Fine-grained Cryptanalysis: Tight Conditional Bounds for Dense k-SUM and k-XOR
Abstract
An average-case variant of the k-SUM conjecture asserts that finding k numbers that sum to 0 in a list of r random numbers, each of the order rk, cannot be done in much less than \(r^{\lceil k/2 \rceil }\) time. However, in the dense regime of parameters, where the list contains more numbers and many solutions exist, the complexity of finding one of them can be significantly improved by Wagner’s k-tree algorithm. Such algorithms for k-SUM in the dense regime have many applications, notably in cryptanalysis.
In this article, assuming the average-case k-SUM conjecture, we prove that known algorithms are essentially optimal for k= 3,4,5. For k> 5, we prove the optimality of the k-tree algorithm for a limited range of parameters. We also prove similar results for k-XOR, where the sum is replaced with exclusive or.
Our results are obtained by a self-reduction that, given an instance of k-SUM that has a few solutions, produces from it many instances in the dense regime. We solve each of these instances using the dense k-SUM oracle and hope that a solution to a dense instance also solves the original problem. We deal with potentially malicious oracles (that repeatedly output correlated useless solutions) by an obfuscation process that adds noise to the dense instances. Using discrete Fourier analysis, we show that the obfuscation eliminates correlations among the oracle’s solutions, even though its inputs are highly correlated.
References
[1]
Amir Abboud and Virginia Vassilevska Williams. 2014. Popular conjectures imply strong lower bounds for dynamic problems. In FOCS. IEEE Computer Society, 434–443. DOI:
[2]
Amir Abboud, Virginia Vassilevska Williams, and Oren Weimann. 2014. Consequences of faster alignment of sequences. In ICALP(Lecture Notes in Computer Science, Vol. 8572), Javier Esparza, Pierre Fraigniaud, Thore Husfeldt, and Elias Koutsoupias (Eds.). Springer, 39–51. DOI:
[3]
Mark Yuying An. 1996. Log-concave Probability Distributions: Theory and Statistical Testing. Game Theory and Information. University Library of Munich, Germany. Retrieved from https://EconPapers.repec.org/RePEc:wpa:wuwpga:9611002
[4]
Boris Aronov and Sariel Har-Peled. 2008. On approximating the depth and related problems. SIAM J. Comput. 38, 3 (2008), 899–921. DOI:
[5]
Marshall Ball, Alon Rosen, Manuel Sabin, and Prashant Nalini Vasudevan. 2018. Proofs of work from worst-case assumptions. In CRYPTO(Lecture Notes in Computer Science, Vol. 10991), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, 789–819. DOI:
[6]
Anja Becker, Antoine Joux, Alexander May, and Alexander Meurer. 2012. Decoding random binary linear codes in \(2^{n/20}\) : How 1 + 1 = 0 improves information set decoding. In EUROCRYPT(Lecture Notes in Computer Science, Vol. 7237), David Pointcheval and Thomas Johansson (Eds.). Springer, 520–536. DOI:
[7]
Fabrice Benhamouda, Tancrède Lepoint, Julian Loss, Michele Orrù, and Mariana Raykova. 2021. On the (in)security of ROS. In EUROCRYPT(Lecture Notes in Computer Science, Vol. 12696), Anne Canteaut and François-Xavier Standaert (Eds.). Springer, 33–53. DOI:
[8]
Avrim Blum, Adam Kalai, and Hal Wasserman. 2003. Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50, 4 (2003), 506–519. DOI:
[9]
Stéphane Boucheron, Gábor Lugosi, and Pascal Massart. 2013. Concentration Inequalities—A Nonasymptotic Theory of Independence. Oxford University Press. DOI:
[10]
Charles Bouillaguet, Claire Delaplace, and Pierre-Alain Fouque. 2018. Revisiting and improving algorithms for the 3XOR problem. IACR Trans. Symmetric Cryptol. 2018, 1 (2018), 254–276. DOI:
[11]
Zvika Brakerski, Noah Stephens-Davidowitz, and Vinod Vaikuntanathan. 2021. On the hardness of average-case k-SUM. In APPROX/RANDOM(LIPIcs, Vol. 207), Mary Wootters and Laura Sanità (Eds.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 29:1–29:19. DOI:
[12]
Paul Camion and Jacques Patarin. 1991. The knapsack hash function proposed at Crypto’89 can be broken. In EUROCRYPT(Lecture Notes in Computer Science, Vol. 547), Donald W. Davies (Ed.). Springer, 39–53. DOI:
[13]
Akshay Degwekar, Vinod Vaikuntanathan, and Prashant Nalini Vasudevan. 2016. Fine-grained cryptography. In CRYPTO(Lecture Notes in Computer Science, Vol. 9816), Matthew Robshaw and Jonathan Katz (Eds.). Springer, 533–562. DOI:
[14]
Itai Dinur. 2019. An algorithmic framework for the generalized birthday problem. Des. Codes Cryptogr. 87, 8 (2019), 1897–1926. DOI:
[15]
Yevgeniy Dodis, Dmitry Khovratovich, Nicky Mouha, and Mridul Nandi. 2021. T \(_5\) : Hashing five inputs with three compression calls. In ITC(LIPIcs, Vol. 199), Stefano Tessaro (Ed.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 24:1–24:23. DOI:
[16]
Orr Dunkelman, Nathan Keller, and Adi Shamir. 2015. Slidex attacks on the Even-Mansour encryption scheme. J. Cryptol. 28, 1 (2015), 1–28. DOI:
[17]
Paul Erdős. 1945. On a lemma of Littlewood and Offord. Bull. Amer. Math. Soc. 5, 12 (1945), 898–902.
[18]
Anka Gajentaan and Mark H. Overmars. 1995. On a class of \({O}(n^2)\) problems in computational geometry. Comput. Geom. 5 (1995), 165–185. DOI:
[19]
Alexander Golovnev, Siyao Guo, Thibaut Horel, Sunoo Park, and Vinod Vaikuntanathan. 2020. Data structures meet cryptography: 3SUM with preprocessing. In STOC, Konstantin Makarychev, Yury Makarychev, Madhur Tulsiani, Gautam Kamath, and Julia Chuzhoy (Eds.). ACM, 294–307. DOI:
[20]
Nick Howgrave-Graham and Antoine Joux. 2010. New generic algorithms for hard knapsacks. In EUROCRYPT(Lecture Notes in Computer Science, Vol. 6110), Henri Gilbert (Ed.). Springer, 235–256. DOI:
[21]
Russell Impagliazzo, Leonid A. Levin, and Michael Luby. 1989. Pseudo-random generation from one-way functions (extended abstracts). In STOC, David S. Johnson (Ed.). ACM, 12–24. DOI:
[22]
Zahra Jafargholi and Emanuele Viola. 201A6. 3SUM, 3XOR, triangles. Algorithmica 74, 1 (201A6), 326–343. DOI:
[23]
Antoin Joux. 2009. Algorithmic Cryptanalysis. CRC Press.
[24]
Rio LaVigne, Andrea Lincoln, and Virginia Vassilevska Williams. 2019. Public-key cryptography in the fine-grained setting. In CRYPTO(Lecture Notes in Computer Science, Vol. 11694), Alexandra Boldyreva and Daniele Micciancio (Eds.). Springer, 605–635. DOI:
[25]
Gaëtan Leurent and Ferdinand Sibleyras. 2019. Low-memory attacks against two-round even-mansour using the 3-XOR problem. In CRYPTO(Lecture Notes in Computer Science, Vol. 11693), Alexandra Boldyreva and Daniele Micciancio (Eds.). Springer, 210–235. DOI:
[26]
John Edensor Littlewood and A. Cyril Offord. 1943. On the number of real roots of a random algebraic equation (III). Rec. Math. (Mat. Sbornik). Nouvelle Série 54, 12 (1943), 277–286.
[27]
Yi Lu and Serge Vaudenay. 2004. Faster correlation attack on bluetooth keystream generator E0. In CRYPTO(Lecture Notes in Computer Science, Vol. 3152), Matthew K. Franklin (Ed.). Springer, 407–425. DOI:
[28]
Vadim Lyubashevsky. 2005. The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem. In APPROX/RANDOM(Lecture Notes in Computer Science, Vol. 3624), Chandra Chekuri, Klaus Jansen, José D. P. Rolim, and Luca Trevisan (Eds.). Springer, 378–389. DOI:
[29]
Florian Mendel, Norbert Pramstaller, Christian Rechberger, Marcin Kontak, and Janusz Szmidt. 2008. Cryptanalysis of the GOST hash function. In CRYPTO(Lecture Notes in Computer Science, Vol. 5157), David A. Wagner (Ed.). Springer, 162–178. DOI:
[30]
Lorenz Minder and Alistair Sinclair. 2012. The extended k-tree algorithm. J. Cryptol. 25, 2 (2012), 349–382. DOI:
[31]
Jesper Nederlof and Karol Wegrzycki. 2021. Improving Schroeppel and Shamir’s algorithm for subset sum via orthogonal vectors. In STOC, Samir Khuller and Virginia Vassilevska Williams (Eds.). ACM, 1670–1683. DOI:
[32]
Ivica Nikolic and Yu Sasaki. 2015. Refinements of the k-tree algorithm for the generalized birthday problem. In ASIACRYPT(Lecture Notes in Computer Science, Vol. 9453), Tetsu Iwata and Jung Hee Cheon (Eds.). Springer, 683–703. DOI:
[33]
Mihai Patrascu. 2010. Towards polynomial lower bounds for dynamic problems. In STOC, Leonard J. Schulman (Ed.). ACM, 603–610. DOI:
[34]
Seth Pettie. 2015. Higher lower bounds from the 3sum conjecture. In Proceedings of the Fine-grained Complexity and Algorithm Design Workshop at the Simons Institute.
[35]
Virginia Vasillevska-Williams. 2019. On some fine-grained questions in algorithms and complexity. In Proceedings of the International Congress of Mathematicians (ICM’19). 3447–3487.
[36]
David A. Wagner. 2002. A generalized birthday problem. In CRYPTO(Lecture Notes in Computer Science, Vol. 2442), Moti Yung (Ed.). Springer, 288–303. DOI:
[37]
Virginia Vassilevska Williams and Ryan Williams. 2013. Finding, minimizing, and counting weighted subgraphs. SIAM J. Comput. 42, 3 (2013), 831–854. DOI:
Index Terms
- Fine-grained Cryptanalysis: Tight Conditional Bounds for Dense k-SUM and k-XOR
Recommendations
Kernelization Lower Bounds Through Colors and IDs
In parameterized complexity, each problem instance comes with a parameter k, and a parameterized problem is said to admit a polynomial kernel if there are polynomial time preprocessing rules that reduce the input instance to an instance with size ...
Tight bounds for online vector bin packing
STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of ComputingIn the d-dimensional bin packing problem (VBP), one is given vectors x1,x2, ... ,xn ∈ Rd and the goal is to find a partition into a minimum number of feasible sets: {1,2 ... ,n} = ∪is Bi. A set Bi is feasible if ∑j ∈ Bi xj ≤ 1, where 1 denotes the all 1'...
Tight Bounds on Subexponential Time Approximation of Set Cover and Related Problems
Approximation and Online Algorithms
Comments
Information & Contributors
Information
Published In
June 2024
323 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/3613558
- Editor:
- Venkatesan Guruswami
Copyright © 2024 Copyright held by the owner/author(s).
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 June 2024
Online AM: 17 March 2024
Accepted: 23 January 2024
Revised: 18 July 2022
Received: 18 July 2022
Published in JACM Volume 71, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Israel Science Foundation
- European Research Council
- BIU Center for Research in Applied Cryptography and Cyber Security
- Israel National Cyber Bureau
- Israel Science Foundation
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 235Total Downloads
- Downloads (Last 12 months)235
- Downloads (Last 6 weeks)147
Reflects downloads up to 26 Jul 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderFull Text
View this article in Full Text.
Full TextGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in