This is a paper I’m very excited about with Peter Fenteany, a great undergrad at UConn.

**Abstract**: An obfuscated program reveals nothing about its design other than its input/output behavior. A digital locker is an obfuscated program that outputs a stored cryptographic key if and only if a user enters a previously stored password. A digital locker is private if it provides an adversary with no information with high probability. An ideal digital locker would also prevent an adversary from mauling an obfuscation on one password and key into a new program that obfuscates a related password or key. Such a primitive is achievable in the random oracle model. Komargodski and Yogev (Eurocrypt, 2018) constructed a simpler primitive: a non-malleable point function which is a digital locker with no key.

This work describes the first non-malleable digital locker. This construction is built in two main steps:

- Constructing non-malleable digital lockers for short keys. We present one construction for a single bit key and a second for a logarithmic length keys. These constructions can be safely composed with the same input password. This composed construction is non-malleable with respect to the password. Security relies on variants of the strong and power DDH assumptions.
- An extension to polynomial length keys that additionally provides nonmalleability over the stored key. This extension combines the digital locker for short keys and non-malleable codes, and seed- dependent condensers. Our use of seed-dependent condensers require the password distribution to be efficient sampleable. The seed condenser must be public and random but programmability is not required.

Nonmalleability for the password is ensured for functions that can be represented as low degree polynomials. Key nonmalleability is ensured for the class of functions prevented by the non-malleable code.