Solving the LPN problem in cube-root time

In this paper it is shown that given a sufficient number of (noisy) random binary linear equations, the Learning from Parity with Noise (LPN) problem can be solved in essentially cube root time in the number of unknowns. The techniques used to recover the solution are known from fast correlation attacks on stream ciphers. As in fast correlation attacks, the performance of the algorithm depends on the number of equations given. It is shown that if this number exceeds a certain bound, and the bias of the noisy equations is polynomial in number of unknowns, the running time of the algorithm is reduced to almost cube root time compared to the brute force checking of all possible solutions. The mentioned bound is explicitly given and it is further shown that when this bound is exceeded, the complexity of the approach can even be further reduced

Protocol-based information security

The article discusses data encryption algorithms, experiment with the considered algorithms are carried out. The result of the research was the creation of new a data encryption algorithm

Anonymous Authentication for Smartcards

The paper presents an innovative solution in the field of RFID (Radio-Frequency IDentification) smartcard authentication. Currently the smartcards are used for many purposes - e.g. employee identification, library cards, student cards or even identity credentials. Personal identity is revealed to untrustworthy entities every time we use these cards. Such information could later be used without our knowledge and for harmful reasons like shopping pattern scanning or even movement tracking. We present a communication scheme for keeping one’s identity private in this paper. Although our system provides anonymity, it does not allow users to abuse this feature. The system is based on strong cryptographic primitives that provide features never available before. Besides theoretical design of the anonymous authentication scheme and its analysis we also provide implementation results

Gli Habitat terrestri costieri e litorali della Sardegna settentrionale: verifica della loro attribuzione sintassonomica ai sensi della Direttiva 43/92/CEE “Habitat”

In this work we talk about coastal and littoral terrestrial habitats and plant communities in Northern Sardinia. We check the right attribution of different plant communities to their habitat type, among those indicated in the Annexe I of the 43/92/EEC Habitat Directive, and the coherence between the Natura 2000 Network and the tested habitat presence in the study area. Finally, some critical examples, regarding either the interpretation or the application of the Habitat Directive, are discussed. In the study area 16 community habitats have been detected, and among them three are priority habitats (1510*, 2250* and 2270*). 15 habitats are confirmed, been mentioned in at least one Natura 2000 formulary, instead, habitat 2220 is here reported for the first time in Northern Sardinia. The presence in the study area of 5 habitats mentioned in Natura 2000 formularies (1310, 2110, 2120, 2240 and 5410) is not confirmed. The percentage of high threatened habitats in the study area (37.5%) is higher than the national one (24%). On the other hand the percentage of low risk habitats in coastal areas of Northern Sardinia (37.5%) is lower than the Italian one (48%). These considerations give priority to the conservation of the coastal and littoral areas in Northern Sardinia. Finally, the discussion of some critical applicative examples bring us to ask for a really needed Habitat Directive Annexe I revision

A Key-Independent Distinguisher for 6-round AES in an Adaptive Setting

In this paper, we study the results of the recently proposed exchange attack in an adaptive setting. As expected, it leads to present a better 6-round key-independent distinguisher in terms of data and computational complexities. More specifically, our 6-round adaptive distinguisher requires $2^{83}$ chosen plaintexts and $2^{83}$ adaptively chosen ciphertexts and has a computational cost of $2^{83}$ encryption

Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code

We describe a mechanism to create fair and explainable incentives for software developers to reward contributions to security of a product. We use cooperative game theory to model the actions of the developer team inside a risk management workflow, considering the team to actively work against known threats, and thereby receive micro-payments based on their performance. The use of the Shapley-value provides natural explanations here directly through (new) interpretations of the axiomatic grounding of the imputation. The resulting mechanism is straightforward to implement, and relies on standard tools from collaborative software development, such as are available for git repositories and mining thereof. The micropayment model itself is deterministic and does not rely on uncertain information outside the scope of the developer team or the enterprise, hence is void of assumptions about adversarial incentives, or user behavior, up to their role in the risk management process that the mechanism is part of. We corroborate our model with a worked example based on real-life data.Comment: presented as a poster at GameSec 2023 (www.gamesec-conf.org

Improvements on making BKW practical for solving LWE

The learning with errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum–Kalai–Wasserman (BKW) algorithm. This paper presents new improvements of BKW-style algorithms for solving LWE instances. We target minimum concrete complexity, and we introduce a new reduction step where we partially reduce the last position in an iteration and finish the reduction in the next iteration, allowing non-integer step sizes. We also introduce a new procedure in the secret recovery by mapping the problem to binary problems and applying the fast Walsh Hadamard transform. The complexity of the resulting algorithm compares favorably with all other previous approaches, including lattice sieving. We additionally show the steps of implementing the approach for large LWE problem instances. We provide two implementations of the algorithm, one RAM-based approach that is optimized for speed, and one file-based approach which overcomes RAM limitations by using file-based storage.publishedVersio

Observations on the LPN Solving Algorithm from Eurocrypt\u2716

In this note we re-evaluate the Eurocrypt\u2716 paper by Zhang et al. in the area of LPN solving algorithms. We present the history of LPN solving algorithms and give the general description of the algorithm. While this new algorithm claims to improve all the previous results, we have discovered issues in its analysis. We review inconsistencies in complexity estimates and a misconception of some new reduction algorithm. What we show is that the results of Eurocrypt\u2716 do not provide better performance compared with the results from Asiacrypt\u2714

An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices

In this paper, we study the Learning With Errors problem and its binary variant, where secrets and errors are binary or taken in a small interval. We introduce a new variant of the Blum, Kalai and Wasserman algorithm, relying on a quantization step that generalizes and fine-tunes modulus switching. In general this new technique yields a significant gain in the constant in front of the exponent in the overall complexity. We illustrate this by solving p within half a day a LWE instance with dimension n = 128, modulus $q = n^2$, Gaussian noise $\alpha = 1/(\sqrt{n/\pi} \log^2 n)$ and binary secret, using $2^{28}$ samples, while the previous best result based on BKW claims a time complexity of $2^{74}$ with $2^{60}$ samples for the same parameters. We then introduce variants of BDD, GapSVP and UniqueSVP, where the target point is required to lie in the fundamental parallelepiped, and show how the previous algorithm is able to solve these variants in subexponential time. Moreover, we also show how the previous algorithm can be used to solve the BinaryLWE problem with n samples in subexponential time $2^{(\ln 2/2+o(1))n/\log \log n}$. This analysis does not require any heuristic assumption, contrary to other algebraic approaches; instead, it uses a variant of an idea by Lyubashevsky to generate many samples from a small number of samples. This makes it possible to asymptotically and heuristically break the NTRU cryptosystem in subexponential time (without contradicting its security assumption). We are also able to solve subset sum problems in subexponential time for density $o(1)$, which is of independent interest: for such density, the previous best algorithm requires exponential time. As a direct application, we can solve in subexponential time the parameters of a cryptosystem based on this problem proposed at TCC 2010.Comment: CRYPTO 201