An Algorithm for Solving the LPN Problem and Its Application to Security Evaluation of the HB Protocols for RFID Authentication

  • Marc P. C. Fossorier
  • Miodrag J. Mihaljević
  • Hideki Imai
  • Yang Cui
  • Kanta Matsuura
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4329)


An algorithm for solving the “learning parity with noise” (LPN) problem is proposed and analyzed. The algorithm originates from the recently proposed advanced fast correlation attacks, and it employs the concepts of decimation, linear combining, hypothesizing and minimum distance decoding. However, as opposed to fast correlation attacks, no preprocessing phase is allowed for the LPN problem. The proposed algorithm appears as more powerful than the best one previously reported known as the BKW algorithm proposed by Blum, Kalai and Wasserman. In fact the BKW algorithm is shown to be a special instance of the proposed algorithm, but without optimized parameters. An improved security evaluation, assuming the passive attacks, of Hopper and Blum HB and HB +  protocols for radio-frequency identification (RFID) authentication is then developed. Employing the proposed algorithm, the security of the HB protocols is reevaluated, implying that the previously reported security margins appear as overestimated.


cryptanalysis LPN problem fast correlation attacks HB protocols RFID authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the Inherent Intractability of Certain Coding Problems. IEEE Trans. Info. Theory 24, 384–386 (1978)zbMATHCrossRefGoogle Scholar
  2. 2.
    Blum, A., Furst, M., Kearns, M., Lipton, R.: Cryptographic Primitives Based on Hard Learning Problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Blum, A., Kalai, A., Wasserman, H.: Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model. Journal of the ACM 50(4), 506–519 (2003)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Chabaud, F.: On the Security of Some Cryptosystems Based on Error-Correcting Codes. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 113–139. Springer, Heidelberg (1995)Google Scholar
  5. 5.
    Chose, P., Joux, A., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Fossorier, M.P.C., Mihaljević, M.J., Imai, H.: A Unified Analysis for the Fast Correlation Attack. In: Proceedings of the 2005 IEEE Int. Symp. Inform. Theory - ISIT 2005, Adelaide, Australia, pp. 2012–2015 (September 2005) ISBN 0-7803-9151-9Google Scholar
  9. 9.
    Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack against HB+ a Provably Secure Lightweight Authentication Protocol, IACR, Cryptology ePrint Archive, Report 2005/237 (July 2005), Available at:
  10. 10.
    Hopper, N., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Hawkes, P., Rose, G.: Rewriting variables: the complexity of fast algebraic attacks on stream ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Juels, A., Weis, S.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005), Updated version available at: Google Scholar
  13. 13.
    Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB+ Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Khoo, K., Gong, G., Lee, H.-K.: The Rainbow Attack on Stream Ciphers Based on Maiorana-McFarland Functions. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 194–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Meier, W., Staffelbach, O.: Fast Correlation Attacks on Certain Stream Ciphers. Journal of Cryptology 1, 159–176 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Mihaljević, M.J., Fossorier, M.P.C., Imai, H.: A General Formulation of Algebraic and Fast Correlation Attacks Based on Dedicated Sample Decimation. In: Fossorier, M.P.C., Imai, H., Lin, S., Poli, A. (eds.) AAECC 2006. LNCS, vol. 3857, pp. 203–214. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Mihaljević, M.J., Fossorier, M.P.C., Imai, H.: Fast Correlation Attack Algorithm with List Decoding and an Application. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 196–210. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Regev, O.: On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In: Proceedings of the 37th ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar
  19. 19.
    Siegenthaler, T.: Decrypting a Class of Stream Ciphers Using Ciphertext Only. IEEE Trans. Comput. C-34, 81–85 (1985)CrossRefGoogle Scholar
  20. 20.
    Wagner, D.: A Generalized Birthday Problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Marc P. C. Fossorier
    • 1
  • Miodrag J. Mihaljević
    • 2
    • 4
  • Hideki Imai
    • 3
    • 4
  • Yang Cui
    • 5
  • Kanta Matsuura
    • 5
  1. 1.Department of Electrical EngineeringUniversity of HawaiiHonoluluUSA
  2. 2.Mathematical InstituteSerbian Academy of Sciences and ArtsBelgradeSerbia
  3. 3.Faculty of Science and EngineeringChuo UniversityTokyoJapan
  4. 4.Research Center for Information Security (RCIS)National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan
  5. 5.Institute of Industrial Science (IIS)University of TokyoTokyoJapan

Personalised recommendations