Application of sequential method for constructing a statistical attack on the LPN-C cipher system over residue ring modulo 2N

Abstract

LPN-C is one of the first post-quantum symmetric cipher systems, which security relies on the complexity of solving the LPN problem. The original version of the cipher system is defined over the field of two elements, nevertheless it is naturally generalized to the case of an arbitrary finite ring. Usually such generalization associated with the complication of the algebraic structure of underlain object used for construction of a cipher system increases its security to known attacks, however, as shown below, the LPN-C cipher system over a residue ring modulo 2Nrepresents an exception to this rule. In this article, an attack on the LPN-C cipher system over the residue ring modulo 2Nis proposed. The attack is based on recovering the key by sequential solving N systems of linear equations corrupted by noise over the field of order two. It is shown that the proposed attack is significantly more effective in comparison with traditional attacks of the same type based on direct solving these systems using the generalized BKW algorithm. The obtained results indicate that the residue rings modulo 2N, N≥2, are not expedient for constructing LPN-C cipher systems, since this does not lead to significant increasing the security in comparison with 1N= case.