1,708 research outputs found
Solving the LPN problem in cube-root time
In this paper it is shown that given a sufficient number of (noisy) random
binary linear equations, the Learning from Parity with Noise (LPN) problem can
be solved in essentially cube root time in the number of unknowns. The
techniques used to recover the solution are known from fast correlation attacks
on stream ciphers. As in fast correlation attacks, the performance of the
algorithm depends on the number of equations given. It is shown that if this
number exceeds a certain bound, and the bias of the noisy equations is
polynomial in number of unknowns, the running time of the algorithm is reduced
to almost cube root time compared to the brute force checking of all possible
solutions. The mentioned bound is explicitly given and it is further shown that
when this bound is exceeded, the complexity of the approach can even be further
reduced
A Discrete Logarithm-based Approach to Compute Low-Weight Multiples of Binary Polynomials
Being able to compute efficiently a low-weight multiple of a given binary
polynomial is often a key ingredient of correlation attacks to LFSR-based
stream ciphers. The best known general purpose algorithm is based on the
generalized birthday problem. We describe an alternative approach which is
based on discrete logarithms and has much lower memory complexity requirements
with a comparable time complexity.Comment: 12 page
Algebraic Attack on the Alternating Step(r,s)Generator
The Alternating Step(r,s) Generator, ASG(r,s), is a clock-controlled sequence
generator which is recently proposed by A. Kanso. It consists of three
registers of length l, m and n bits. The first register controls the clocking
of the two others. The two other registers are clocked r times (or not clocked)
(resp. s times or not clocked) depending on the clock-control bit in the first
register. The special case r=s=1 is the original and well known Alternating
Step Generator. Kanso claims there is no efficient attack against the ASG(r,s)
since r and s are kept secret. In this paper, we present an Alternating Step
Generator, ASG, model for the ASG(r,s) and also we present a new and efficient
algebraic attack on ASG(r,s) using 3(m+n) bits of the output sequence to find
the secret key with O((m^2+n^2)*2^{l+1}+ (2^{m-1})*m^3 + (2^{n-1})*n^3)
computational complexity. We show that this system is no more secure than the
original ASG, in contrast to the claim of the ASG(r,s)'s constructor.Comment: 5 pages, 2 figures, 2 tables, 2010 IEEE International Symposium on
Information Theory (ISIT2010),June 13-18, 2010, Austin, Texa
A fast and light stream cipher for smartphones
We present a stream cipher based on a chaotic dynamical system. Using a
chaotic trajectory sampled under certain rules in order to avoid any attempt to
reconstruct the original one, we create a binary pseudo-random keystream that
can only be exactly reproduced by someone that has fully knowledge of the
communication system parameters formed by a transmitter and a receiver and
sharing the same initial conditions. The plaintext is XORed with the keystream
creating the ciphertext, the encrypted message. This keystream passes the NISTs
randomness test and has been implemented in a videoconference App for
smartphones, in order to show the fast and light nature of the proposed
encryption system
Quantum Noise Randomized Ciphers
We review the notion of a classical random cipher and its advantages. We
sharpen the usual description of random ciphers to a particular mathematical
characterization suggested by the salient feature responsible for their
increased security. We describe a concrete system known as AlphaEta and show
that it is equivalent to a random cipher in which the required randomization is
effected by coherent-state quantum noise. We describe the currently known
security features of AlphaEta and similar systems, including lower bounds on
the unicity distances against ciphertext-only and known-plaintext attacks. We
show how AlphaEta used in conjunction with any standard stream cipher such as
AES (Advanced Encryption Standard) provides an additional, qualitatively
different layer of security from physical encryption against known-plaintext
attacks on the key. We refute some claims in the literature that AlphaEta is
equivalent to a non-random stream cipher.Comment: Accepted for publication in Phys. Rev. A; Discussion augmented and
re-organized; Section 5 contains a detailed response to 'T. Nishioka, T.
Hasegawa, H. Ishizuka, K. Imafuku, H. Imai: Phys. Lett. A 327 (2004) 28-32
/quant-ph/0310168' & 'T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, H.
Imai: Phys. Lett. A 346 (2005) 7
A Simple Attack on Some Clock-Controlled Generators
We present a new approach to edit distance attacks on certain
clock-controlled generators, which applies basic concepts of Graph Theory to
simplify the search trees of the original attacks in such a way that only the
most promising branches are analyzed. In particular, the proposed improvement
is based on cut sets defined on some graphs so that certain shortest paths
provide the edit distances. The strongest aspects of the proposal are that the
obtained results from the attack are absolutely deterministic, and that many
inconsistent initial states of the target registers are recognized beforehand
and avoided during search
- …