Self Masking for Hardering Inversions.

Pawel Cyprys, Shlomi Dolev, Shlomo Moran

Research output: Working paper/PreprintPreprint


The question whether one way functions (i.e., functions that are easy to compute but hard to invert) exist is arguably one of the central problems in complexity theory, both from theoretical and practical aspects. While proving that such functions exist could be hard, there were quite a few attempts to provide functions which are one way “in practice”, namely, they are easy to compute, but there are no known polynomial time algorithms that compute their (generalized) inverse (or that computing their inverse is as hard as notoriously difficult tasks, like factoring very large integers). In this paper we study a different approach. We present a simple heuristic, called self masking, which converts a given polynomial time computable function f into a self masked version [f], which satisfies the following: for a random input x, [ƒ]−1([ ƒ](x)) = ƒ−1 ƒ(x)) w.h.p., but a part of  ƒ(x), which is essential for computing f−1(f(x)) is masked in [f](x). Intuitively, this masking makes it hard to convert an efficient algorithm which computes f−1 to an efficient algorithm which computes [ ƒ]−1, since the masked parts are available in  ƒ(x) but not in [ ƒ](x). We apply this technique on variants of the subset sum problem which were studied in the context of one way functions, and obtain functions which, to the best of our knowledge, cannot be inverted in polynomial time by published techniques.
Original languageEnglish
Number of pages11
StatePublished - 9 Oct 2022


  • One way functions
  • Subset sum
  • Complexity


Dive into the research topics of 'Self Masking for Hardering Inversions.'. Together they form a unique fingerprint.

Cite this