Association of Chlamydia trachomatis with Persistence of High-Risk Types of Human Papillomavirus in a Cohort of Female Adolescents

Decoding random linear codes is a well studied problem with many applications in complexity theory and cryptography. The security of almost all coding and LPN/LWE-based schemes relies on the assumption that it is hard to decode random linear codes. Recently, there has been progress in improving the running time of the best decoding algorithms for binary random codes. The ball collision technique of Bernstein, Lange and Peters lowered the complexity of Stern's information set decoding algorithm to 2 0.0556n. Using representations this bound was improved to 2 0.0537n by May, Meurer and Thomae. We show how to further increase the number of representations and propose a new information set decoding algorithm with running time 2 0.0494n .

show abstract

Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$

May

2011

View full text Add to dashboard Cite

Decoding random linear codes is a fundamental problem in complexity theory and lies at the heart of almost all code-based cryptography. The best attacks on the most prominent code-based cryptosystems such as McEliece directly use decoding algorithms for linear codes. The asymptotically best decoding algorithm for random linear codes of length n was for a long time Stern's variant of information-set decoding running in timeÕ 2 0.05563n. Recently, Bernstein, Lange and Peters proposed a new technique called Ball-collision decoding which offers a speed-up over Stern's algorithm by improving the running time toÕ 2 0.05558n. In this paper, we present a new algorithm for decoding linear codes that is inspired by a representation technique due to Howgrave-Graham and Joux in the context of subset sum algorithms. Our decoding algorithm offers a rigorous complexity analysis for random linear codes and brings the time complexity down toÕ 2 0.05363n .

show abstract

Correcting Errors in RSA Private Keys

2010

View full text Add to dashboard Cite

Abstract. Let pk = (N , e) be an RSA public key with corresponding secret key sk = (p, q, d , dp , dq , q −1 p ). Assume that we obtain partial error-free information of sk, e.g., assume that we obtain half of the most significant bits of p. Then there are well-known algorithms to recover the full secret key. As opposed to these algorithms that allow for correcting erasures of the key sk, we present for the first time a heuristic probabilistic algorithm that is capable of correcting errors in sk provided that e is small. That is, on input of a full but error-prone secret key sk we reconstruct the original sk by correcting the faults.More precisely, consider an error rate of δ ∈ [0,), where we flip each bit in sk with probability δ resulting in an erroneous key sk. Our Las-Vegas type algorithm allows to recover sk from sk in expected time polynomial in log N with success probability close to 1, provided that δ < 0.237. We also obtain a polynomial time Las-Vegas factorization algorithm for recovering the factorization (p, q) from an erroneous version with error rate δ < 0.084.

show abstract

Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint

May

Ritzenhofen

2009

119

View full text Add to dashboard Cite

Abstract. We address the problem of polynomial time factoring RSA moduli N1 = p1q1 with the help of an oracle. As opposed to other approaches that require an oracle that explicitly outputs bits of p1, we use an oracle that gives only implicit information about p1. Namely, our oracle outputs a different N2 = p2q2 such that p1 and p2 share the t least significant bits. Surprisingly, this implicit information is already sufficient to efficiently factor N1, N2 provided that t is large enough. We then generalize this approach to more than one oracle query.

show abstract

On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes

2015

View full text Add to dashboard Cite

We propose a new decoding algorithm for random binary linear codes. The so-called information set decoding algorithm of Prange (1962) achieves worst-case complexity 2 0.121n . In the late 80s, Stern proposed a sort-and-match version for Prange's algorithm, on which all variants of the currently best known decoding algorithms are build. The fastest algorithm of Becker, Joux, May and Meurer (2012) achieves running time 2 0.102n in the full distance decoding setting and 2 0.0494n with half (bounded) distance decoding. In this work we point out that the sort-and-match routine in Stern's algorithm is carried out in a non-optimal way, since the matching is done in a two step manner to realize an approximate matching up to a small number of error coordinates. Our observation is that such an approximate matching can be done by a variant of the so-called High Dimensional Nearest Neighbor Problem. Namely, out of two lists with entries from F m 2 we have to find a pair with closest Hamming distance. We develop a new algorithm for this problem with sub-quadratic complexity which might be of independent interest in other contexts. Using our algorithm for full distance decoding improves Stern's complexity from 2 0.117n to 2 0.114n . Since the techniques of Becker et al apply for our algorithm as well, we eventually obtain the fastest decoding algorithm for binary linear codes with complexity 2 0.097n . In the half distance decoding scenario, we obtain a complexity of 2 0.0473n .

show abstract

Partial Key Exposure Attacks on RSA up to Full Size Exponents

Ernst

Jochemsz

May

et al. 2005

View full text Add to dashboard Cite

show abstract

Grover Meets Simon – Quantumly Attacking the FX-construction

Leander

May

2017

104

View full text Add to dashboard Cite

A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants

Jochemsz

May

2006

118

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Alexander May

Decoding Random Binary Linear Codes in 2 n/20: How 1 + 1 = 0 Improves Information Set Decoding

Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$

Correcting Errors in RSA Private Keys

Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint

On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes

Partial Key Exposure Attacks on RSA up to Full Size Exponents

Grover Meets Simon – Quantumly Attacking the FX-construction

A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants

Contact Info

Product

Resources

About