Paper 2024/276

Reduce and Prange: Revisiting Prange's ISD for Solving LPN/RSD over Large Fields

Jiseung Kim, Jeonbuk National University
Changmin Lee, Korea Institute for Advanced Study
Abstract

The Learning Parity with Noise (LPN) problem and its specific form, LPN with regularity, are widely utilized in crafting cryptographic primitives. Recently, extending these problems to operate over larger fields has been considered to enhance applications. Despite the broad analysis available for traditional LPN approaches, the exploration of LPN over large fields remains underdeveloped. This gap in research has led to the development of improved attacks, suggesting that primitives based on LPN over large fields may not meet necessary security standards. We have developed an algorithm that enhances the efficiency of solving the LPN over large fields. This method innovatively modifies the Gaussian elimination attack, traditionally known as Prange's information set decoding algorithm. Our key advancement involves the selective use of partial Gaussian elimination rather than employing the full Gaussian algorithm throughout, which we have termed the ``Reduce and Prange's (RP) algorithm." Additionally, we apply the RP algorithm to address the LPN problem over large fields with regular noise. Our RP highlights two key aspects: the vulnerability of existing schemes and the superiority of our approach compared to recent analyses. Our findings reveal that cryptographic applications, including Syndrome Decoding in the Head frameworks (Crypto'22, Asiacrypt'23, Eurocrypt'24) and Scalable Multiparty Garbling (CCS'23), are not secure enough. To be precise, the schemes fail to achieve their intended bit-security. Compared to the previous analysis by Liu et al. (Eurocrypt'24), we show that for LPN over large fields (e.g., 128-bit field size), the bit-security is reduced by 5-11 bits . Furthermore, our RP algorithm for solving LPN with regular noise outperforms recent results by Liu et al., Briaud, and Øygard (Eurocrypt'23) under certain parameter choices, leading to a reduction in bit-security by 5-20 bits for LPN with regular noise.

Note: 24-11-29. Updated some paragraphs about the advantages of Reduce and Prange.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
LPN over large fieldsconcrete security
Contact author(s)
jiseungkim @ jbnu ac kr
changminlee @ kias re kr
History
2024-11-29: last of 5 revisions
2024-02-19: received
See all versions
Short URL
https://ia.cr/2024/276
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/276,
      author = {Jiseung Kim and Changmin Lee},
      title = {Reduce and Prange: Revisiting Prange's {ISD} for Solving {LPN}/{RSD} over Large Fields},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/276},
      year = {2024},
      url = {https://eprint.iacr.org/2024/276}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.