TY - UNPB

T1 - Self Masking for Hardering Inversions.

AU - Cyprys, Pawel

AU - Dolev, Shlomi

AU - Moran, Shlomo

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2022/10/9

Y1 - 2022/10/9

N2 - The question whether one way functions (i.e., functions that are easy to compute but hard to invert) exist is arguably one of the central problems in complexity theory, both from theoretical and practical aspects. While proving that such functions exist could be hard, there were quite a few attempts to provide functions which are one way “in practice”, namely, they are easy to compute, but there are no known polynomial time algorithms that compute their (generalized) inverse (or that computing their inverse is as hard as notoriously difficult tasks, like factoring very large integers). In this paper we study a different approach. We present a simple heuristic, called self masking, which converts a given polynomial time computable function f into a self masked version [f], which satisfies the following: for a random input x, [ƒ]−1([ ƒ](x)) = ƒ−1 ƒ(x)) w.h.p., but a part of ƒ(x), which is essential for computing f−1(f(x)) is masked in [f](x). Intuitively, this masking makes it hard to convert an efficient algorithm which computes f−1 to an efficient algorithm which computes [ ƒ]−1, since the masked parts are available in ƒ(x) but not in [ ƒ](x). We apply this technique on variants of the subset sum problem which were studied in the context of one way functions, and obtain functions which, to the best of our knowledge, cannot be inverted in polynomial time by published techniques.

AB - The question whether one way functions (i.e., functions that are easy to compute but hard to invert) exist is arguably one of the central problems in complexity theory, both from theoretical and practical aspects. While proving that such functions exist could be hard, there were quite a few attempts to provide functions which are one way “in practice”, namely, they are easy to compute, but there are no known polynomial time algorithms that compute their (generalized) inverse (or that computing their inverse is as hard as notoriously difficult tasks, like factoring very large integers). In this paper we study a different approach. We present a simple heuristic, called self masking, which converts a given polynomial time computable function f into a self masked version [f], which satisfies the following: for a random input x, [ƒ]−1([ ƒ](x)) = ƒ−1 ƒ(x)) w.h.p., but a part of ƒ(x), which is essential for computing f−1(f(x)) is masked in [f](x). Intuitively, this masking makes it hard to convert an efficient algorithm which computes f−1 to an efficient algorithm which computes [ ƒ]−1, since the masked parts are available in ƒ(x) but not in [ ƒ](x). We apply this technique on variants of the subset sum problem which were studied in the context of one way functions, and obtain functions which, to the best of our knowledge, cannot be inverted in polynomial time by published techniques.

KW - One way functions

KW - Subset sum

KW - Complexity

M3 - Preprint

SP - 1

EP - 11

BT - Self Masking for Hardering Inversions.

ER -