International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Hardness of LPN over Any Integer Ring and Field for PCG Applications

Authors:
Hanlin Liu , Shanghai Jiao Tong University, Shanghai Qi Zhi Institute
Xiao Wang , Northwestern University
Kang Yang , State Key Laboratory of Cryptology
Yu Yu , Shanghai Jiao Tong University, Shanghai Qi Zhi Institute
Download:
DOI: 10.1007/978-3-031-58751-1_6 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2024
Abstract: Learning parity with noise (LPN) has been widely studied and used in cryptography. It was recently brought to new prosperity since Boyle et al. (CCS'18), putting LPN to a central role in designing secure multi-party computation, zero-knowledge proofs, private set intersection, and many other protocols. In this paper, we thoroughly studied security of LPN problems in this particular context. We found that some important aspects are long ignored and many conclusions from classical LPN cryptanalysis do not apply to this new setting, due to the low noise rates, extremely high dimensions, various types (in addition to $\FF_2$) and noise distributions. For LPN over a field, we give a parameterized reduction from exact-noise LPN to regular-noise LPN. Compared to the recent result by Feneuil, Joux and Rivain (Crypto'22), we significantly reduce the security loss by paying only a small additive price in dimension and number of samples. We analyze the security of LPN over a ring $\ZZ_{2^\lambda}$. Existing protocols based on LPN over integer rings use parameters as if they are over fields, but we found an attack that effectively reduces the weight of a noise by half compared to LPN over fields. Consequently, prior works that use LPN over $\ZZ_{2^\lambda}$ overestimate up to 40 bits of security. We provide a complete picture of the hardness of LPN over integer rings by showing: 1) the equivalence between its search and decisional versions; 2) an efficient reduction from LPN over $\FF_{2}$ to LPN over $\ZZ_{2^\lambda}$; and 3) generalization of our results to any integer ring. Finally, we provide an all-in-one estimator tool for the bit security of LPN parameters in the context of PCG, incorporating the recent advanced attacks.
BibTeX
@inproceedings{eurocrypt-2024-33836,
  title={The Hardness of LPN over Any Integer Ring and Field for PCG Applications},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-58751-1_6},
  author={Hanlin Liu and Xiao Wang and Kang Yang and Yu Yu},
  year=2024
}