Skip to main content
SpringerLink
Log in

Improved Low-Memory Subset Sum and LPN Algorithms via Multiple Collisions

  • Conference paper
  • First Online:
Cryptography and Coding (IMACC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11929))

Included in the following conference series:

Abstract

For enabling post-quantum cryptanalytic experiments on a meaningful scale, there is a strong need for low-memory algorithms. We show that the combination of techniques from representations, multiple collision finding, and the Schroeppel-Shamir algorithm leads to improved low-memory algorithms.

For random subset sum instances \((a_1, \ldots , a_n, t)\) defined modulo \(2^n\), our algorithms improve over the Dissection technique for small memory \(M < 2^{0.02n}\) and in the mid-memory regime \(2^{0.13n}< M < 2^{0.2n}\).

An application of our technique to LPN of dimension k and constant error p yields significant time complexity improvements over the Dissection-BKW algorithm from Crypto 2018 for all memory parameters \(M< 2^{0.35 \frac{k}{\log k}}\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. http://csrc.nist.gov/groups/ST/post-quantum-crypto/

  2. Aggarwal, D., Dadush, D., Regev, O., Stephens-Davidowitz, N.: Solving the shortest vector problem in \(2^n\) time using discrete Gaussian sampling: extended abstract. In: Servedio, R.A., Rubinfeld, R. (eds.) 47th Annual ACM Symposium on Theory of Computing, Portland, OR, USA, 14–17 June 2015, pp. 733–742. ACM Press (2015)

    Google Scholar 

  3. Albrecht, M.R., Cid, C., Faugere, J.C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325–354 (2015)

    Article  MathSciNet  Google Scholar 

  4. Austrin, P., Kaski, P., Koivisto, M., Määttä, J.: Space-time tradeoffs for subset sum: an improved worst case algorithm. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M.Z., Peleg, D. (eds.) ICALP 2013. LNCS, vol. 7965, pp. 45–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39206-1_5

    Chapter  Google Scholar 

  5. Bai, S., Laarhoven, T., Stehlé, D.: Tuple lattice sieving. LMS J. Comput. Math. 19(A), 146–162 (2016)

    Article  MathSciNet  Google Scholar 

  6. Bansal, N., Garg, S., Nederlof, J., Vyas, N.: Faster space-efficient algorithms for subset sum and k-sum. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th Annual ACM Symposium on Theory of Computing, Montreal, QC, Canada, 19–23 June 2017, pp. 198–209. ACM Press (2017)

    Google Scholar 

  7. Becker, A., Coron, J.S., Joux, A.: Improved generic algorithms for hard knapsacks. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 364–385. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_21

    Chapter  Google Scholar 

  8. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) 27th Annual ACM-SIAM Symposium on Discrete Algorithms, Arlington, VA, USA, 10–12 January 2016, pp. 10–24. ACM-SIAM (2016)

    Google Scholar 

  9. Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in \(2^{{n}/20}\): how \(1+1=0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_31

    Chapter  MATH  Google Scholar 

  10. Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. In: 32nd Annual ACM Symposium on Theory of Computing, Portland, OR, USA, 21–23 May 2000, pp. 435–440. ACM Press (2000)

    Google Scholar 

  11. Devadas, S., Ren, L., Xiao, H.: On iterative collision search for LPN and subset sum. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 729–746. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_24

    Chapter  Google Scholar 

  12. Dinur, I.: An algorithmic framework for the generalized birthday problem. Des. Codes Crypt. 27(8), 1–30 (2018)

    MathSciNet  Google Scholar 

  13. Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 719–740. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_42

    Chapter  Google Scholar 

  14. Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Memory-efficient algorithms for finding needles in haystacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 185–206. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_7

    Chapter  MATH  Google Scholar 

  15. Esser, A., Heuer, F., Kübler, R., May, A., Sohler, C.: Dissection-BKW. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 638–666. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_22

    Chapter  Google Scholar 

  16. Esser, A., Kübler, R., May, A.: LPN decoded. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 486–514. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_17

    Chapter  Google Scholar 

  17. Fouque, P.A., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, Even-Mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420–438. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_22

    Chapter  Google Scholar 

  18. Guo, Q., Johansson, T., Stankovski, P.: Coded-BKW: solving LWE using lattice codes. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 23–42. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_2

    Chapter  Google Scholar 

  19. Helm, A., May, A.: Subset sum quantumly in 1.17\({}^{\wedge }\)n. In: 13th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2018). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2018)

    Google Scholar 

  20. Horowitz, E., Sahni, S.: Computing partitions with applications to the knapsack problem. J. ACM (JACM) 21(2), 277–292 (1974)

    Article  MathSciNet  Google Scholar 

  21. Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235–256. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_12

    Chapter  Google Scholar 

  22. Joux, A., Lucks, S.: Improved generic algorithms for 3-collisions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 347–363. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_21

    Chapter  Google Scholar 

  23. Kirchner, P., Fouque, P.A.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 43–62. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_3

    Chapter  Google Scholar 

  24. Kuhn, F., Struik, R.: Random walks revisited: extensions of Pollard’s rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45537-X_17

    Chapter  Google Scholar 

  25. May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_6

    Chapter  MATH  Google Scholar 

  26. Nikolić, I., Sasaki, Y.: Refinements of the k-tree algorithm for the generalized birthday problem. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 683–703. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_28

    Chapter  Google Scholar 

  27. Nikolić, I., Sasaki, Y.: A new algorithm for the unbalanced meet-in-the-middle problem. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 627–647. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_23

    Chapter  MATH  Google Scholar 

  28. Schroeppel, R., Shamir, A.: A t = o(2\({}^{\text{ n/2 }}\)), s = o(2\({}^{\text{ n/4 }}\)) algorithm for certain NP-complete problems. SIAM J. Comput. 10(3), 456–464 (1981). https://doi.org/10.1137/0210033

    Article  MathSciNet  MATH  Google Scholar 

  29. Trimoska, M., Ionica, S., Dequen, G.: Time-memory trade-offs for parallel collision search algorithms. Cryptology ePrint Archive, Report 2017/581 (2017). https://eprint.iacr.org/2017/581

  30. van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999)

    Article  MathSciNet  Google Scholar 

  31. Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_19

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ruhr University Bochum, Bochum, Germany

    Claire Delaplace, Andre Esser & Alexander May

Authors
  1. Claire Delaplace
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andre Esser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander May
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andre Esser .

Editor information

Editors and Affiliations

  1. Royal Holloway, University of London, London, UK

    Martin Albrecht

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Delaplace, C., Esser, A., May, A. (2019). Improved Low-Memory Subset Sum and LPN Algorithms via Multiple Collisions. In: Albrecht, M. (eds) Cryptography and Coding. IMACC 2019. Lecture Notes in Computer Science(), vol 11929. Springer, Cham. https://doi.org/10.1007/978-3-030-35199-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35199-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35198-4

  • Online ISBN: 978-3-030-35199-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation