Abstract
We present a new algorithm for solving the LPN problem. The algorithm has a similar form as some previous methods, but includes a new key step that makes use of approximations of random words to a nearest codeword in a linear code. It outperforms previous methods for many parameter choices. In particular, we can now solve the (512,frac{1}{8}) LPN instance with complexity less than 2^{80} operations in expectation, indicating that cryptographic schemes like HB variants and LPN-C should increase their parameter size for 80-bit security.
Highlights
In recent years of modern cryptography, much effort has been devoted to finding efficient and secure low-cost cryptographic primitives targeting applications in very constrained hardware environments
We have an Learning Parity with Noise (LPN) oracle denoted ΠLPN that returns pairs of the form (g, x, g + e), where x is an unknown but fixed binary vector, g is a binary vector with the same length but sampled from a uniform distribution, e is from a Bernoulli distribution, and x, g denotes the scalar product of vectors x and g
We propose a new algorithm for solving the LPN problem based on [4,25]
Summary
In recent years of modern cryptography, much effort has been devoted to finding efficient and secure low-cost cryptographic primitives targeting applications in very constrained hardware environments (such as RFID tags and low-power devices). Many proposals rely on the hardness assumption of Learning Parity with Noise (LPN), a fundamental problem in learning theory, which recently has gained a lot of attention within the cryptographic society. The inherent properties of LPN make it ideal for lightweight cryptography. The LPN problem can be informally stated as follows. We have an LPN oracle denoted ΠLPN that returns pairs of the form (g, x, g + e), where x is an unknown but fixed binary vector, g is a binary vector with the same length but sampled from a uniform distribution, e is from a Bernoulli distribution, and x, g denotes the scalar product of vectors x and g. The (search) LPN problem is to find the secret vector x given a fixed number of samples (oracle queries) from ΠLPN
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
