Solving LPN Using Covering Codes

Guo, Qian; Johansson, Thomas; Löndahl, Carl

doi:10.1007/978-3-662-45611-8_1

Cited by 49 publications

(68 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section we present the analysis on the results from ASIACRYPT'14 [3] and EUROCRYPT'16 [4]. We compute complexities and biases following our formulas, and always use the largest pool of codes that we had to have the most favorable results.…”

Section: Chains From [3] and [4]mentioning

confidence: 99%

“…Each reduction step is followed by the indication of the vertex (k, log 2 n). 512,1/8 Here is the chain proposed in [3] (proceedings) with a claimed complexity of 2 79.9 : chain for LPN_{512,0.125} with n=2ˆ66.3000 sparse-(512,66.30) lcomp=79.245 lbc2=-0.830 part (63) Here is the chain presented by [3] (presented at the conference) with a claimed complexity of 2 79.7 : [3,1,r][25,15,W][19,4,rnd150926][19,4,rnd150926][19,6,rnd150926 ] [19,6,rnd150926][19,6,rnd150926][19,6,rnd150926][19,6,rnd150926 ][19,6,rnd150926] Here is the corrected one to reach θ = 33%: Here is the chain we obtain by running our algorithm with precision 0.1, after removing the roundings and adjusting the number of queries: [7,1,r] [7,1,r] [7,1,r] [7,1,r] [7,1,r] [7,1,r] [7,1,r] [7,1,r] [7,1,r ] [7,1,r] …”

Section: Chains From [3] and [4]mentioning

confidence: 99%

See 1 more Smart Citation

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

Bogos

Vaudenay

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Section: Chains From [3] and [4]mentioning

confidence: 99%

Section: Chains From [3] and [4]mentioning

confidence: 99%

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

Bogos

Vaudenay

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…al [21] also introduce a new algorithm, which we denote FMICM, that brings an improvement over BKW. The best algorithm to solve LPN was recently presented at Asiacrypt 2014 [25]. It can be seen as a variant of LF1 where covering codes are introduced as a new method to improve the overall algorithm.…”

Section: Lpn Solving Algorithmsmentioning

confidence: 99%

“…In the domain of machine learning, [23,42] also cryptanalyse the LPN problem. The best algorithm for solving LPN was presented at Asiacrypt 2014 [25]. This new variant of BKW uses covering codes as a novelty.…”

mentioning

confidence: 99%

See 1 more Smart Citation

On solving L P N using B K W and variants

2015

View full text Add to dashboard Cite

The Learning Parity with Noise problem (LPN) is appealing in cryptography as it is considered to remain hard in the post-quantum world. It is also a good candidate for lightweight devices due to its simplicity. In this paper we provide a comprehensive analysis of the existing LPN solving algorithms, both for the general case and for the sparse secret scenario. In practice, the LPN-based cryptographic constructions use as a reference the security parameters proposed by Levieil and Fouque. But, for these parameters, there remains a gap between the theoretical analysis and the practical complexities of the algorithms we consider. The new theoretical analysis in this paper provides tighter bounds on the complexity of LPN solving algorithms and narrows this gap between theory and practice. We show that for a sparse secret there is another algorithm that outperforms BKW and its variants. Following from our results, we further propose practical parameters for different security levels.

show abstract

Tree-Based Ring-LWE Group Key Exchanges with Logarithmic Complexity

Hougaard

Miyaji

2020

Information and Communications Security

View full text Add to dashboard Cite

The rapid proliferation of Radio Frequency Identification (RFID) tags in the past decade has made tremendous impact on our daily lives. As part of Internet of Things (IoT), RFID technology ensures an efficient, secure and reliable system to identify tagged objects in supply chain environment such as manufacturing, automotive and healthcare. Several lightweight authentication solutions have been proposed to satisfy optimal security and privacy features of RFID communication. Hopper-Blum (HB) family of protocols that rely on the hard problem of Learning Parity with Noise (LPN) is a series of lightweight authentication protocol used to identify RFID tags. Our study shows that recent RFID authentication protocols from HB family that mostly focus on two party authentication such as tag-reader authentication, in general, cannot be applied directly to a three party authentication such as tag-reader-server authentication. In contrast to typical RFID authentication system, we consider the channel between the reader and back-end server insecure. We focus HB protocol and its variants and propose a modified protocol where the entire system is authenticated under LPN-based scheme.

show abstract

Solving LPN Using Covering Codes

Cited by 49 publications

References 30 publications

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

On solving L P N using B K W and variants

Tree-Based Ring-LWE Group Key Exchanges with Logarithmic Complexity

Contact Info

Product

Resources

About