Advertisement

Decoding Linear Codes with High Error Rate and Its Impact for LPN Security

  • Leif Both
  • Alexander May
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)

Abstract

We propose a new algorithm for the decoding of random binary linear codes of dimension n that is superior to previous algorithms for high error rates. In the case of Full Distance decoding, the best known bound of \(2^{0.0953n}\) is currently achieved via the BJMM-algorithm of Becker, Joux, May and Meurer. Our algorithm significantly improves this bound down to \(2^{0.0885n}\).

Technically, our improvement comes from the heavy use of Nearest Neighbor techniques in all steps of the construction, whereas the BJMM-algorithm can only take advantage of Nearest Neighbor search in the last step.

Since cryptographic instances of LPN usually work in the high error regime, our algorithm has implications for LPN security.

Keywords

Decoding binary linear codes BJMM Nearest Neighbors LPN Full Distance decoding Representations 

References

  1. [Ale03]
    Alekhnovich, M.: More on average case vs approximation complexity. In: 44th FOCS, pp. 298–307. IEEE Computer Society Press, October 2003Google Scholar
  2. [BJMM12]
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: how 1 + 1 = 0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_31CrossRefGoogle Scholar
  3. [BLP08]
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-88403-3_3CrossRefGoogle Scholar
  4. [BLP11]
    Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_42CrossRefGoogle Scholar
  5. [BM17a]
    Both, L., May, A.: Decoding linear codes with high error rate and its impact for LPN security (full version). Cryptology ePrint Archive: Report 2017/1139 (2017)Google Scholar
  6. [BM17b]
    Both, L., May, A.: Optimizing BJMM with nearest neighbors: full decoding in \(2^{2n/21}\) and McEliece security. In: International Workshop on Coding and Cryptography (WCC 2017) (2017)Google Scholar
  7. [Dum91]
    Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings of the 5th Joint Soviet-Swedish International Workshop on Information Theory, pp. 50–52 (1991)Google Scholar
  8. [EKM17]
    Esser, A., Kübler, R., May, A.: LPN decoded. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 486–514. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_17CrossRefGoogle Scholar
  9. [GJL14]
    Guo, Q., Johansson, T., Löndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1–20. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_1Google Scholar
  10. [McE78]
    McEliece, R.J.: A public-key system based on algebraic coding theory. Deep Space Network Progress Report 44, pp. 114–116. Jet Propulsion Laboratory, California Institute of Technology (1978)Google Scholar
  11. [MMT11]
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_6CrossRefGoogle Scholar
  12. [MO15]
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_9Google Scholar
  13. [NIS]
    NIST Evaluation Criteria. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography. Accessed 24 Nov 2017
  14. [Pra62]
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  15. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press, New York (2005)Google Scholar
  16. [Ste88]
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989).  https://doi.org/10.1007/BFb0019850CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Faculty of Mathematics, Horst Görtz Institute for IT-SecurityRuhr-University BochumBochumGermany

Personalised recommendations