codes with Optimal Parameters

TL;DR

Leakage-resilient AMD codes extend standard AMD codes to adversaries with partial leakage about the codeword. The paper derives tight bounds on leakage rate and code rate for strong and weak variants, showing for strong codes and for weak codes, with constructions that achieve these limits asymptotically. It also analyzes the Ideal Cipher Model, where barrier-breaking results allow to be made arbitrarily close to under certain conditions, illustrating the limits of leakage resilience under different computational models. These results illuminate the design of leakage-tolerant authentication schemes and have implications for applications like robust secret sharing and fuzzy extractors.

Abstract

Algebraic Manipulation Detection (AMD) codes is a cryptographic primitive that was introduced by Cramer, Dodis, Fehr, Padro and Wichs. They are keyless message authentication codes that protect messages against additive tampering by the adversary assuming that the adversary cannot "see" the codeword. For certain applications, it is unreasonable to assume that the adversary computes the added offset without any knowledge of the codeword c. Recently, Ahmadi and Safavi-Naini, and then Lin, Safavi-Naini, and Wang gave a construction of leakage-resilient AMD codes where the adversary has some partial information about the codeword before choosing added offset, and the scheme is secure even conditioned on this partial information. In this paper we establish bounds on the leakage rate r and the code rate k for leakage-resilient AMD codes. In particular we prove that 2r + k < 1 and for the weak case (security is averaged over a uniformly random message) r + k < 1. These bounds hold even if adversary is polynomial-time bounded, as long as we allow leakage function to be arbitrary. We present constructions of AMD codes that (asymptotically) fulfill the above bounds for almost full range of parameters r and k. This shows that the above bounds and constructions are in-fact optimal. In the last section we show that if a leakage function is computationally bounded (we use the Ideal Cipher Model) then it is possible to break these bounds.
Paper Structure (11 sections, 12 theorems, 6 equations)

This paper contains 11 sections, 12 theorems, 6 equations.

Key Result

Lemma 2.1

Given distributions $X$, $Y$ where $|\mathsf{support}(Y)|\leq 2^\lambda$, we have that

Theorems & Definitions (16)

  • Lemma 2.1: DORS08
  • Lemma 2.2
  • Definition 3.1
  • Definition 3.2
  • Definition 3.3
  • Lemma 4.1
  • Lemma 4.2
  • Theorem 4.3
  • Corollary 4.4
  • Theorem 4.5
  • ...and 6 more