On Solving a Generalized Chinese Remainder Theorem in the Presence of Remainder Errors

In estimating frequencies given that the signal waveforms are undersampled multiple times, Xia et. al. proposed to use a generalized version of Chinese remainder Theorem (CRT), where the moduli are $M_1, M_2, \cdots, M_k$ which are not necessarily pairwise coprime. If the errors of the corrupted remainders are within \tau=\sds \max_{1\le i\le k} \min_{\stackrel{1\le j\le k}{j\neq i}} \frac{\gcd(M_i,M_j)}4, their schemes can be used to construct an approximation of the solution to the generalized CRT with an error smaller than $\tau$. Accurately finding the quotients is a critical ingredient in their approach. In this paper, we shall start with a faithful historical account of the generalized CRT. We then present two treatments of the problem of solving generalized CRT with erroneous remainders. The first treatment follows the route of Wang and Xia to find the quotients, but with a simplified process. The second treatment considers a simplified model of generalized CRT and takes a different approach by working on the corrupted remainders directly. This approach also reveals some useful information about the remainders by inspecting extreme values of the erroneous remainders modulo $4\tau$. Both of our treatments produce efficient algorithms with essentially optimal performance. Finally, this paper constructs a counterexample to prove the sharpness of the error bound $\tau$

A New Algorithm for Solving Ring-LPN with a Reducible Polynomial

The LPN (Learning Parity with Noise) problem has recently proved to be of great importance in cryptology. A special and very useful case is the RING-LPN problem, which typically provides improved efficiency in the constructed cryptographic primitive. We present a new algorithm for solving the RING-LPN problem in the case when the polynomial used is reducible. It greatly outperforms previous algorithms for solving this problem. Using the algorithm, we can break the Lapin authentication protocol for the proposed instance using a reducible polynomial, in about 2^70 bit operations