New Instantiations of the CRYPTO 2017 Masking Schemes

摘要

At CRYPTO 2017, Belaied et al. presented two new private multiplication algorithms over finite fields, to be used in secure masking schemes. To date, these algorithms have the lowest known complexity in terms of bilinear multiplication and random masks respectively, both being linear in the number of shares d+ 1. Yet, a practical drawback of both algorithms is that their safe instantiation relies on finding matrices satisfying certain conditions. In their work, Belaid et al. only address these up to d = 2 and 3 for the first and second algorithm respectively, limiting so far the practical usefulness of their constructions. In this paper, we use in turn an algebraic, heuristic, and experimental approach to find many more safe instances of Belaid et al.'s algorithms. This results in explicit instantiations up to order d = 6 over large fields, and up to d = 4 over practically relevant fields such as F_(28).