{"title":"从输出中恢复整数多项式及其在安全排序协议密码分析中的应用","authors":"S. Vivek, Shyam Murthy, D. Kumaraswamy","doi":"10.1515/jmc-2021-0054","DOIUrl":null,"url":null,"abstract":"Abstract We investigate the problem of recovering integer inputs (up to an affine scaling) when given only the integer monotonic polynomial outputs. Given n n integer outputs of a degree- d d integer monotonic polynomial whose coefficients and inputs are integers within known bounds and n ≫ d n\\gg d , we give an algorithm to recover the polynomial and the integer inputs (up to an affine scaling). A heuristic expected time complexity analysis of our method shows that it is exponential in the size of the degree of the polynomial but polynomial in the size of the polynomial coefficients. We conduct experiments with real-world data as well as randomly chosen parameters and demonstrate the effectiveness of our algorithm over a wide range of parameters. Using only the polynomial evaluations at specific integer points, the apparent hardness of recovering the input data served as the basis of security of a recent protocol proposed by Kesarwani et al. for secure k k -nearest neighbor computation on encrypted data that involved secure sorting. The protocol uses the outputs of randomly chosen monotonic integer polynomial to hide its inputs except to only reveal the ordering of input data. By using our integer polynomial recovery algorithm, we show that we can recover the polynomial and the inputs within a few seconds, thereby demonstrating an attack on the protocol of Kesarwani et al.","PeriodicalId":43866,"journal":{"name":"Journal of Mathematical Cryptology","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Integer polynomial recovery from outputs and its application to cryptanalysis of a protocol for secure sorting\",\"authors\":\"S. Vivek, Shyam Murthy, D. Kumaraswamy\",\"doi\":\"10.1515/jmc-2021-0054\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract We investigate the problem of recovering integer inputs (up to an affine scaling) when given only the integer monotonic polynomial outputs. Given n n integer outputs of a degree- d d integer monotonic polynomial whose coefficients and inputs are integers within known bounds and n ≫ d n\\\\gg d , we give an algorithm to recover the polynomial and the integer inputs (up to an affine scaling). A heuristic expected time complexity analysis of our method shows that it is exponential in the size of the degree of the polynomial but polynomial in the size of the polynomial coefficients. We conduct experiments with real-world data as well as randomly chosen parameters and demonstrate the effectiveness of our algorithm over a wide range of parameters. Using only the polynomial evaluations at specific integer points, the apparent hardness of recovering the input data served as the basis of security of a recent protocol proposed by Kesarwani et al. for secure k k -nearest neighbor computation on encrypted data that involved secure sorting. The protocol uses the outputs of randomly chosen monotonic integer polynomial to hide its inputs except to only reveal the ordering of input data. By using our integer polynomial recovery algorithm, we show that we can recover the polynomial and the inputs within a few seconds, thereby demonstrating an attack on the protocol of Kesarwani et al.\",\"PeriodicalId\":43866,\"journal\":{\"name\":\"Journal of Mathematical Cryptology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2022-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Mathematical Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1515/jmc-2021-0054\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Mathematical Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1515/jmc-2021-0054","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
摘要
摘要我们研究了当只给定整数单调多项式输出时,恢复整数输入(直到仿射标度)的问题。给定一个系数和输入都是已知界内整数的次数-d d整数单调多项式的n n个整数输出和n \ d n\gg d,我们给出了一个恢复多项式和整数输入(直到仿射缩放)的算法。我们的方法的启发式期望时间复杂性分析表明,它在多项式的次数大小上是指数的,但在多项式系数的大小上是多项式的。我们用真实世界的数据以及随机选择的参数进行了实验,并在广泛的参数范围内证明了我们算法的有效性。仅使用特定整数点上的多项式评估,恢复输入数据的表观硬度是Kesarwani等人最近提出的一个协议的安全性基础。该协议用于对涉及安全排序的加密数据进行安全的k k-最近邻计算。该协议使用随机选择的单调整数多项式的输出来隐藏其输入,除了只显示输入数据的顺序。通过使用我们的整数多项式恢复算法,我们证明了我们可以在几秒内恢复多项式和输入,从而证明了对Kesarwani等人的协议的攻击。
Integer polynomial recovery from outputs and its application to cryptanalysis of a protocol for secure sorting
Abstract We investigate the problem of recovering integer inputs (up to an affine scaling) when given only the integer monotonic polynomial outputs. Given n n integer outputs of a degree- d d integer monotonic polynomial whose coefficients and inputs are integers within known bounds and n ≫ d n\gg d , we give an algorithm to recover the polynomial and the integer inputs (up to an affine scaling). A heuristic expected time complexity analysis of our method shows that it is exponential in the size of the degree of the polynomial but polynomial in the size of the polynomial coefficients. We conduct experiments with real-world data as well as randomly chosen parameters and demonstrate the effectiveness of our algorithm over a wide range of parameters. Using only the polynomial evaluations at specific integer points, the apparent hardness of recovering the input data served as the basis of security of a recent protocol proposed by Kesarwani et al. for secure k k -nearest neighbor computation on encrypted data that involved secure sorting. The protocol uses the outputs of randomly chosen monotonic integer polynomial to hide its inputs except to only reveal the ordering of input data. By using our integer polynomial recovery algorithm, we show that we can recover the polynomial and the inputs within a few seconds, thereby demonstrating an attack on the protocol of Kesarwani et al.