Search citation statements
Paper Sections
Select...
1
1
1
Citation Types
0
3
0
Year Published
2014
2023
Publication Types
Select...
3
3
Relationship
0
6
Authors
Journals
Cited by 10 publications
(3 citation statements)
References 34 publications
0
3
0
“…
Remark 2 In a special case when , , the LPN problem considered in Theorem 1 is a specific incarnation of the LPN problem with a certain structure, which implies that instead of using a generic approach for solving the LPN problem, a technique known as the fast correlation attack (FCA) (see, for example [31]). On the other hand, even if the FCA‐based approach is employed, again its complexity heavily depends on the parameter .
Section: Computational Complexity Security Evaluationmentioning
confidence: 99%
“…
Remark 2 In a special case when , , the LPN problem considered in Theorem 1 is a specific incarnation of the LPN problem with a certain structure, which implies that instead of using a generic approach for solving the LPN problem, a technique known as the fast correlation attack (FCA) (see, for example [31]). On the other hand, even if the FCA‐based approach is employed, again its complexity heavily depends on the parameter .
Section: Computational Complexity Security Evaluationmentioning
confidence: 99%
“…This implies that the set of all sequences obtained by filtering by F the LFSR defined by α corresponds to the sequences generated by filtering by G(x) = F (x r ) the LFSR defined by β = α k where rk ≡ 1 mod (2 n − 1). From now on, this equivalence between filter generators will be named monomial equivalence 1 . It follows that there exist Φ(2 n −1) n monomial transformations which are not linearly equivalent and nevertheless provide equivalent filtering LFSR, where Φ is the Euler's totient function.…”
Section: Monomial Equivalence Between Filtered Lfsrmentioning
confidence: 99%
“…In other words, if α k belongs to a subfield F 2 m of F 2 n , then the fast correlation attack consists in decoding a linear code of dimension m, instead of a code of dimension n. This may enable the attacker to recover log 2 (τ k ) bits of the initial state with a lower complexity than the fast correlation attack involving the original LFSR of length n. The optimal situation which maximizes the number of bits recovered by the attacker for a given complexity is then when τ k = 2 m − 1 for some divisor m of n, i.e., when k is such that gcd(k, 2 n −1) = (2 n −1)/(2 m −1). Several decoding algorithms have been proposed in this context [32,21,6,7,22,33,8] which offer different trade-offs between the dimension of the code and the error probability (see [1] for a recent survey). Example 1.…”
Section: Fast Correlation Attack When H Is Linearmentioning
confidence: 99%
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
