nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

Rigorous Foundations for Dual Attacks in Coding Theory

verfasst von : Charles Meyer-Hilfiger, Jean-Pierre Tillich

Erschienen in: Theory of Cryptography

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Dual attacks aiming at decoding generic linear codes have been found recently to outperform for certain parameters information set decoding techniques which have been for 60 years the dominant tool for solving this problem and choosing the parameters of code-based cryptosystems. However, the analysis of the complexity of these dual attacks relies on some unproven assumptions that are not even fully backed up with experimental evidence. These dual attacks can actually be viewed as the code-based analogue of dual attacks in lattice based cryptography. Here too, dual attacks have been found out those past years to be strong competitors to primal attacks and a controversy has emerged whether similar heuristics made for instance on the independence of certain random variables really hold. We will show that the dual attacks in coding theory can be studied by providing in a first step a simple alternative expression of the fundamental quantity used in these dual attacks. We then show that this expression can be studied without relying on independence assumptions whatsoever. This study leads us to discover that there is indeed a problem with the latest and most powerful dual attack proposed in [CDMT22] and that for the parameters chosen in this algorithm there are indeed false candidates which are produced and which are not predicted by the analysis provided there which relies on independence assumptions. We then suggest a slight modification of this algorithm consisting in a further verification step, analyze it thoroughly, provide experimental evidence that our analysis is accurate and show that the complexity claims made in [CDMT22] are indeed valid for this modified algorithm. This approach provides a simple methodology for studying rigorously dual attacks which could turn out to be useful for further developing the subject.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel On the Multi-user Security of LWE-Based NIKE

Nur mit Berechtigung zugänglich

It is decreasing in the interval \([0,n/2-\sqrt{w(n-w)}]\) and then even if there are fluctuations (the polynomial has zeros) it behaves like \(\mathop {\textrm{poly}}\limits \left( n\right) \sin (\alpha ) e^{\beta n}\) with an exponent \(\beta \) which is decreasing with \(t=|{\textbf{e}}|\) and where Proposition 2 shows that there are nearby weights \(t'\) and \(w'\) for t and w respectively for which the exponential term captures the behavior of \(K_{w'}(t')\).

https://github.com/tillich/RLPNdecoding/blob/master/supplementaryMaterial/RLPN_Dumer89.csv.

https://github.com/meyer-hilfiger/Rigorous-Foundations-for-Dual-Attacks-in-Coding-Theory.

[Alb17]

Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103–129. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_4CrossRef

[Bar97]

Barg, A.: Complexity issues in coding theory. Electronic Colloquium on Computational Complexity, October 1997

[BEL10]

Blinovsky, V., Erez, U., Litsyn, S.: Weight distribution moments of random linear/coset codes. Des. Codes Crypt. 57, 127–138 (2010)MathSciNetCrossRefMATH

[BJMM12]

Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in \(2^{ \mathit{n}/20}\): how 1+1 = 0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_31CrossRefMATH

[BLP11]

Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_42CrossRef

[BM17]

Both, L., May, A.: Optimizing BJMM with nearest neighbors: full decoding in \(2^{2/21 n}\) and McEliece security. In: WCC Workshop on Coding and Cryptography, September 2017

[CDMT22]

Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.P.: Statistical decoding 2.0: reducing decoding to LPN. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. LNCS, vol. 13794, pp. 477–507. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22972-5_17

[DP23]

Ducas, L., Pulles, L.N.: Does the dual-sieve attack on learning with errors even work? IACR Cryptol. ePrint Arch., p. 302 (2023)

[DT17a]

Debris-Alazard, T., Tillich, J.P.: Statistical decoding. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT 2017, pp. 1798–1802, Aachen, Germany, June 2017

[DT17b]

Debris-Alazard, T., Tillich, J.P.: Statistical decoding. preprint, January 2017. arXiv:1701.07416

[Dum86]

Dumer, I.: On syndrome decoding of linear codes. In: Proceedings of the 9th All-Union Symposium on Redundancy in Information Systems, abstracts of papers (in Russian), Part 2, pp. 157–159, Leningrad (1986)

[Dum91]

Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings of the 5th Joint Soviet-Swedish International Workshop Information Theory, pp. 50–52, Moscow (1991)

[EJK20]

Espitau, T., Joux, A., Kharchenko, N.: On a dual/hybrid approach to small secret LWE. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 440–462. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_20CrossRef

[FS09]

Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_6CrossRef

[GJ21]

Guo, Q., Johansson, T.: Faster dual lattice attacks for solving LWE with applications to CRYSTALS. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 33–62. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_2CrossRef

[Jab01]

Jabri, A.A.: A statistical decoding algorithm for general linear block codes. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 1–8. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_1CrossRef

[KS21]

Kirshner, N., Samorodnitsky, A.: A moment ratio bound for polynomials and some extremal properties of Krawchouk polynomials and hamming spheres. IEEE Trans. Inform. Theory 67(6), 3509–3541 (2021)

[LM19]

Linial, N., Mosheiff, J.: On the weight distribution of random binary linear codes. Random Struct. Algorithms 56, 5–36 (2019)MathSciNetCrossRefMATH

[MAT22]

MATZOV. Report on the Security of LWE: Improved Dual Lattice Attack, April 2022

[MMT11]

May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_6CrossRefMATH

[MO15]

May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_9CrossRef

[MR09]

Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Berlin, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_5

[MS86]

MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, 5th edn. North-Holland, Amsterdam (1986)

[Ove06]

Overbeck, R.: Statistical decoding revisited. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 283–294. Springer, Heidelberg (2006). https://doi.org/10.1007/11780656_24CrossRef

[Pra62]

Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRef

[Ste88]

Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0019850CrossRef

[vL99]

Van Lint, J.H.: Introduction to Coding Theory, 3rd edn. In: Graduate Texts in Mathematics. Springer, Berlin, Heidelberg (1999). https://doi.org/10.1007/978-3-642-58575-3

Titel: Rigorous Foundations for Dual Attacks in Coding Theory
verfasst von: Charles Meyer-Hilfiger
Jean-Pierre Tillich
Verlag: Springer Nature Switzerland
Buch: Theory of Cryptography
Print ISBN: 978-3-031-48623-4

Electronic ISBN: 978-3-031-48624-1

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-3-031-48624-1_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner