Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding Attacks
Saved in:
| Title: | Not Just Regular Decoding: Asymptotics and Improvements of Regular Syndrome Decoding Attacks |
|---|---|
| Authors: | Esser, Andre, Santini, Paolo |
| Contributors: | Leonid Reyzin, Douglas Stebila (editors), Esser, Andre, Santini, Paolo |
| Publisher Information: | Springer |
| Publication Year: | 2024 |
| Collection: | Università Politecnica delle Marche: IRIS |
| Subject Terms: | Hardness classification, Information Set Decoding, Code Based Cryptography |
| Description: | Cryptographic constructions often base security on structured problem variants to enhance efficiency or to enable advanced functionalities. This led to the introduction of the Regular Syndrome Decoding (RSD) problem, which guarantees that a solution to the Syndrome Decoding (SD) problem follows a particular block-wise structure. Despite recent attacks exploiting that structure by Briaud and Øygarden (Eurocrypt ’23) and Carozza, Couteau and Joux (CCJ, Eurocrypt ’23), many questions about the impact of the regular structure on the problem hardness remain open. In this work we initiate a systematic study of the hardness of the RSD problem starting from its asymptotics. We classify different parameter regimes revealing large regimes for which RSD instances are solvable in polynomial time and on the other hand regimes that lead to particularly hard instances. Against previous perceptions, we show that a classification solely based on the uniqueness of the solution is not sufficient for isolating the worst case parameters. Further, we provide an in-depth comparison between SD and RSD in terms of reducibility and computational complexity, identifying regimes in which RSD instances are actually harder to solve. We provide the first asymptotic analyses of the algorithms presented by CCJ, establishing their worst case decoding complexities as and , respectively. We then introduce regular-ISD algorithms by showing how to tailor the whole machinery of advanced Information Set Decoding (ISD) techniques from attacking SD to the RSD setting. The fastest regular-ISD algorithm improves the worst case decoding complexity significantly to . Eventually, we show that also with respect to suggested parameters regular-ISD outperforms previous approaches in most cases, reducing security levels by up to 30 bits. |
| Document Type: | conference object |
| Language: | English |
| Relation: | info:eu-repo/semantics/altIdentifier/isbn/9783031683909; info:eu-repo/semantics/altIdentifier/isbn/9783031683916; info:eu-repo/semantics/altIdentifier/wos/WOS:001308754400006; ispartofbook:Advances in Cryptology – CRYPTO 2024; 44th Annual International Cryptology Conference; volume:14925; firstpage:183; lastpage:217; numberofpages:35; serie:LECTURE NOTES IN COMPUTER SCIENCE; https://hdl.handle.net/11566/335213 |
| DOI: | 10.1007/978-3-031-68391-6_6 |
| Availability: | https://hdl.handle.net/11566/335213 https://doi.org/10.1007/978-3-031-68391-6_6 |
| Rights: | info:eu-repo/semantics/closedAccess ; license:Tutti i diritti riservati ; license uri:iris.PRI01 |
| Accession Number: | edsbas.79DF440C |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Cryptographic constructions often base security on structured problem variants to enhance efficiency or to enable advanced functionalities. This led to the introduction of the Regular Syndrome Decoding (RSD) problem, which guarantees that a solution to the Syndrome Decoding (SD) problem follows a particular block-wise structure. Despite recent attacks exploiting that structure by Briaud and Øygarden (Eurocrypt ’23) and Carozza, Couteau and Joux (CCJ, Eurocrypt ’23), many questions about the impact of the regular structure on the problem hardness remain open. In this work we initiate a systematic study of the hardness of the RSD problem starting from its asymptotics. We classify different parameter regimes revealing large regimes for which RSD instances are solvable in polynomial time and on the other hand regimes that lead to particularly hard instances. Against previous perceptions, we show that a classification solely based on the uniqueness of the solution is not sufficient for isolating the worst case parameters. Further, we provide an in-depth comparison between SD and RSD in terms of reducibility and computational complexity, identifying regimes in which RSD instances are actually harder to solve. We provide the first asymptotic analyses of the algorithms presented by CCJ, establishing their worst case decoding complexities as and , respectively. We then introduce regular-ISD algorithms by showing how to tailor the whole machinery of advanced Information Set Decoding (ISD) techniques from attacking SD to the RSD setting. The fastest regular-ISD algorithm improves the worst case decoding complexity significantly to . Eventually, we show that also with respect to suggested parameters regular-ISD outperforms previous approaches in most cases, reducing security levels by up to 30 bits. |
|---|---|
| DOI: | 10.1007/978-3-031-68391-6_6 |