Faster Algorithms for Solving LPN

The LPN problem, lying at the core of many cryptographic constructions for lightweight and post-quantum cryptography, receives quite a lot attention recently. The best published algorithm for solving it at Asiacrypt 2014 improved the classical BKW algorithm by using covering codes, which claimed to marginally compromise the 80-bit security of HB variants, LPN-C and Lapin. In this paper, we develop faster algorithms for solving LPN based on an optimal precise embedding of cascaded concrete perfect codes, in a similar framework but with many optimizations. Our algorithm outperforms the previous methods for the proposed parameter choices and distinctly break the 80-bit security bound of the instances suggested in cryptographic schemes like HB$$^+$$+, HB$$^\#$&#, LPN-C and Lapin.

[1]  Serge Vaudenay,et al.  HELEN: A Public-Key Cryptosystem Based on the LPN and the Decisional Minimal Distance Problems , 2013, AFRICACRYPT.

[2]  Martin R. Albrecht,et al.  On the complexity of the BKW algorithm on LWE , 2012, Des. Codes Cryptogr..

[3]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[4]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[5]  D. Bernstein Optimizing linear maps modulo 2 , 2009 .

[6]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[7]  Éric Levieil,et al.  An Improved LPN Algorithm , 2006, SCN.

[8]  Serge Vaudenay,et al.  Faster Correlation Attack on Bluetooth Keystream Generator E0 , 2004, CRYPTO.

[9]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[10]  David Cash,et al.  Efficient Authentication from Hard Learning Problems , 2011, Journal of Cryptology.

[11]  Yannick Seurin,et al.  How to Encrypt with the LPN Problem , 2008, ICALP.

[12]  Serge Vaudenay,et al.  On solving LPN using BKW and variants , 2015, Cryptography and Communications.

[13]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[14]  J. H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[15]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[16]  Yannick Seurin,et al.  HB#: Increasing the Security and Efficiency of HB+ , 2008, EUROCRYPT.

[17]  Shiho Moriai,et al.  Efficient Algorithms for Computing Differential Properties of Addition , 2001, FSE.

[18]  Wilbert C.M. Kallenberg,et al.  Power Approximations to Multinomial Tests of Fit , 1989 .

[19]  Alexander Maximov,et al.  Cryptanalysis of Grain , 2006, FSE.

[20]  Tanja Lange,et al.  Never Trust a Bunny , 2012, RFIDSec.

[21]  Paul Kirchner Improved Generalized Birthday Attack , 2011, IACR Cryptol. ePrint Arch..

[22]  Thomas Johansson,et al.  Solving LPN Using Covering Codes , 2014, ASIACRYPT.

[23]  Christof Paar,et al.  Lapin: An Efficient Authentication Protocol Based on Ring-LPN , 2012, FSE.