Abstract
LPN-C is one of the first post-quantum symmetric cipher systems, which security relies on the complexity of solving the LPN problem. The original version of the cipher system is defined over the field of two elements, nevertheless it is naturally generalized to the case of an arbitrary finite ring. Usually such generalization associated with the complication of the algebraic structure of underlain object used for construction of a cipher system increases its security to known attacks, however, as shown below, the LPN-C cipher system over a residue ring modulo 2Nrepresents an exception to this rule. In this article, an attack on the LPN-C cipher system over the residue ring modulo 2Nis proposed. The attack is based on recovering the key by sequential solving N systems of linear equations corrupted by noise over the field of order two. It is shown that the proposed attack is significantly more effective in comparison with traditional attacks of the same type based on direct solving these systems using the generalized BKW algorithm. The obtained results indicate that the residue rings modulo 2N, N≥2, are not expedient for constructing LPN-C cipher systems, since this does not lead to significant increasing the security in comparison with 1N= case.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.