Paper 2023/1568

Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding Attacks

Andre Esser, Technology Innovation Institute, UAE
Paolo Santini, Marche Polytechnic University, Italy
Abstract

Cryptographic constructions often base security on structured problem variants to enhance efficiency or to enable advanced functionalities. This led to the introduction of the Regular Syndrome Decoding (RSD) problem, which guarantees that a solution to the Syndrome Decoding (SD) problem follows a particular block-wise structure. Despite recent attacks exploiting that structure by Briaud and Øygarden (Eurocrypt ’23) and Carozza, Couteau and Joux (CCJ, Eurocrypt ’23), many questions about the impact of the regular structure on the problem hardness remain open. In this work we initiate a systematic study of the hardness of the RSD problem starting from its asymptotics. We classify different parameter regimes revealing large regimes for which RSD instances are solvable in polynomial time and on the other hand regimes that lead to particularly hard instances. Against previous perceptions, we show that a classification solely based on the uniqueness of the solution is not sufficient for isolating the worst case parameters. Further, we provide an in-depth comparison between SD and RSD in terms of reducibility and computational complexity, identifying regimes in which RSD instances are actually harder to solve. We provide the first asymptotic analyses of the algorithms presented by CCJ, establishing their worst case decoding complexities as $2^{0.141n}$ and $2^{0.135n}$, respectively. We then introduce regular-ISD algorithms by showing how to tailor the whole machinery of advanced Information Set Decoding (ISD) techniques from attacking SD to the RSD setting. The fastest regular-ISD algorithm improves the worst case decoding complexity significantly to $2^{0.112n}$. Eventually, we show that also with respect to suggested parameters regular-ISD outperforms previous approaches in most cases, reducing security levels by up to 30 bits.

Note: Major modifications: - comparison with Linearization algorithm - revolving rounding issues for all Regular-ISD algorithms in the asymptotic regime - experimental verification of the heuristic due to Regularity Encoding Equations - included memory complexity comparison

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
A major revision of an IACR publication in CRYPTO 2024
Keywords
Hardness ClassificationInformation Set DecodingCode-Based Cryptography
Contact author(s)
andre r esser @ gmail com
p santini @ univpm it
History
2024-06-12: last of 2 revisions
2023-10-11: received
See all versions
Short URL
https://ia.cr/2023/1568
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1568,
      author = {Andre Esser and Paolo Santini},
      title = {Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1568},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1568}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.