fast data scrambling

jzhardy · Posted: Tue Aug 13, 2024 1:08 pm

hi all,

I have a requirement to write a user exit (in Optim) to scramble data. The options are either COBOL or HLASM.

The target data varies from char 20 though to varchar 4000.

The current solution (using LUA running under Optim) is not viable long term, and not just because of the inefficiently of the interpretive environment.

For a simple example, here are my requirements for a generic "text" column scramble function:

Upper alpha => upper alpha
Lower alpha => lower alpha
Number => number
Other => (not scrambled)

In my solution (below), the pseudo-random element is driven by a hash on record instance id and the contents of the db2 column.

so, with input of (iid = 12345, inText = "Jonathan 1234567 .;#') , I would calculate a hash as: (iid + hash(inText)) mod 256 which becomes a pointer to an array of random bytes.

Looking at what I've coded, it strikes me - and hence my reason for dropping COBOL into this forum - that HLASM could offer a more elegant and efficient solution.

Does anyone have any suggestions or code snippets that could point me in the right direction. Potential for use of SIMD instructions or is that overkill?

here's my first cut solution in COBOL - branchless style. non-portable, obviously.

sergeyken · Posted: Tue Aug 13, 2024 7:48 pm

When using HLASM, there are useful instructions to make characters replacement in the whole string as defined via a translate table:

TR STRING,TRANTAB
(Translate) - replaces characters in a string up to 256 bytes maximum. In case of a longer string the TR instruction needs to be used in a loop.

TRE RSTRING,RTRANTAB
(Translate Extended) - replaces characters in a string up to 2GB maximum.

Before using any of those instruction, you may need to modify a 256-bytes translation table of characters based on your own hash requirements.

This is a general approach which can be used. Coding a real example with hashing etc. may take some time.

jzhardy · Posted: Wed Aug 14, 2024 5:06 am

I did think of using INSPECT..REPLACING to scramble the data, but then I'd be forced to reduce the target range to make it secure from a statistical attack, or possibly repeat that command with different parameters ...

[Much of the data is long varchar. If a repeated token like 'xyz' appears, one might guess a source value of 'the' and be well on the way to decoding the whole string]

So, yes, I could map [A-Z] => [A-M] and that would make it stronger. But then I have the problem that two distinct tokens (words) are more likely to map into a common value. I want a kind of isomorphism in my mapping function, such that (1\) the 'distinct' property is preserved, and (2\) token (word) lengths are preserved.

my solution above does not actually enforce (1\), but does a good enough job.

I should have abstracted the problem into a more general requirement. What I'm really after is a way to parallelize a set of linear functions, for example, with:

L: (x'91', x'81' ,x'BC')
H: (1, 1 , 0)
X: (4 , 3 ,7)

I want a result vector R, such that:
R(i) = L(i) + [H(i) * X(i)]

in the example above i would just get : (x'95',x'84',x'BC')

sergeyken · Posted: Wed Aug 14, 2024 6:45 pm

I hope your scrambling can (or must) be irreversible?

sergeyken · Posted: Wed Aug 14, 2024 6:50 pm

Pedro · Posted: Thu Aug 15, 2024 1:04 am

jzhardy · Posted: Thu Aug 15, 2024 4:43 am

I haven't been able to find the latest version of the POP : SA22-7832-13.

Looking though the version I have (dated Dec 2000) I couldn't find any vector operations that would enable the kind of internal parallelism that I'm looking for.

For the record, I get good performance from my existing solution, so this is perhaps something of an academic exercise.

If someone can drop a working link to SA22-7832-13 I would be very grateful !

sergeyken · Posted: Thu Aug 15, 2024 4:50 am

jzhardy · Posted: Thu Aug 15, 2024 12:27 pm

I managed to find a copy of SA22-7832-13 on www.vm.ibm.com/library/other.html

VMAL(B) comes closest to what I'm looking for. Some overheads in packing the vectors, but i think I can make it work.

I'll post again when I have a good working solution.

sergeyken · Posted: Fri Aug 16, 2024 1:53 am

Usually I am an opponent to any rocket-science-like methods, unless it is really needed (very rarely that happens).

Though I did not receive an answer to any of my questions, I would do it in a much more simple way.

1. Prepare several scrambled lists of possible characters translation rules.

Do it for the first group (e.g. uppercase letters)

jzhardy · Posted: Mon Aug 19, 2024 10:57 am

here's a slightly better solution to what I first posted. 'Better' in the sense that it illustrates where vector operations could be exploited, not in the sense of being particularly good COBOL.

When I get some time later this week I'll get some performance stats, and then compare it with another version that replaces OBF-PARA with a call to an assembler module.