An Algorithm for Solving the LPN Problem and Its Application to Security Evaluation of the HB Protocols for RFID Authentication
An algorithm for solving the “learning parity with noise” (LPN) problem is proposed and analyzed. The algorithm originates from the recently proposed advanced fast correlation attacks, and it employs the concepts of decimation, linear combining, hypothesizing and minimum distance decoding. However, as opposed to fast correlation attacks, no preprocessing phase is allowed for the LPN problem. The proposed algorithm appears as more powerful than the best one previously reported known as the BKW algorithm proposed by Blum, Kalai and Wasserman. In fact the BKW algorithm is shown to be a special instance of the proposed algorithm, but without optimized parameters. An improved security evaluation, assuming the passive attacks, of Hopper and Blum HB and HB + protocols for radio-frequency identification (RFID) authentication is then developed. Employing the proposed algorithm, the security of the HB protocols is reevaluated, implying that the previously reported security margins appear as overestimated.
Keywordscryptanalysis LPN problem fast correlation attacks HB protocols RFID authentication
Unable to display preview. Download preview PDF.
- 2.Blum, A., Furst, M., Kearns, M., Lipton, R.: Cryptographic Primitives Based on Hard Learning Problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)Google Scholar
- 4.Chabaud, F.: On the Security of Some Cryptosystems Based on Error-Correcting Codes. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 113–139. Springer, Heidelberg (1995)Google Scholar
- 8.Fossorier, M.P.C., Mihaljević, M.J., Imai, H.: A Unified Analysis for the Fast Correlation Attack. In: Proceedings of the 2005 IEEE Int. Symp. Inform. Theory - ISIT 2005, Adelaide, Australia, pp. 2012–2015 (September 2005) ISBN 0-7803-9151-9Google Scholar
- 9.Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack against HB+ a Provably Secure Lightweight Authentication Protocol, IACR, Cryptology ePrint Archive, Report 2005/237 (July 2005), Available at: http://eprint.iacr.org/2005/237
- 11.Hawkes, P., Rose, G.: Rewriting variables: the complexity of fast algebraic attacks on stream ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004)Google Scholar
- 12.Juels, A., Weis, S.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005), Updated version available at: http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/lpn.pdf Google Scholar
- 18.Regev, O.: On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In: Proceedings of the 37th ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar