• Improvements on making BKW practical for solving LWE 

      Budroni, Alessandro; Guo, Qian; Johansson, Thomas; Mårtensson, Erik; Wagner, Paul Stankovski (Journal article; Peer reviewed, 2021)
      The learning with errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum–Kalai–Wasserman (BKW) algorithm. This paper ...
    • Making the BKW Algorithm Practical for LWE 

      Budroni, Alessandro; Guo, Qian; Johansson, Thomas; Mårtensson, Erik; Stankovski Wagner, Paul (Journal article; Peer reviewed, 2020)
      The Learning with Errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum-Kalai-Wasserman (BKW) algorithm. This paper ...
    • A novel CCA attack using decryption errors against LAC 

      Guo, Qian; Johansson, Thomas; Yang, Jing (Peer reviewed; Journal article, 2019)
      Cryptosystems based on Learning with Errors or related problems are central topics in recent cryptographic research. One main witness to this is the NIST Post-Quantum Cryptography Standardization effort. Many submitted ...
    • On the Asymptotics of Solving the LWE Problem Using Coded-BKW With Sieving. 

      Guo, Qian; Johansson, Thomas; Mårtensson, Erik; Wagner, Paul Stankovski (Peer reviewed; Journal article, 2019)
    • Ouroboros-E: An efficient Lattice-based Key-Exchange Protocol 

      Deneuville, Jean-Christophe; Gaborit, Philippe; Guo, Qian; Johansson, Thomas (Peer reviewed; Journal article, 2018)
      The Bit Flipping algorithm is a hard decision decoding algorithm originally designed by Gallager in 1962 to decode Low Density Parity Check Codes (LDPC). It has recently proved to be much more versatile, for Moderate Parity ...
    • Solving LPN Using Covering Codes 

      Guo, Qian; Johansson, Thomas; Löndahl, Carl (Peer reviewed; Journal article, 2019-10-15)
      We present a new algorithm for solving the LPN problem. The algorithm has a similar form as some previous methods, but includes a new key step that makes use of approximations of random words to a nearest codeword in a ...