A New Algorithm for Solving Ring-LPN With a Reducible Polynomial

Guo, Qian; Johansson, Thomas; Löndahl, Carl

doi:10.1109/tit.2015.2475738

Cited by 12 publications

(11 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The discrepancy comes from the worst-case analysis of the reduction phase where we say that at each reduction step we discard 2 b queries. With this reasoning, we predict to lose 2 24 queries. If we analyse more closely, we discover 24 .…”

Section: Remarkmentioning

confidence: 93%

“…With this reasoning, we predict to lose 2 24 queries. If we analyse more closely, we discover 24 . We are left with 2 14.45 , queries which are sufficient for the solving phase.…”

Section: Remarkmentioning

confidence: 93%

“…In terms of variants of LPN, we have Ring-LPN [26] and Subspace LPN [32]. As an application for Ring-LPN we have the Lapin authentication protocol [26] and its cryptanalysis in [6,24].…”

mentioning

confidence: 99%

See 2 more Smart Citations

On solving L P N using B K W and variants

2015

View full text Add to dashboard Cite

The Learning Parity with Noise problem (LPN) is appealing in cryptography as it is considered to remain hard in the post-quantum world. It is also a good candidate for lightweight devices due to its simplicity. In this paper we provide a comprehensive analysis of the existing LPN solving algorithms, both for the general case and for the sparse secret scenario. In practice, the LPN-based cryptographic constructions use as a reference the security parameters proposed by Levieil and Fouque. But, for these parameters, there remains a gap between the theoretical analysis and the practical complexities of the algorithms we consider. The new theoretical analysis in this paper provides tighter bounds on the complexity of LPN solving algorithms and narrows this gap between theory and practice. We show that for a sparse secret there is another algorithm that outperforms BKW and its variants. Following from our results, we further propose practical parameters for different security levels.

show abstract

Section: Remarkmentioning

confidence: 93%

“…With this reasoning, we predict to lose 2 24 queries. If we analyse more closely, we discover 24 . We are left with 2 14.45 , queries which are sufficient for the solving phase.…”

Section: Remarkmentioning

confidence: 93%

See 1 more Smart Citation

On solving L P N using B K W and variants

2015

View full text Add to dashboard Cite

show abstract

“…We show the experimental results in this part, using a [46,24] linear code that is a concatenation of two binary [23,12] Golay codes 17 for the subspace hypothesis testing procedure.…”

Section: Methodsmentioning

confidence: 99%

Solving LPN Using Covering Codes

2019

Self Cite

View full text Add to dashboard Cite

We present a new algorithm for solving the LPN problem. The algorithm has a similar form as some previous methods, but includes a new key step that makes use of approximations of random words to a nearest codeword in a linear code. It outperforms previous methods for many parameter choices. In particular, we can now solve the (512, 1 8) LPN instance with complexity less than 2 80 operations in expectation, indicating that cryptographic schemes like HB variants and LPN-C should increase their parameter size for 80-bit security.

show abstract

“…where ε PSSI + is the bound on the successful probability that the PPT adversary solves the PSSI + problem. (1) To avoid attacks [31,[37][38][39] and according to [28], m and n must be two different primes, and…”

Section: Proof Of Securitymentioning

confidence: 99%

An improved Durandal signature scheme

Song

Huang

et al. 2020

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Constructing secure and effective code-based signature schemes has been an open problem. In this paper, we efficiently reduce the key size of the Durandal signature scheme introduced by Aragon et al. (EUROCRYPT 2019). We prove that the improved scheme is EUF-CMA secure by reducing its security to the advanced product spaces subspaces indistinguishability (PSSI +) problem, the decisional rank syndrome decoding (DRSD) problem, and the affine rank syndrome decoding (ARSD) problem under the random oracle model. Furthermore, our signature scheme is more secure than the Durandal scheme because recovering key attacks are equivalent to solving the rank syndrome decoding (RSD) problem, instead of the rank support learning (RSL) problem in the original Durandal scheme. Our signature scheme takes less time to generate a signature owing to the fact that our signature scheme enjoys smaller security parameters in comparison to the Duradual scheme. We compare the new scheme with existing code-based signature schemes and find that our signature scheme has advantages in terms of the public key size.

show abstract

A New Algorithm for Solving Ring-LPN With a Reducible Polynomial

Cited by 12 publications

References 26 publications

On solving L P N using B K W and variants

On solving L P N using B K W and variants

Solving LPN Using Covering Codes

An improved Durandal signature scheme

Contact Info

Product

Resources

About