Self-masking for hardening inversions

IF 0.9 4区计算机科学 Q3 COMPUTER SCIENCE, THEORY & METHODS

Theoretical Computer Science Pub Date : 2025-01-30 DOI:10.1016/j.tcs.2025.115094

Paweł Cyprys , Shlomi Dolev , Shlomo Moran

{"title":"Self-masking for hardening inversions","authors":"Paweł Cyprys , Shlomi Dolev , Shlomo Moran","doi":"10.1016/j.tcs.2025.115094","DOIUrl":null,"url":null,"abstract":"<div><div>The question of whether one-way functions (i.e., functions that are easy to compute but hard to invert) exist is arguably one of the central problems in complexity theory, both from theoretical and practical aspects. While proving that such functions exist could be hard, there were quite a few attempts to provide functions that are one way “in practice”, namely, they are easy to compute, but there are no known polynomial time algorithms that compute their (generalized) inverse (or that computing their inverse is as hard as notoriously difficult tasks, like factoring very large integers).</div><div>In this paper, we introduce the self-masking technique, which converts polynomial time computable functions to functions that are likely to be harder to invert. The technique is first defined for univalent functions (note that one way functions that are univalent are basic ingredients for cryptographic protocols). Informally, a self masked version of a univalent function <em>f</em>, denoted <span><math><mo>[</mo><mi>f</mi><mo>]</mo></math></span>, replaces two <em>masking substrings</em> of <span><math><mi>f</mi><mo>(</mo><mi>x</mi><mo>)</mo></math></span> by their XOR. The masking substrings are <em>critical</em> if <span><math><mo>[</mo><mi>f</mi><mo>]</mo></math></span> remains univalent (w.h.p.). Thus, when the masking substrings are critical, inverting <span><math><mrow><mo>[</mo><mi>f</mi><mo>]</mo></mrow><mo>(</mo><mi>x</mi><mo>)</mo></math></span> is at least as hard as reconstructing the masking substrings from their XOR.</div><div>We apply this technique to functions based on variants of the subset sum problem and obtain functions that resist known techniques for inverting the original, unmasked functions (see, e.g., <span><span>[13]</span></span>). Applications of this technique to other functions, as well as its extension to multivalent functions, are also discussed.</div></div>","PeriodicalId":49438,"journal":{"name":"Theoretical Computer Science","volume":"1032 ","pages":"Article 115094"},"PeriodicalIF":0.9000,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Theoretical Computer Science","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0304397525000325","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The question of whether one-way functions (i.e., functions that are easy to compute but hard to invert) exist is arguably one of the central problems in complexity theory, both from theoretical and practical aspects. While proving that such functions exist could be hard, there were quite a few attempts to provide functions that are one way “in practice”, namely, they are easy to compute, but there are no known polynomial time algorithms that compute their (generalized) inverse (or that computing their inverse is as hard as notoriously difficult tasks, like factoring very large integers).

In this paper, we introduce the self-masking technique, which converts polynomial time computable functions to functions that are likely to be harder to invert. The technique is first defined for univalent functions (note that one way functions that are univalent are basic ingredients for cryptographic protocols). Informally, a self masked version of a univalent function f, denoted

[f]

, replaces two masking substrings of

f (x)

by their XOR. The masking substrings are critical if

[f]

remains univalent (w.h.p.). Thus, when the masking substrings are critical, inverting

[f] (x)

is at least as hard as reconstructing the masking substrings from their XOR.

We apply this technique to functions based on variants of the subset sum problem and obtain functions that resist known techniques for inverting the original, unmasked functions (see, e.g., [13]). Applications of this technique to other functions, as well as its extension to multivalent functions, are also discussed.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Theoretical Computer Science 工程技术-计算机：理论方法

CiteScore

2.60

自引率

18.20%

发文量

471

审稿时长

12.6 months

期刊介绍： Theoretical Computer Science is mathematical and abstract in spirit, but it derives its motivation from practical and everyday computation. Its aim is to understand the nature of computation and, as a consequence of this understanding, provide more efficient methodologies. All papers introducing or studying mathematical, logic and formal concepts and methods are welcome, provided that their motivation is clearly drawn from the field of computing.