#### Date of Original Version

9-2013

#### Type

Conference Proceeding

#### Rights Management

© ACM, 2014. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published at http://doi.acm.org/10.1145/2554797.2554814

#### Abstract or Description

Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010), encode messages *s* in a manner so that tampering the codeword causes the decoder to either output *s* or a message that is independent of *s*. While this is an impossible goal to achieve against unrestricted tampering functions, rather surprisingly non-malleable coding becomes possible against every fixed family *F* of tampering functions that is not too large (for instance, when l*F*| ≤ 2^{2αn} for some α < 1 where *n* is the number of bits in a codeword).

In this work, we study the "capacity of non-malleable coding", and establish optimal bounds on the achievable rate as a function of the family size, answering an open problem from Dziembowski et al. (ICS 2010). Specifically,

- We prove that for every family
*F*with l*F*| ≤ 2^{2αn}, there exist non-malleable codes against*F*with rate arbitrarily close to 1 - α (this is achieved w.h.p. by a randomized construction). - We show the existence of families of size exp(;
*n*^{O(1)}2^{αn}) against which there is no non-malleable code of rate 1 - α (in fact this is the case w.h.p for a random family of this size). - We also show that 1 - α is the best achievable rate for the family of functions which are only allowed to tamper the first α
*n*bits of the codeword, which is of special interest. - As a corollary, this implies that the capacity of non-malleable coding in the split-state model (where the tampering function acts independently but arbitrarily on the two halves of the codeword, a model which has received some attention recently) equals 1/2.

We also give an efficient Monte Carlo construction of codes of rate close to 1 with polynomial time encoding and decoding that is non-malleable against any fixed *c* > 0 and family *F* of size 2^{nc}, in particular tampering functions with, say, cubic size circuits.

#### DOI

10.1145/2554797.2554814

#### Published In

Proceedings of the Conference on Innovations in Theoretical Computer Science (ITCS), 2014, 155-168.