Issue 42: Information leak in prss_share_random

Title	Information leak in prss_share_random
Type	bug	Status	unread
Importance	80.0
Superseder		Nosy List	mg, mk, t.toft
Assigned To		Keywords	active-security

Created on 2008-05-27.09:06:42 by mg, last changed 2008-09-23.17:55:23 by mg.

msg108 (view)

Author: mg

Date: 2008-05-27.09:06:42

The multiplication in prss_share_random cannot be a local
multiplication. Tomas writes the following in:

  http://article.gmane.org/gmane.comp.cryptography.viff.devel/241

[...] looking at this lead Mikkel and me to look at prss_share_random
in runtime.py, and there seems to be either a bug (information leak)
/or/ a possibility of optimisation when sharing a bit in Zp.

The problem is the following:

  result = self.open(Share(self, field, share*share),
  threshold=2*self.threshold)

Is the "*" in "share*share" a multiplication protocol or a
multiplication of actual values? If it is actual values, then we
*cannot* simply call it shares and open it, as the polynomial is not
uniformly random (this can also be done with PRSS and no communication).

If on the other hand it is an invoation of the multiplication
protocol, then it is secure but can be optimised with the PRSS version
mentioned above.

History
Date	User	Action	Args
2008-09-23 17:55:23	mg	set	importance: 80.0
2008-09-23 16:15:02	tpj	set	type: bug
2008-05-27 09:06:42	mg	create

Issue42