Solving BDD by Enumeration: An Update
نویسندگان
چکیده
Bounded Distance Decoding (BDD) is a basic lattice problem used in cryptanalysis: the security of most lattice-based encryption schemes relies on the hardness of some BDD, such as LWE. We study how to solve BDD using a classical method for finding shortest vectors in lattices: enumeration with pruning speedup, such as Gama-NguyenRegev extreme pruning from EUROCRYPT ’10. We obtain significant improvements upon Lindner-Peikert’s Search-LWE algorithm (from CTRSA ’11), and update experimental cryptanalytic results, such as attacks on DSA with partially known nonces and GGH encryption challenges. Our work shows that any security estimate of BDD-based cryptosystems must take into account enumeration attacks, and that BDD enumeration can be practical even in high dimension like 350.
منابع مشابه
An implicit formulation for exact BDD minimization
This paper addresses the problem of binary decision diagram (BDD) minimization in the presence of don’t care sets. Specifically, given an incompletely specified function and a fixed ordering of the variables, we propose an exact algorithm for selecting such that is a cover for and the binary decision diagram for is of minimum size. The approach described is the only known exact algorithm for th...
متن کاملExact Minimization of Boolean Decision Diagrams Using ImplicitTechniquesAbstractThis
This paper addresses the problem of Boolean decision diagram (BDD) minimization in the presence of don't care sets. Speciically, given an incompletely speciied function g and a xed ordering of the variables, we propose an exact algorithm for selecting f such that f is a cover for g and the Boolean decision diagram for f is of minimum size. The approach described is the only known exact algorith...
متن کاملExact Minimization of Binary Decision Diagrams Using Implicit Techniques
This paper addresses the problem of binary decision diagram (BDD) minimization in the presence of don’t care sets. Specifically, given an incompletely specified function g and a fixed ordering of the variables, we propose an exact algorithm for selecting f such that f is a cover for g and the binary decision diagram for f is of minimum size. The approach described is the only known exact algori...
متن کاملAn implicit formulation for exact BDD minimization
This paper addresses the problem of binary decision diagram (BDD) minimization in the presence of don’t caresets. Specifically, given an incompletely specified function g and a fixed ordering of the variables, we propose anexact algorithm for selectingf such that f is a cover for g and the binary decision diagram for f is of minimumsize. The approach described is the only kn...
متن کاملImplicit State Enumeration for FSMs with Datapaths
We show how the classic BDD-based technique of implicit state enumeration for FSMs can be generalized to an automata-based approach for implicit state enumeration of FSMs interacting with datapaths of unbounded width. We present experimental results showing that our automata representation of an unbounded width datapath can be 10x more compact than the BDD representation of the corresponding 32...
متن کامل