TY - GEN

T1 - Single Instance Self–masking via Permutations

T2 - 7th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2023

AU - Cohen, Asaf

AU - Cyprys, Paweł

AU - Dolev, Shlomi

N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2023/1/1

Y1 - 2023/1/1

N2 - Self–masking allows the masking of success criteria, part of a problem instance (such as the sum in a subset-sum instance) that restricts the number of solutions. Self–masking is used to prevent the leakage of helpful information to attackers; while keeping the original solution valid and, at the same time, not increasing the number of unplanned solutions. Self–masking can be achieved by xoring the sums of two (or more) independent subset sum instances [4, 5], and by doing so, eliminate all known attacks that use the value of the sum of the subset to find the subset fast, namely, in a polynomial time; much faster than the naive exponential exhaustive search. We demonstrate that the concept of self–masking can be applied to a single instance of the subset sum and a single instance of the permuted secret-sharing polynomials. We further introduce the benefit of permuting the bits of the success criteria, avoiding leakage of information on the value of the i’th bit of the success criteria, in the case of a single instance, or the parity of the i’th bit of the success criteria in the case of several instances. In the case of several instances, we permute the success criteria bits of each instance prior to xoring them with each other. One basic permutation and its nesting versions (e.g., πi ) are used, keeping the solution space small and at the same time, attempting to create an “all or nothing” effect, where the result of a wrong π trials does not imply much.

AB - Self–masking allows the masking of success criteria, part of a problem instance (such as the sum in a subset-sum instance) that restricts the number of solutions. Self–masking is used to prevent the leakage of helpful information to attackers; while keeping the original solution valid and, at the same time, not increasing the number of unplanned solutions. Self–masking can be achieved by xoring the sums of two (or more) independent subset sum instances [4, 5], and by doing so, eliminate all known attacks that use the value of the sum of the subset to find the subset fast, namely, in a polynomial time; much faster than the naive exponential exhaustive search. We demonstrate that the concept of self–masking can be applied to a single instance of the subset sum and a single instance of the permuted secret-sharing polynomials. We further introduce the benefit of permuting the bits of the success criteria, avoiding leakage of information on the value of the i’th bit of the success criteria, in the case of a single instance, or the parity of the i’th bit of the success criteria in the case of several instances. In the case of several instances, we permute the success criteria bits of each instance prior to xoring them with each other. One basic permutation and its nesting versions (e.g., πi ) are used, keeping the solution space small and at the same time, attempting to create an “all or nothing” effect, where the result of a wrong π trials does not imply much.

UR - http://www.scopus.com/inward/record.url?scp=85164955976&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-34671-2_6

DO - 10.1007/978-3-031-34671-2_6

M3 - Conference contribution

AN - SCOPUS:85164955976

SN - 9783031346705

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 74

EP - 84

BT - Cyber Security, Cryptology, and Machine Learning - 7th International Symposium, CSCML 2023, Proceedings

A2 - Dolev, Shlomi

A2 - Gudes, Ehud

A2 - Paillier, Pascal

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 29 June 2023 through 30 June 2023

ER -