56 research outputs found
Solving the LPN problem in cube-root time
In this paper it is shown that given a sufficient number of (noisy) random
binary linear equations, the Learning from Parity with Noise (LPN) problem can
be solved in essentially cube root time in the number of unknowns. The
techniques used to recover the solution are known from fast correlation attacks
on stream ciphers. As in fast correlation attacks, the performance of the
algorithm depends on the number of equations given. It is shown that if this
number exceeds a certain bound, and the bias of the noisy equations is
polynomial in number of unknowns, the running time of the algorithm is reduced
to almost cube root time compared to the brute force checking of all possible
solutions. The mentioned bound is explicitly given and it is further shown that
when this bound is exceeded, the complexity of the approach can even be further
reduced
Protocol-based information security
The article discusses data encryption algorithms, experiment with the considered algorithms are carried out. The result of the research was the creation of new a data encryption algorithm
Anonymous Authentication for Smartcards
The paper presents an innovative solution in the field of RFID (Radio-Frequency IDentification) smartcard authentication. Currently the smartcards are used for many purposes - e.g. employee identification, library cards, student cards or even identity credentials. Personal identity is revealed to untrustworthy entities every time we use these cards. Such information could later be used without our knowledge and for harmful reasons like shopping pattern scanning or even movement tracking. We present a communication scheme for keeping one’s identity private in this paper. Although our system provides anonymity, it does not allow users to abuse this feature. The system is based on strong cryptographic primitives that provide features never available before. Besides theoretical design of the anonymous authentication scheme and its analysis we also provide implementation results
Gli Habitat terrestri costieri e litorali della Sardegna settentrionale: verifica della loro attribuzione sintassonomica ai sensi della Direttiva 43/92/CEE “Habitat”
In this work we talk about coastal and littoral terrestrial habitats and plant communities in Northern Sardinia. We check the right attribution of different plant communities to their habitat type, among those indicated in the Annexe I of the 43/92/EEC Habitat Directive, and the coherence between the Natura 2000 Network and the tested habitat presence in the study area. Finally, some critical examples, regarding either the interpretation or the application of the Habitat Directive, are discussed.
In the study area 16 community habitats have been detected, and among them three are priority habitats (1510*, 2250* and 2270*).
15 habitats are confirmed, been mentioned in at least one Natura 2000 formulary, instead, habitat 2220 is here reported for the first time in Northern Sardinia.
The presence in the study area of 5 habitats mentioned in Natura 2000 formularies (1310, 2110, 2120, 2240 and 5410) is not confirmed.
The percentage of high threatened habitats in the study area (37.5%) is higher than the national one (24%). On the other hand the percentage of low risk habitats in coastal areas of Northern Sardinia (37.5%) is lower than the Italian one (48%). These considerations give priority to the conservation of the coastal and littoral areas in Northern Sardinia. Finally, the discussion of some critical applicative examples bring us to ask for a really needed Habitat Directive Annexe I revision
A Key-Independent Distinguisher for 6-round AES in an Adaptive Setting
In this paper, we study the results of the recently proposed exchange attack in an adaptive setting. As expected, it leads to present a better 6-round key-independent distinguisher in terms of data and computational complexities. More specifically, our 6-round adaptive distinguisher requires chosen plaintexts and adaptively chosen ciphertexts and has a computational cost of encryption
Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code
We describe a mechanism to create fair and explainable incentives for
software developers to reward contributions to security of a product. We use
cooperative game theory to model the actions of the developer team inside a
risk management workflow, considering the team to actively work against known
threats, and thereby receive micro-payments based on their performance. The use
of the Shapley-value provides natural explanations here directly through (new)
interpretations of the axiomatic grounding of the imputation. The resulting
mechanism is straightforward to implement, and relies on standard tools from
collaborative software development, such as are available for git repositories
and mining thereof. The micropayment model itself is deterministic and does not
rely on uncertain information outside the scope of the developer team or the
enterprise, hence is void of assumptions about adversarial incentives, or user
behavior, up to their role in the risk management process that the mechanism is
part of. We corroborate our model with a worked example based on real-life
data.Comment: presented as a poster at GameSec 2023 (www.gamesec-conf.org
Improvements on making BKW practical for solving LWE
The learning with errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum–Kalai–Wasserman (BKW) algorithm. This paper presents new improvements of BKW-style algorithms for solving LWE instances. We target minimum concrete complexity, and we introduce a new reduction step where we partially reduce the last position in an iteration and finish the reduction in the next iteration, allowing non-integer step sizes. We also introduce a new procedure in the secret recovery by mapping the problem to binary problems and applying the fast Walsh Hadamard transform. The complexity of the resulting algorithm compares favorably with all other previous approaches, including lattice sieving. We additionally show the steps of implementing the approach for large LWE problem instances. We provide two implementations of the algorithm, one RAM-based approach that is optimized for speed, and one file-based approach which overcomes RAM limitations by using file-based storage.publishedVersio
Observations on the LPN Solving Algorithm from Eurocrypt\u2716
In this note we re-evaluate the Eurocrypt\u2716 paper by Zhang et al. in the area of LPN solving algorithms. We present the history of LPN solving algorithms and give the general description of the algorithm. While this new algorithm claims to improve all the previous results, we have discovered issues in its analysis. We review inconsistencies in complexity estimates and a misconception of some new reduction algorithm.
What we show is that the results of Eurocrypt\u2716 do not provide better performance compared with the results from Asiacrypt\u2714
An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices
In this paper, we study the Learning With Errors problem and its binary
variant, where secrets and errors are binary or taken in a small interval. We
introduce a new variant of the Blum, Kalai and Wasserman algorithm, relying on
a quantization step that generalizes and fine-tunes modulus switching. In
general this new technique yields a significant gain in the constant in front
of the exponent in the overall complexity. We illustrate this by solving p
within half a day a LWE instance with dimension n = 128, modulus ,
Gaussian noise and binary secret, using
samples, while the previous best result based on BKW claims a time
complexity of with samples for the same parameters. We then
introduce variants of BDD, GapSVP and UniqueSVP, where the target point is
required to lie in the fundamental parallelepiped, and show how the previous
algorithm is able to solve these variants in subexponential time. Moreover, we
also show how the previous algorithm can be used to solve the BinaryLWE problem
with n samples in subexponential time . This
analysis does not require any heuristic assumption, contrary to other algebraic
approaches; instead, it uses a variant of an idea by Lyubashevsky to generate
many samples from a small number of samples. This makes it possible to
asymptotically and heuristically break the NTRU cryptosystem in subexponential
time (without contradicting its security assumption). We are also able to solve
subset sum problems in subexponential time for density , which is of
independent interest: for such density, the previous best algorithm requires
exponential time. As a direct application, we can solve in subexponential time
the parameters of a cryptosystem based on this problem proposed at TCC 2010.Comment: CRYPTO 201
- …