Decoding Linear Codes with High Error Rate and Its Impact for LPN Security

  • Leif Both
  • Alexander May
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)


We propose a new algorithm for the decoding of random binary linear codes of dimension n that is superior to previous algorithms for high error rates. In the case of Full Distance decoding, the best known bound of \(2^{0.0953n}\) is currently achieved via the BJMM-algorithm of Becker, Joux, May and Meurer. Our algorithm significantly improves this bound down to \(2^{0.0885n}\).

Technically, our improvement comes from the heavy use of Nearest Neighbor techniques in all steps of the construction, whereas the BJMM-algorithm can only take advantage of Nearest Neighbor search in the last step.

Since cryptographic instances of LPN usually work in the high error regime, our algorithm has implications for LPN security.


Decoding binary linear codes BJMM Nearest Neighbors LPN Full Distance decoding Representations 


  1. [Ale03]
    Alekhnovich, M.: More on average case vs approximation complexity. In: 44th FOCS, pp. 298–307. IEEE Computer Society Press, October 2003Google Scholar
  2. [BJMM12]
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: how 1 + 1 = 0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). Scholar
  3. [BLP08]
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008). Scholar
  4. [BLP11]
    Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). Scholar
  5. [BM17a]
    Both, L., May, A.: Decoding linear codes with high error rate and its impact for LPN security (full version). Cryptology ePrint Archive: Report 2017/1139 (2017)Google Scholar
  6. [BM17b]
    Both, L., May, A.: Optimizing BJMM with nearest neighbors: full decoding in \(2^{2n/21}\) and McEliece security. In: International Workshop on Coding and Cryptography (WCC 2017) (2017)Google Scholar
  7. [Dum91]
    Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings of the 5th Joint Soviet-Swedish International Workshop on Information Theory, pp. 50–52 (1991)Google Scholar
  8. [EKM17]
    Esser, A., Kübler, R., May, A.: LPN decoded. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 486–514. Springer, Cham (2017). Scholar
  9. [GJL14]
    Guo, Q., Johansson, T., Löndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1–20. Springer, Heidelberg (2014). Scholar
  10. [McE78]
    McEliece, R.J.: A public-key system based on algebraic coding theory. Deep Space Network Progress Report 44, pp. 114–116. Jet Propulsion Laboratory, California Institute of Technology (1978)Google Scholar
  11. [MMT11]
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). Scholar
  12. [MO15]
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). Scholar
  13. [NIS]
    NIST Evaluation Criteria. Accessed 24 Nov 2017
  14. [Pra62]
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  15. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press, New York (2005)Google Scholar
  16. [Ste88]
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Faculty of Mathematics, Horst Görtz Institute for IT-SecurityRuhr-University BochumBochumGermany

Personalised recommendations