optimization of lpn solving algorithms
play

Optimization of LPN Solving Algorithms Sonia Bogos Serge Vaudenay - PowerPoint PPT Presentation

Feb 02, 2023 •312 likes •1.05k views

Optimization of LPN Solving Algorithms Sonia Bogos Serge Vaudenay EPFL 08 December 2016 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 1 / 27 Now Hiring! mailto: job_lasec@epfl.ch Sonia Bogos, Serge Vaudenay

  1. Optimization of LPN Solving Algorithms Sonia Bogos Serge Vaudenay EPFL 08 December 2016 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 1 / 27

  2. Now Hiring! mailto: job_lasec@epfl.ch Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 2 / 27

  3. Now Hiring! mailto: job_lasec@epfl.ch Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 2 / 27

  4. Motivation LPN can be defined as a noisy system of linear equations in the binary domain Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 3 / 27

  5. Motivation LPN can be defined as a noisy system of linear equations in the binary domain believed to be quantum resistant Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 3 / 27

  6. Motivation LPN can be defined as a noisy system of linear equations in the binary domain believed to be quantum resistant used in authentication protocols and cryptosystems Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 3 / 27

  7. Motivation LPN can be defined as a noisy system of linear equations in the binary domain believed to be quantum resistant used in authentication protocols and cryptosystems special case of LWE, but its hardness is not proven so far Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 3 / 27

  8. Motivation LPN can be defined as a noisy system of linear equations in the binary domain believed to be quantum resistant used in authentication protocols and cryptosystems special case of LWE, but its hardness is not proven so far Best way to study its hardness is by improving the algorithms that solve it Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 3 / 27

  9. Our Results analyse the existing LPN algorithms and study its building blocks improve the theory behind the covering code reduction optimise the order and the parameters used in LPN solving algorithms improve the best existing algorithms from ASIACRYPT’14 and EUROCRYPT’16 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 4 / 27

  10. Outline LPN 1 2 Code Reduction Our Algorithm 3 Results 4 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 5 / 27

  11. Outline LPN 1 2 Code Reduction Our Algorithm 3 Results 4 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 6 / 27

  12. Learning Parity with Noise (LPN) LPN Oracle Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  13. Learning Parity with Noise (LPN) LPN Oracle secret random vector s Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  14. Learning Parity with Noise (LPN) LPN Oracle secret random vector s c 1 = � v 1 , s �⊕ d 1 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  15. Learning Parity with Noise (LPN) LPN Oracle secret random vector s c 1 = � v 1 , s �⊕ d 1 random vector Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  16. Learning Parity with Noise (LPN) LPN Oracle secret random vector s c 1 = � v 1 , s �⊕ d 1 noise random vector Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  17. Learning Parity with Noise (LPN) LPN Oracle secret random vector s ( v 1 , c 1 ) c 1 = � v 1 , s �⊕ d 1 noise random vector Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  18. Learning Parity with Noise (LPN) LPN Oracle secret random vector s ( v 2 , c 2 ) c 2 = � v 2 , s �⊕ d 2 noise random vector Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  19. Learning Parity with Noise (LPN) LPN Oracle secret random vector s ( v i , c i ) c i = � v i , s �⊕ d i noise random vector Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  20. Learning Parity with Noise (LPN) LPN Oracle secret random vector s ( v i , c i ) c i = � v i , s �⊕ d i noise random vector Definition (LPN) Given independent queries from the LPN oracle, find the secret s . Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 7 / 27

  21. LPN Solving Algorithm Definition (LPN solving algorithm) We say that an algorithm M solves the LPN problem if Pr [ M recovers the secret s ] ≥ 1 2 , The performance of M is measured by the running time t , memory m and number of queries n from the LPN oracle Define δ = Pr [ d i = 0 ] − Pr [ d i = 1 ] as the noise bias Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 8 / 27

  22. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits recover the secret s ′ update the queries & repeat the steps Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  23. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits through reduction techniques recover the secret s ′ update the queries & repeat the steps Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  24. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits through reduction techniques recover the secret s ′ through solving techniques update the queries & repeat the steps Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  25. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits through reduction techniques recover the secret s ′ through solving techniques update the queries & repeat the steps until the entire s is recovered Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  26. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits through reduction techniques recover the secret s ′ through solving techniques update the queries & repeat the steps until the entire s is recovered s i LPN s 1 ... LPN s i LPN s reduction solve Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  27. General Structure To recover a secret s of k bits: reduce to a secret s ′ of k ′ ≤ k bits through reduction techniques recover the secret s ′ through solving techniques update the queries & repeat the steps until the entire s is recovered s i LPN s 1 ... LPN s i LPN s reduction solve Optimise the use of the reduction techniques Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 9 / 27

  28. Reduction Techniques sparse - secret partition - reduce ( b ) xor - reduce ( b ) drop - reduce ( b ) code - reduce ( k , k ′ , params ) guess - secret ( b , w ) Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 10 / 27

  29. Reduction Techniques sparse - secret partition - reduce ( b ) xor - reduce ( b ) drop - reduce ( b ) code - reduce ( k , k ′ , params ) guess - secret ( b , w ) Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 10 / 27

  30. Reduction Techniques Keep track of the: sparse - secret secret size partition - reduce ( b ) number of queries xor - reduce ( b ) noise bias drop - reduce ( b ) secret bias code - reduce ( k , k ′ , params ) guess - secret ( b , w ) Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 10 / 27

  31. Reduction sparse - secret v 1 c 1 ... v 2 ... c 2 v 3 ... c 3 v 4 c 2 ... v 5 c 5 ... v 6 c 6 ... ........................... v n − 2 ... c n-2 v n − 1 c n-1 ... v n c n ... Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 11 / 27

  32. Reduction sparse - secret v 1 c 1 ... v 2 ... c 2 v 3 ... c 3 v 4 c 2 ... v 5 c 5 ... v 6 c 6 n ... ........................... v n − 2 ... c n-2 v n − 1 c n-1 ... v n c n ... Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 11 / 27

  33. Reduction sparse - secret k v 1 c 1 ... v 2 ... c 2 v 3 ... c 3 v 4 c 2 ... v 5 c 5 ... v 6 c 6 n ... ........................... v n − 2 ... c n-2 v n − 1 c n-1 ... v n c n ... Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 11 / 27

  34. Reduction sparse - secret k c i = � v i , s �⊕ d i v 1 c 1 ... v 2 ... c 2 v 3 ... c 3 v 4 c 2 ... v 5 c 5 ... v 6 c 6 n ... ........................... v n − 2 ... c n-2 v n − 1 c n-1 ... v n c n ... Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 11 / 27

  35. Reduction sparse - secret k c i = � v i , s �⊕ d i ... 1 0 1 0 1 0 1 0 ... 1 1 1 0 1 0 0 0 ... 0 0 0 1 1 1 0 0 ... 0 0 0 0 0 1 0 1 ... 0 0 1 1 0 0 1 1 n ... 1 0 1 0 0 1 1 0 ........................... ... 0 0 1 1 0 1 1 0 ... 1 0 1 0 1 1 0 1 ... 1 0 0 1 1 0 0 1 Sonia Bogos, Serge Vaudenay Optimization of LPN Solving Algorithms 08.12.2016 11 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

solving Linear Optimization What we did so far How to model an optimization problem

solving Linear Optimization What we did so far How to model an optimization problem

Chapter 1 Linear Programming Paragraph 2 Developing Ideas for an Algorithm solving Linear Optimization What we did so far How to model an optimization problem Data, Variables, Constraints, Objective We have seen that optimization

483 views • 22 slides
Introduction I Greedy methods: A technique for solving optimization problems Computer Science

Introduction I Greedy methods: A technique for solving optimization problems Computer Science

Introduction I Greedy methods: A technique for solving optimization problems Computer Science & Engineering 423/823 I Choose a solution to a problem that is best per an objective function Design and Analysis of Algorithms I Similar to

1.09k views • 5 slides
Algorithms for unconstrained local optimization Fabio Schoen 2008

Algorithms for unconstrained local optimization Fabio Schoen 2008

Algorithms for unconstrained local optimization Fabio Schoen 2008 http://gol.dsi.unifi.it/users/schoen Algorithms for unconstrained local optimization p. Optimization Algorithms Most common form for optimization algorithms: Line

891 views • 87 slides
ECS231 Least-squares problems (Introduction to Randomized Algorithms) May 21, 2019 1 / 12

ECS231 Least-squares problems (Introduction to Randomized Algorithms) May 21, 2019 1 / 12

ECS231 Least-squares problems (Introduction to Randomized Algorithms) May 21, 2019 1 / 12 Outline 1. linear least squares review 2. Solving LS by sampling 3. Solving LS by randomized preconditioning 4. Gradient-based optimization

259 views • 12 slides
PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING

PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING

PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING MATERIAL DATA FROM BENCH SCALE TESTS Patrick Lauer University of Wuppertal lauer@uni-wuppertal.de Content 1. Content 2. Introduction 3. Method

490 views • 31 slides
Traffic Flow Optimization under Fairness Constraints with Lagrangian Relaxation and Cutting Plane

Traffic Flow Optimization under Fairness Constraints with Lagrangian Relaxation and Cutting Plane

Traffic Optimization Solving the CSO Problem Results Traffic Flow Optimization under Fairness Constraints with Lagrangian Relaxation and Cutting Plane Methods Felix G. K onig Department of Combinatorial Optimization & Graph Algorithms

1.75k views • 141 slides
Computational Optimization Constrained Optimization Algorithms Same basic algorithms Repeat

Computational Optimization Constrained Optimization Algorithms Same basic algorithms Repeat

Computational Optimization Constrained Optimization Algorithms Same basic algorithms Repeat Determine descent direction Determine step size Take a step Until Optimal But now must consider feasibility, e.g. Pick a feasible descent

415 views • 25 slides
Approximation Algorithms (Part I) P : an optimization problem I : an instance of P A : an

Approximation Algorithms (Part I) P : an optimization problem I : an instance of P A : an

Approximation Algorithms (Part I) P : an optimization problem I : an instance of P A : an algorithm for solving P V ( I ) : the value for I that is obtained by A V* ( I ) : the optimal value for I A is an approximation algorithm for P , if for each

837 views • 60 slides
Algorithms in Nature Ant colony optimization 2 Last time Ant colony optimization: An

Algorithms in Nature Ant colony optimization 2 Last time Ant colony optimization: An

Algorithms in Nature Ant colony optimization 2 Last time Ant colony optimization: An example of swarm intelligence Communication via chemical pheromone trails left in the environment Collectively able to find short paths through

615 views • 26 slides
LP/SDP LP/SDP Algorithms Algorithms Claire Mathieu Brown University Many optimization

LP/SDP LP/SDP Algorithms Algorithms Claire Mathieu Brown University Many optimization

LP/SDP LP/SDP Algorithms Algorithms Claire Mathieu Brown University Many optimization problems can be written as integers programs Traveling salesman tour, vehicle routing Steiner tree, connecting Clustering, cuts Coloring

820 views • 68 slides
23. Cutting planes and branch & bound Algorithms for solving MIPs Cutting plane methods

23. Cutting planes and branch & bound Algorithms for solving MIPs Cutting plane methods

CS/ECE/ISyE 524 Introduction to Optimization Spring 201718 23. Cutting planes and branch & bound Algorithms for solving MIPs Cutting plane methods Branch and bound methods Laurent Lessard (www.laurentlessard.com) MIP

422 views • 27 slides
Low Rank Approximation Lecture 9 Daniel Kressner Chair for Numerical Algorithms and HPC

Low Rank Approximation Lecture 9 Daniel Kressner Chair for Numerical Algorithms and HPC

Low Rank Approximation Lecture 9 Daniel Kressner Chair for Numerical Algorithms and HPC Institute of Mathematics, EPFL daniel.kressner@epfl.ch 1 Manifold optimization General setting: Aim at solving optimization problem X M r f ( X ) ,

515 views • 50 slides
MATH529 Fundamentals of Optimization Fundamentals of Constrained Optimization VIII:

MATH529 Fundamentals of Optimization Fundamentals of Constrained Optimization VIII:

MATH529 Fundamentals of Optimization Fundamentals of Constrained Optimization VIII: Algorithms Marco A. Montes de Oca Mathematical Sciences, University of Delaware, USA 1 / 24 Algorithms for Nonlinear Constrained Optimization One basic

1.04k views • 24 slides
Algorithms in Nature Optimization What Is Optimization? Selecting an element from a defined

Algorithms in Nature Optimization What Is Optimization? Selecting an element from a defined

Algorithms in Nature Optimization What Is Optimization? Selecting an element from a defined set to maximize (or minimize) a given criteria A formula to evaluate Input set is usually potential solution is well defined often easy to

923 views • 13 slides
Algorithms for constrained local optimization Fabio Schoen 2008

Algorithms for constrained local optimization Fabio Schoen 2008

Algorithms for constrained local optimization Fabio Schoen 2008 http://gol.dsi.unifi.it/users/schoen Algorithms for constrained local optimization p. Feasible direction methods Algorithms for constrained local optimization p.

692 views • 45 slides
My very own experience in solving optimization problems Alessandro Zanarini - EPFL - 26 March

My very own experience in solving optimization problems Alessandro Zanarini - EPFL - 26 March

My very own experience in solving optimization problems Alessandro Zanarini - EPFL - 26 March 2019 Automated tools vs Optimization Shift from manual to automated tool is seen as the holy grail Underlying problem can be tough

844 views • 42 slides
Chemical Storage & Contamination Sophie Koh, Jonathan Naughton, Cory Seremetis, Aseel

Chemical Storage & Contamination Sophie Koh, Jonathan Naughton, Cory Seremetis, Aseel

Chemical Storage & Contamination Sophie Koh, Jonathan Naughton, Cory Seremetis, Aseel Alharthi, and Kai Medina The Problem The Problem Bhopal Disaster in India led to the passage of the 1986 Emergency Planning and Community

550 views • 30 slides
Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110

Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110

http://www.cs.cornell.edu/courses/cs1110/2018sp Lecture 10: Lists and Sequences (Sections 10.0-10.2, 10.4-10.6, 10.8-10.13) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, C. Van Loan, W.

978 views • 33 slides
The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine

The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine

conference & convention enabling the next generation of networks & services The Swiss Army Knife SLTE Alice Shelton, Michele Barezzani Alcatel-Lucent Submarine Networks conference & convention enabling the next generation of

402 views • 18 slides
MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course 1 / 27 MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash course 2 / 27 Program Program I Interface: layout, menus, help, etc.. I Vectors and matrices I Graphics: I Plots,

2k views • 27 slides
C preprocessor Henrik Friedrichsen Arbeitsbereich Wissenschaftliches Rechnen Fachbereich

C preprocessor Henrik Friedrichsen Arbeitsbereich Wissenschaftliches Rechnen Fachbereich

Introduction Syntax Caveats Performance Summary References C preprocessor Henrik Friedrichsen Arbeitsbereich Wissenschaftliches Rechnen Fachbereich Informatik Fakult at f ur Mathematik, Informatik und Naturwissenschaften Universit

820 views • 29 slides
Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander

Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander

Introduction Related Data Structures Rank-Pairing Heaps Conclusion Rank-Pairing Heaps Bernard Haeupler Siddhartha Sen Robert E. Tarjan Presentation by Alexander Pokluda Cheriton School of Computer Science, University of Waterloo, Canada SIAM

515 views • 24 slides
Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6

Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6

2 Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6 Sphere Storyline 7 Doom Storyline Part 2 9 Goal: fast and addictive Game Description 10 Goal: fast and addictive Game Description 11

698 views • 30 slides
Improved method for genera0ng Typical Meteorological Year data

Improved method for genera0ng Typical Meteorological Year data

Improved method for genera0ng Typical Meteorological Year data for solar energy simula0ons Tomas Cebecauer and Marcel Suri GeoModel Solar, Slovakia

432 views • 39 slides

More recommend