Skip to main content

Calibrating Learning Parity with Noise Authentication for Low-Resource Devices

  • 1146 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13407)


Learning Parity with Noise (LPN) is an attractive post-quantum cryptosystem for low-resource devices due to its simplicity. Communicating parties only require the use of AND and XOR gates to generate or verify LPN cryptogram samples exchanged between the parties. However, the LPN setup is complicated by different parameter choices including key length, noise rate, sample size, and verification window which can determine the usability and security of the implementation. To address advances in LPN cryptanalysis, recommendations for ever increasing key lengths have made LPN no longer feasible for low-resource devices. In this paper, we use a series of experiments to simulate and cryptanalyze LPN authentication under different parameter values to arrive at recommended values suitable for low-resource devices. We also examine the impact of limiting the key lifespan of the LPN secret vector as a means to balance security while keeping key lengths relatively short.


  • Learning Parity with Noise (LPN)
  • Cryptanalysis
  • Machine learning
  • Post quantum cryptography

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    In the case of LPN, the key is also referred to as the secret vector. For this paper, we will use key and secret vector interchangeably for readability purposes.

  2. 2.

    Including 3M, EM Microelectronic, Fujitsu, NXP and Rockwell Automation.


  1. 2013, I...: Information technology-radio frequency identification for item management-part 6: Parameters for air interface communications at 860 MHz to 960 MHz general (2013)

    Google Scholar 

  2. Belaïd, S., Coron, J.-S., Fouque, P.-A., Gérard, B., Kammerer, J.-G., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 395–415. Springer, Heidelberg (2015).

    CrossRef  Google Scholar 

  3. Bernstein, D.J., Lange, T.: Never trust a bunny. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 137–148. Springer, Heidelberg (2013).

    CrossRef  Google Scholar 

  4. Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994).

    CrossRef  Google Scholar 

  5. Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM (JACM) 50(4), 506–519 (2003)

    CrossRef  MathSciNet  MATH  Google Scholar 

  6. Bogos, S., Tramer, F., Vaudenay, S.: On solving LPN using BKW and variants. Cryptogr. Commun. 8(3), 331–369 (2016)

    CrossRef  MathSciNet  MATH  Google Scholar 

  7. Brakerski, Z., Lyubashevsky, V., Vaikuntanathan, V., Wichs, D.: Worst-case hardness for LPN and cryptographic hashing via code smoothing. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 619–635. Springer, Cham (2019).

    CrossRef  Google Scholar 

  8. Bringer, J., Chabanne, H., Dottax, E.: HB\(^{++}\): a lightweight authentication protocol secure against some attacks. In: Second international Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2006), pp. 28–33. IEEE (2006)

    Google Scholar 

  9. Esser, A., Kübler, R., May, A.: LPN decoded. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 486–514. Springer, Cham (2017).

    CrossRef  Google Scholar 

  10. Gad, A.F.: PyGAD: An Intuitive Genetic Algorithm Python Library (2021)

    Google Scholar 

  11. Geurts, P., Ernst, D., Wehenkel, L.: Extremely randomized trees. Mach. Learn. 63(1), 3–42 (2006)

    CrossRef  MATH  Google Scholar 

  12. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB#: increasing the security and efficiency of HB\(^+\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008).

    CrossRef  Google Scholar 

  13. Grilo, A.B., Kerenidis, I., Zijlstra, T.: Learning-with-errors problem is easy with quantum samples. Phys. Rev. A 99(3), 032314 (2019)

    Google Scholar 

  14. Guo, Q., Johansson, T., Löndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1–20. Springer, Heidelberg (2014).

    CrossRef  Google Scholar 

  15. Heyse, S., Kiltz, E., Lyubashevsky, V., Paar, C., Pietrzak, K.: Lapin: an efficient authentication protocol based on ring-LPN. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 346–365. Springer, Heidelberg (2012).

    CrossRef  Google Scholar 

  16. Holland, J.H.: Genetic algorithms. Sci. Am. 267(1), 66–73 (1992)

    CrossRef  Google Scholar 

  17. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001).

    CrossRef  Google Scholar 

  18. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005).

    CrossRef  Google Scholar 

  19. Kearns, M.: Efficient noise-tolerant learning from statistical queries. J. ACM (JACM) 45(6), 983–1006 (1998)

    CrossRef  MathSciNet  MATH  Google Scholar 

  20. Kiltz, E., Pietrzak, K., Venturi, D., Cash, D., Jain, A.: Efficient authentication from hard learning problems. J. Cryptol. 30(4), 1238–1275 (2017)

    CrossRef  MathSciNet  MATH  Google Scholar 

  21. Kübler, R.: Where Machine Learning meets Cryptography (2020). Accessed Mar 2022

  22. Kübler, R.J.: Time-memory trade-offs for the learning parity with noise problem. Ph.D. thesis, Ruhr University Bochum, Germany (2018)

    Google Scholar 

  23. Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)

    CrossRef  MathSciNet  MATH  Google Scholar 

  24. Levieil, É., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006).

    CrossRef  Google Scholar 

  25. Lyubashevsky, V., Masny, D.: Man-in-the-middle secure authentication schemes from LPN and weak PRFs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 308–325. Springer, Heidelberg (2013).

    CrossRef  MATH  Google Scholar 

  26. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994).

    CrossRef  Google Scholar 

  27. NIST: Post-Quantum Cryptography: Round 3 Submissions (2019). Accessed Mar 2022

  28. Wiggers, T., Samardjiska, S.: Practically solving LPN. In: 2021 IEEE International Symposium on Information Theory (ISIT), pp. 2399–2404. IEEE (2021)

    Google Scholar 

Download references


This project is supported by the Ministry of Education, Singapore, under its MOE AcRF Tier 2 grant (MOE2018-T2-1-111). The computational work for this article was partially performed on resources of the National Supercomputing Centre, Singapore (

The work is also supported by A*STAR under its RIE2020 Advanced Manufacturing and Engineering (AME) Industry Alignment Fund - Pre Positioning (IAF-PP) Award A19D6a0053. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of A*STAR.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Teik Guan Tan .

Editor information

Editors and Affiliations

A Algorithm Pseudocode

A Algorithm Pseudocode

figure e

We assume the existence of a function Random(np) that returns a binary matrix/vector of size n where each element has a probability p to be 1. The secret key s is randomly generated.

figure f
figure g

We performed a sub-experiment to measure the efficacy of the fitness function by varying the number of erroneous bits in \(s^{\prime }\) and noise rate to find any advantage that adversaries may be able to uncover.

Fig. 8.
figure 8

Return values for simulated fitness function for \(k=64,\delta =0.5\)

Figure 8 shows the graph which plots the return values of the fitness function for error bits in \(s^{\prime }\) from 0 to \(\frac{k}{2}\) in increments of 1 and for noise rate \(\tau \) = {0.05, 0.125, 0.25, 0.4}. For clarity purposes, we have fixed \(k=64,\delta =0.5,n=500\). It clearly shows that the fitness function is unable to tell the difference in the number of error bits for partial solutions since the fitness values become close to zero once there is at least one error bit in \(s^{\prime }\).

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tan, T.G., Soh, D.W., Zhou, J. (2022). Calibrating Learning Parity with Noise Authentication for Low-Resource Devices. In: Alcaraz, C., Chen, L., Li, S., Samarati, P. (eds) Information and Communications Security. ICICS 2022. Lecture Notes in Computer Science, vol 13407. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15776-9

  • Online ISBN: 978-3-031-15777-6

  • eBook Packages: Computer ScienceComputer Science (R0)