Paper 2012/699

How Practical is Public-Key Encryption Based on LPN and Ring-LPN?

Ivan Damgård and Sunoo Park

Abstract

We conduct a study of public-key cryptosystems based on variants of the Learning Parity with Noise (LPN) problem. The main LPN variant in consideration was introduced by Alekhnovich (FOCS 2003), and we describe several improvements to the originally proposed scheme, inspired by similar existing variants of Regev's LWE-based cryptosystem. To achieve further efficiency, we propose the first public-key cryptosystem based on the ring-LPN problem, which is a more recently introduced LPN variant that makes for substantial improvement in terms of both time and space. We also introduce a variant of this problem called the transposed Ring-LPN problem. Our public-key scheme based on this problem is even more efficient. For all cases, we compute the parameters required for various security levels in practice, given the best currently known attacks. Our conclusion is that the basic LPN-based scheme is in several respects not competitive with existing practical schemes, as the public key, ciphertexts and encryption time become very large already for 80-bit security. On the other hand, the scheme based on transposed Ring-LPN is far better in all these respects. Although the public key and ciphertexts are still larger than for, say, RSA at comparable security levels, they are not prohibitively large; moreover, for decryption, the scheme outperforms RSA for security levels of 112 bits or more. The Ring-LPN based scheme is less efficient, however. Thus, LPN-based public-key cryptography seems to be somewhat more promising for practical use than has been generally assumed so far.

Note: This version takes into account the recent attacks on LPN that invalidated the conclusions of the previous version.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
LPNring-LPNpublic-key encryption
Contact author(s)
sunoo @ csail mit edu
History
2014-04-21: last of 11 revisions
2012-12-14: received
See all versions
Short URL
https://ia.cr/2012/699
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/699,
      author = {Ivan Damgård and Sunoo Park},
      title = {How Practical is Public-Key Encryption Based on LPN and Ring-LPN?},
      howpublished = {Cryptology ePrint Archive, Paper 2012/699},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/699}},
      url = {https://eprint.iacr.org/2012/699}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.