Non-malleable codes (Dziembowski et al., ICS’10 and J. ACM’18) are a natural relaxation of error correcting/detecting codes with useful applications in cryptography. Informally, a code is non-malleable if an adversary trying to tamper with an encoding of a message can only leave it unchanged or modify it to the encoding of an unrelated value. This paper introduces continuous non-malleability, a generalization of standard non-malleability where the adversary is allowed to tamper continuously with the same encoding. This is in contrast to the standard definition of non-malleable codes, where the adversary can only tamper a single time. The only restriction is that after the first invalid codeword is ever generated, a special self-destruct mechanism is triggered and no further tampering is allowed; this restriction can easily be shown to be necessary. We focus on the split-state model, where an encoding consists of two parts and the tampering functions can be arbitrary as long as they act independently on each part. Our main contributions are outlined below. We show that continuous non-malleability in the split-state model is impossible without relying on computational assumptions. We construct a computationally secure split-state code satisfying continuous non-malleability in the common reference string (CRS) model. Our scheme can be instantiated assuming the existence of collision-resistant hash functions and (doubly enhanced) trapdoor permutations, but we also give concrete instantiations based on standard number-theoretic assumptions. We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks. Previous applications of non-malleable codes in this setting required perfect erasures and the adversary to be restricted in memory. We show that continuously non-malleable codes allow to avoid these restrictions. We show that continuous non-malleability in the split-state model is impossible without relying on computational assumptions. We construct a computationally secure split-state code satisfying continuous non-malleability in the common reference string (CRS) model. Our scheme can be instantiated assuming the existence of collision-resistant hash functions and (doubly enhanced) trapdoor permutations, but we also give concrete instantiations based on standard number-theoretic assumptions. We revisit the application of non-malleable codes to protecting arbitrary cryptographic primitives against related-key attacks. Previous applications of non-malleable codes in this setting required perfect erasures and the adversary to be restricted in memory. We show that continuously non-malleable codes allow to avoid these restrictions.

中文翻译：

---

分裂状态模型中的连续不可延展代码

不可延展代码（Dziembowski 等人，ICS'10 和 J. ACM'18）是纠错/检测代码的自然松弛，在密码学中具有有用的应用。非正式地，如果试图篡改消息编码的对手只能保持不变或将其修改为无关值的编码，则代码是不可延展的。本文介绍了连续非延展性，这是标准非延展性的概括，其中允许对手连续篡改相同的编码。这与不可延展代码的标准定义形成对比，其中对手只能篡改一次。唯一的限制是，在产生第一个无效码字后，会触发特殊的自毁机制，不允许进一步篡改；这种限制很容易被证明是必要的。我们专注于分裂状态模型，其中编码由两部分组成，篡改函数可以是任意的，只要它们独立作用于每个部分即可。我们的主要贡献概述如下。我们表明，在不依赖计算假设的情况下，分裂状态模型中的连续非延展性是不可能的。我们构建了一个计算安全的分裂状态代码，满足公共参考字符串（CRS）模型中的连续不可延展性。假设存在抗碰撞散列函数和（双重增强）陷门排列，我们的方案可以实例化，但我们也基于标准数论假设给出了具体实例。我们重新审视了非延展性代码在保护任意密码原语免受相关密钥攻击方面的应用。以前在此设置中使用不可延展代码需要完美擦除，并且对手在内存中受到限制。我们表明，连续不可延展的代码可以避免这些限制。我们表明，在不依赖计算假设的情况下，分裂状态模型中的连续非延展性是不可能的。我们构建了一个计算安全的分裂状态代码，满足公共参考字符串（CRS）模型中的连续不可延展性。假设存在抗碰撞散列函数和（双重增强）陷门排列，我们的方案可以实例化，但我们也基于标准数论假设给出了具体实例。我们重新审视了非延展性代码在保护任意密码原语免受相关密钥攻击方面的应用。以前在此设置中使用不可延展代码需要完美擦除，并且对手在内存中受到限制。我们表明，连续不可延展的代码可以避免这些限制。