1

Lets say I have $n+1$ integers $x, x+1, x+2, ..., x+n$ which are unsigned. If I apply a hidden permutation $\sigma$ to the bits (right to left) of each respective number I have $x_0', x_1', x_2'$. ($x=\sum_{i} b_i * 2^i, x_0'=\sum_{i} b_{\sigma(i)} * 2^i, ...$)

I know I can get find $x$ as I know $\sigma$ and thus $\sigma^{-1}$. Is it possible for an attacker to calculate find $x$ or $\sigma$ or $x+n+1$?

For example if I give you 5 integers in 8.

01100100
11100100
00100110
10100110
01100110

Can you derive that $\sigma = (1\ 8\ 5) (2\ 7\ 4\ 3)$ or $x=42$?

My current rough thinking is that you can tell whether $x$ is divisible by two in the first two results by whether one bit turns on or two bits turn off and a new one turns on. Then to find whether divisible by $2^n$ you would need $2^n$ numbers (as the bit change for $2^n$ happens only after all the previous cases?) therefore you would need $2^{n-1}$ previous integers to find $x$ (and thus you could then find $\sigma$ and then $x+n+1$)?

Bonus: what would happen if I now told you I applied an bijective function $f(x)$ (but didn't tell you the definition of $f$) before I applied $\sigma$. Is it possible to find $x$ then?

Ben
  • 113
  • 4

1 Answers1

2

Let the LSB position be position $1.$ Let the binary strings given be $f$ bits long. Recall that the set $A=\{x,x+1,\ldots,x+n\}$ has $n+1$ elements.

Position $1$ is the only position which has the pattern (vertically down the list) $01$ infinitely repeating so it is either $101010\cdots$ or $010101\cdots$

Position $2$ is the only position which has the pattern (vertically down the list) $0011$ infinitely repeating so it is some shift (of $4$ distinct shifts) of this pattern

Generally, position $k$ is the only position which has the pattern (vertically down the list) $$\underbrace{00\cdots 0}_{2^{k-1}}\underbrace{11\cdots 1}_{2^{k-1}}$$ so that column shows some shift (of $2^k$ distinct shifts) of this pattern.

Therefore these columns can be identified independently by identifying the vertical phase of each pattern above.

Since one must be able to determine the phase of the $f^{th}$ bit read vertically, one needs $2^{f-1}\leq \#A=n+1.$ Also, $x+n\leq 2^f-1,$ must hold for the full bit representation to be possible for the largest number in the set $A.$

kodlu
  • 25,146
  • 2
  • 30
  • 63