International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Alexander Meurer (#904)
Name Alexander Meurer
Personal Homepage
Topic of his/her doctorate. A Coding-Theoretic Approach to Cryptanalysis
Category foundations
Keywords Cryptanalysis, Code-Based Cryptography, Information Set Decoding, Representaiton Technique
Year of completion 2013
Abstract In this thesis we study the applicability of coding-theoretic algorithms to cryptanalysis and provide new insights into the practical security of different cryptographic primitives. The main results can be summarised as follows:
  • We introduce a new generalised framework for the class of "Information Set Decoding" (ISD) algorithms. This class contains all instantiations of the best-known generic decoding algorithms for random linear codes to date.
  • By applying the so-called representation technique, we design a new ISD algorithm which asymptotically achieves an exponential improvement over all known methods. Within the generalised ISD framework we provide a rigorous formal proof of superiority of the new algorithm for arbitrary code rates.
  • We discuss different practical applications, e.g. we study the security of concrete parameter sets for the McEliece one-way function and we efficiently break all low-noise instances of the "Learning Parities with Noise" (LPN) problem. The main technical contribution of this part is a refined non-asymptotic analysis of the proposed algorithm.
  • A new algorithm that allows for error correction in RSA private keys is presented. This algorithms allows to recover the original RSA secret key in polynomial time (w.r.t. the bit length of the modulus) given a noisy copy, i.e. given a copy very every individual bit is independently flipped with (unknown) p
  • E-Mail Address alexander.meurer (at)
    Last Change 2013-07-03 05:51:11
    To provide an update on this entry, please click .

    Contact: phds (at)

    [ IACR home page ] [ IACR PhDs page ] © IACR