Cryptology ePrint Archive: Report 2021/962

Practically Solving LPN

Thom Wiggers and Simona Samardjiska

Abstract: The best algorithms for the Learning Parity with Noise (LPN) problem require sub-exponential time and memory. This often makes memory, and not time, the limiting factor for practical attacks, which seem to be out of reach even for relatively small parameters. In this paper, we try to bring the state-of-the-art in solving LPN closer to the practical realm. We improve upon the existing algorithms by modifying the Coded-BKW algorithm to work under various memory constrains. We correct and expand previous analysis and experimentally verify our findings. As a result we were able to mount practical attacks on the largest parameters reported to date using only $2^{39}$ bits of memory.

Category / Keywords: public-key cryptography / lpn, cryptanalysis, complexity analysis

Original Publication (in the same form): IEEE ISIT 2021

Date: received 16 Jul 2021, last revised 3 Aug 2021

Contact author: thom at thomwiggers nl, simonas at ru nl

Available format(s): PDF | BibTeX Citation

Note: Since previous eprint submission: fixed small formatting error

Version: 20210803:065516 (All versions of this report)

Short URL: ia.cr/2021/962


[ Cryptology ePrint archive ]