Date of Original Version



Conference Proceeding

Rights Management

© ACM, 2014. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published at

Abstract or Description

Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010), encode messages s in a manner so that tampering the codeword causes the decoder to either output s or a message that is independent of s. While this is an impossible goal to achieve against unrestricted tampering functions, rather surprisingly non-malleable coding becomes possible against every fixed family F of tampering functions that is not too large (for instance, when lF| ≤ 22αn for some α < 1 where n is the number of bits in a codeword).

In this work, we study the "capacity of non-malleable coding", and establish optimal bounds on the achievable rate as a function of the family size, answering an open problem from Dziembowski et al. (ICS 2010). Specifically,

  • We prove that for every family F with lF| ≤ 22αn, there exist non-malleable codes against F with rate arbitrarily close to 1 - α (this is achieved w.h.p. by a randomized construction).
  • We show the existence of families of size exp(;nO(1) 2αn) against which there is no non-malleable code of rate 1 - α (in fact this is the case w.h.p for a random family of this size).
  • We also show that 1 - α is the best achievable rate for the family of functions which are only allowed to tamper the first αn bits of the codeword, which is of special interest.
  • As a corollary, this implies that the capacity of non-malleable coding in the split-state model (where the tampering function acts independently but arbitrarily on the two halves of the codeword, a model which has received some attention recently) equals 1/2.

We also give an efficient Monte Carlo construction of codes of rate close to 1 with polynomial time encoding and decoding that is non-malleable against any fixed c > 0 and family F of size 2nc, in particular tampering functions with, say, cubic size circuits.





Published In

Proceedings of the Conference on Innovations in Theoretical Computer Science (ITCS), 2014, 155-168.