 Hello everybody, my name is Elena Micheli and today I am going to present continuously nomalable codes against bounded depth tampering. This is a joint work with Jaluca Briand, Sebastian Faust and Daniel Eventul. So let's start by introducing what nomalable codes are. A nomalable code is a coding scheme, which means that it's a couple of algorithms encode and decode that are public and keyless. The first property that we require is called correctness, which means that for every message, when we encode it to get a codeword C and then we decode C, we should get the original message. The second property is called fNomalability, there we require that if an attacker chooses a tampering function f from the predefined set f and then is allowed to observe the message corresponding to the evaluation of f over the codeword C, then the stamped message should be either equal to the original one or independent of it or tampering should be detected, meaning that the coding algorithm should return a special symbol bot. Of course, we would like to prove fNomalability for families as large as possible. Unfortunately, this was proven to be impossible and in particular it's impossible to have a nomalable code against arbitrary probabilistic polynomial time functions. Therefore, it's interesting to understand for which families one can have nomalability and under which assumptions. A natural generalization of nomalable codes is given by continuous nomalable codes. In this case, the attacker is allowed to specify a polynomial amount of tampering functions and observe the resulting messages. This selection can be done adaptively based on the outcome of the former tampering attempts and here we will assume that the experiment performs a self-destruction mechanism, meaning that as soon as tampering is detected once, then all the following tampering attempts will be answered with both, independently on the actual outcome. When considering continuous nomalability, we have two variants. The first one is that of non-persistent tampering. Here, every tampering function is always applied to the original codeword. The second one is that of continuous persistent tampering. Here, instead, each tampering function is applied to the outcome of the former tampering attempt. When referring to the classic notion of nomalability, we will often use the term one-time nomalability and it's not hard to prove that in general this does not imply continuous nomalability. This gap is even more evident when one looks at the state of the art of f-nomalable codes. Recently, research has focused a lot on the case of granular tampering, where each tampering function divides the codeword in predefined blocks and tamper with each of these blocks independently. In this case, a lot of interesting one-time constructions are available and many of them were already extended to the continuous setting. When one moves to the more general case of global tampering, a lot of interesting constructions are available in the one-time scenario. On the other hand, when one considers continuous nomalability, not many of these constructions were extended. Our work aims to close this gap by investigating the possibility of continuous nomalable codes for large global tampering families, such as local functions, AC0 functions and bounded functions. In particular, our first contribution is an impossibility result for continuous non-persistent nomalable codes against a large amount of global tampering families. This includes AC0, local functions, even with very small locality and bounded functions. Therefore, we move to the persistent setting and there we provide the first construction of a continuous persistent nomalable code against decision tree tampering. Why decision tree tampering? Because decision trees generalize local functions. As for parameters, we get locality o of n to the power of 1 over 8, where n is the codeword length, and as for the assumptions, we assume only the existence of one-way functions. Next, we also provide a construction for bounded depth tampering. This proof is in the CRS model and the main building blocks are time block puzzles and simulation extractable succinct zero knowledge proofs. This is the end of my talk. I thank the audience for their attention.