TY - GEN
T1 - Single Instance Self–masking via Permutations
T2 - 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023
AU - Cohen, Asaf
AU - Cyprys, Paweł
AU - Dolev, Shlomi
N1 - Publisher Copyright: © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - Self–masking allows the masking of success criteria, part of a problem instance (such as the sum in a subset-sum instance) that restricts the number of solutions. Self–masking is used to prevent the leakage of helpful information to attackers; while keeping the original solution valid and, at the same time, not increasing the number of unplanned solutions. Self–masking can be achieved by xoring the sums of two (or more) independent subset sum instances [4, 5], and by doing so, eliminate all known attacks that use the value of the sum of the subset to find the subset fast, namely, in a polynomial time; much faster than the naive exponential exhaustive search. We demonstrate that the concept of self–masking can be applied to a single instance of the subset sum and a single instance of the permuted secret-sharing polynomials. We further introduce the benefit of permuting the bits of the success criteria, avoiding leakage of information on the value of the i’th bit of the success criteria, in the case of a single instance, or the parity of the i’th bit of the success criteria in the case of several instances. In the case of several instances, we permute the success criteria bits of each instance prior to xoring them with each other. One basic permutation and its nesting versions (e.g., πi ) are used, keeping the solution space small and at the same time, attempting to create an “all or nothing” effect, where the result of a wrong π trials does not imply much.
AB - Self–masking allows the masking of success criteria, part of a problem instance (such as the sum in a subset-sum instance) that restricts the number of solutions. Self–masking is used to prevent the leakage of helpful information to attackers; while keeping the original solution valid and, at the same time, not increasing the number of unplanned solutions. Self–masking can be achieved by xoring the sums of two (or more) independent subset sum instances [4, 5], and by doing so, eliminate all known attacks that use the value of the sum of the subset to find the subset fast, namely, in a polynomial time; much faster than the naive exponential exhaustive search. We demonstrate that the concept of self–masking can be applied to a single instance of the subset sum and a single instance of the permuted secret-sharing polynomials. We further introduce the benefit of permuting the bits of the success criteria, avoiding leakage of information on the value of the i’th bit of the success criteria, in the case of a single instance, or the parity of the i’th bit of the success criteria in the case of several instances. In the case of several instances, we permute the success criteria bits of each instance prior to xoring them with each other. One basic permutation and its nesting versions (e.g., πi ) are used, keeping the solution space small and at the same time, attempting to create an “all or nothing” effect, where the result of a wrong π trials does not imply much.
UR - http://www.scopus.com/inward/record.url?scp=85164955976&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-031-34671-2_6
DO - https://doi.org/10.1007/978-3-031-34671-2_6
M3 - Conference contribution
SN - 9783031346705
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 74
EP - 84
BT - Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings
A2 - Dolev, Shlomi
A2 - Gudes, Ehud
A2 - Paillier, Pascal
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 29 June 2023 through 30 June 2023
ER -