Algebraic Decoding of Rank Metric Codes
|
|
- Gertrude Farmer
- 5 years ago
- Views:
Transcription
1 Algebraic Decoding of Rank Metric Codes Françoise Levy-dit-Vehel ENSTA Paris, France joint work with Ludovic Perret (UCL Louvain) Special Semester on Gröbner Bases - Workshop D1
2 Outline The Rank Decoding problem (RD) Motivation Some complexity results Easy instances of RD Solving RD: generic algorithms focusing on Ourivski-Johannsson method our approach Practical results Conclusion
3 The Rank Decoding Problem RD Input: N, n, k N, G M k n (F q N ), c F n q N. Question: find m F k q N, such that e = c mg has smallest rank Rk(e F q )? Here, Rk(e F q ) is the rank of e when considered as a (N n) matrix over F q. A related problem: MR Input: N, n, k N, M 0,..., M k M N n (F q ). Question: find (λ 1,..., λ k ) F k q, such that E = M 0 k i=1 λ im i has smallest rank? MR can be seen as a Subcode Rank Decoding problem, where m has to be searched in F k q.
4 The Rank Decoding Problem RD Input: N, n, k N, G M k n (F q N ), c F n q N. Question: find m F k q N, such that e = c mg has smallest rank Rk(e F q )? Here, Rk(e F q ) is the rank of e when considered as a (N n) matrix over F q. A related problem: MR Input: N, n, k N, M 0,..., M k M N n (F q ). Question: find (λ 1,..., λ k ) F k q, such that E = M 0 k i=1 λ im i has smallest rank? MR can be seen as a Subcode Rank Decoding problem, where m has to be searched in F k q.
5 The Rank Decoding Problem RD Input: N, n, k N, G M k n (F q N ), c F n q N. Question: find m F k q N, such that e = c mg has smallest rank Rk(e F q )? Here, Rk(e F q ) is the rank of e when considered as a (N n) matrix over F q. A related problem: MR Input: N, n, k N, M 0,..., M k M N n (F q ). Question: find (λ 1,..., λ k ) F k q, such that E = M 0 k i=1 λ im i has smallest rank? MR can be seen as a Subcode Rank Decoding problem, where m has to be searched in F k q.
6 Motivation: cryptographic applications of MR Birational permutations signature scheme [Sh 93] TTM cryptosystem [Mo 99] Courtois ZK authentication scheme [Co 01]... of RD GPT cryptosystem [GaPaTr 91,GaOu 01] Chen authentication scheme [Ch 96] Berger-Loidreau cryptosystem [BeLo 04]
7 Some Complexity Results Theorem (BuFrSh 96,Co 01) Proof. MR is NP-Hard. By reduction of Maximum Likelihood Decoding over F q - proven to be NP-Hard [BeMcEvT 78, Ba 94, GuVa 05] - to MR. Corollary There exists a reduction from RD to MR. Open Questions No known explicit reduction. Is RD NP-hard?
8 Solving the RD problem (I) Algorithms for particular codes Gabidulin codes: the generator matrix is of the form G = g 1... g n g q 1... gn q..... g qk gn qk 1, (g 1,..., g n ) F n q. N Decoding algorithms (F q N -mult.): r 3 + (2n + N)r [Ga 91], (5/2)n 2 [Lo 05]. ( ) G1 0 Reducible rank codes: generator matrix of the form, A G 2 where G i, i = 1, 2, are matrices of Gabidulin codes. Decoding complexity (F q N -mult.): O(kn + n 3 ) [OuGaHoAm 03].
9 Solving the RD problem (II) Generic algorithms Stern-Chabaud (96): Problem modeled in terms of parity-check matrix. Solving approach: enumerating rank r r-tuples of F q N over F q, and trying to solve a linear system. Improved exhaustive enumeration from q Nr to q (N r)(r 1). Complexity: O((nr + N) 3 q (N r)(r 1) ). Ourivski-Johansson (02): Problem reduced to finding a minimum rank codeword in an extended code. Enumeration + solving a linear system over F q. Two versions, with complexities O((rN) 3 q (r 1)(k+1)+2 ) and O((k + r) 3 r 3 q (N r)(r 1)+2 ).
10 Ourivski-Johannsson algorithm: idea Problem: given G M k n (F q N ) and c F n q N, find m F k q N, such that e = c mg has smallest rank r = Rk(e F q ). Construct the code C e with generator matrix ( ) ( ) ( ) G Ik 0 G = c m 1 e Provided r (d 1)/2, the problem is then reduced to finding a codeword of minimum rank r in C e. Indeed, all those are of the form ɛe, ɛ F q N. Having found e = ɛe, the value of ɛ is retrieved by computing ch t and e H t, H being the parity-check matrix of C.
11 Modeling the problem as a set of quadratic equations Any vector v F n can be expressed in a basis q N X = (x 1,..., x N ) of F q N over F q as v = (x 1,..., x N )A, where A M N n (F q ) and Rk(A) = Rk(v F q ). Thus, if Rk(v F q ) = r, we can write ( ) v = ( x 1,..., x à N ) = ( x 0 1,..., x r )à with à M r n(f q ) of full rank r. Let C e =< G syst >, G syst = (I k+1 R), R M (k+1) (n k 1) (F q N ). Then, there exists u (F q N ) k+1, such that ug syst = (u, ur) = e
12 Modeling the problem as a set of quadratic equations Any vector v F n can be expressed in a basis q N X = (x 1,..., x N ) of F q N over F q as v = (x 1,..., x N )A, where A M N n (F q ) and Rk(A) = Rk(v F q ). Thus, if Rk(v F q ) = r, we can write ( ) v = ( x 1,..., x à N ) = ( x 0 1,..., x r )à with à M r n(f q ) of full rank r. Let C e =< G syst >, G syst = (I k+1 R), R M (k+1) (n k 1) (F q N ). Then, there exists u (F q N ) k+1, such that ug syst = (u, ur) = e
13 Modeling the problem as a set of quadratic equations Writing e = (e 1, e 1 R) = XA, X = (x 0,..., x r 1 ) being an incomplete basis of F q N over F q and A = (α i,j ) M r n (F q ) being of full rank r, we get e 1 = (x 0,..., x r 1 )A 1 and e 1 R = (x 0,..., x r 1 )A 2, where A = (A 1 A 2 ), A 1 M r (k+1) (F q ), A 2 M r (n k 1) (F q ). We thus have to solve (x 0,..., x r 1 )A 2 = (x 0,..., x r 1 )A 1 R. (1) As it suffices to retrieve ɛe, for any ɛ F q N, we can set x 0 = 1. System (1) is a quadratic system of n k 1 equations and nr + r 1 unknowns α i,j, x 1,..., x r 1 over F q N.
14 Modeling the problem... Systeme (1) is equivalent to (x 0,..., x r 1 )(A 2 ) j = (x 0,..., x r 1 )A 1 R j, k + 2 j n, (2) (A 2 ) j (resp. R j ) being the j-th column of A 2 (resp. R). Let Ω = (ω 0,..., ω N 1 ) be a basis of F q N over F q. Over Ω, x i = N 1 j=0 x ij ω j, x ij F q, 0 i r 1. Expressing this way X and each R j w.r.t. Ω, we can rewrite (2) as a system of N(n k 1) equations in nr + N(r 1) unknowns over F q.
15 Solving the system: Ourivski-Johannsson strategy Choose J [k + 2,..., n], J = m, yielding mn equations in N(r 1) + r(m + k + 1) unknowns. Strategy 1: O(((r 1)N + m + k + 1) 3 q (r 1)(m+k+1 r)+2 ) Guess values of α i,j contributing to quadratic terms. Solve the resulting linear system of Nm equations in N(r 1) + m + k + 1 unknowns (m r 1 + k+1 N 1 ). Strategy 2: O((m + k + 1) 3 r 3 q (N r)(r 1)+2 ) Guess the coordinates of the x i s in the basis Ω. Solve the resulting linear system of Nm equations in r(m + k + 1) unknowns (m (k+1)r N r ). Similar to [ChSt 96], but there the system solved is in rn + N unknowns.
16 Solving the system: Ourivski-Johannsson strategy Choose J [k + 2,..., n], J = m, yielding mn equations in N(r 1) + r(m + k + 1) unknowns. Strategy 1: O(((r 1)N + m + k + 1) 3 q (r 1)(m+k+1 r)+2 ) Guess values of α i,j contributing to quadratic terms. Solve the resulting linear system of Nm equations in N(r 1) + m + k + 1 unknowns (m r 1 + k+1 N 1 ). Strategy 2: O((m + k + 1) 3 r 3 q (N r)(r 1)+2 ) Guess the coordinates of the x i s in the basis Ω. Solve the resulting linear system of Nm equations in r(m + k + 1) unknowns (m (k+1)r N r ). Similar to [ChSt 96], but there the system solved is in rn + N unknowns.
17 Solving the system: our approach Add to system (2) the n k syndrome equations: { (x0,..., x r 1 )(A 2 ) j = (x 0,..., x r 1 )A 1 R j, k + 2 j n (x 0,..., x r 1 )AH t = ch t. (3) Take a basis Ω of F q N over F q, and express X w.r.t. Ω. Rewrite (3) as a system of N(2(n k) 1) equations in nr + N(r 1) unknowns over F q. Run a Gröbner basis algorithm (F 4 ) on this system, to obtain the associated variety V over F q. Express each element of V as ( X, Ã) Fr q N M r n (F q ) (going from F rn q back to F r ). q N Set ẽ = XÃ. Compute the rank of ẽ and keep the one satisfying Rk(ẽ F q ) = r and c ẽ C =< G >.
18 Results N n k r OuJo 1 OuJo 2 ChSt LePe s s s.(5min. 30s. ) h. 5min min. 20s h. 30min h. Running time of the algorithm on the system over F q N.
19 Conclusion Our contribution Consider a slightly modified system. Use a different solving approach. For r = 2, our algorithm performs very well even for N, n large. Good results for r = 3 when k n/2. Further research... Exploit information obtained for r = 2, 3 to attack r = 4. Include all the constraints in system (specially, c e C). Construct a system directly from RD, and compare the results.
Cryptographic applications of codes in rank metric
Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Université de Rennes Pierre.Loidreau@m4x.org June 16th, 2009 Introduction Rank metric and cryptography Gabidulin codes and linearized
More informationA Smart Approach for GPT Cryptosystem Based on Rank Codes
A Smart Approach for GPT Cryptosystem Based on Rank Codes arxiv:10060386v1 [csit 2 Jun 2010 Haitham Rashwan Department of Communications InfoLab21, South Drive Lancaster University Lancaster UK LA1 4WA
More informationChannel Coding for Secure Transmissions
Channel Coding for Secure Transmissions March 27, 2017 1 / 51 McEliece Cryptosystem Coding Approach: Noiseless Main Channel Coding Approach: Noisy Main Channel 2 / 51 Outline We present an overiew of linear
More informationarxiv: v1 [cs.cr] 6 Jan 2013
On the complexity of the Rank Syndrome Decoding problem P. Gaborit 1, O. Ruatta 1 and J. Schrek 1 Université de Limoges, XLIM-DMI, 123, Av. Albert Thomas 87060 Limoges Cedex, France. philippe.gaborit,julien.schrek,olivier.ruatta@unilim.fr
More informationA Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems
A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems Jean-Charles Faugère, Danilo Gligoroski, Ludovic Perret, Simona Samardjiska, Enrico Thomae PKC 2015, March 30 - April 1, Maryland, USA 2 Summary
More informationA distinguisher for high-rate McEliece Cryptosystems
A distinguisher for high-rate McEliece Cryptosystems JC Faugère (INRIA, SALSA project), A Otmani (Université Caen- INRIA, SECRET project), L Perret (INRIA, SALSA project), J-P Tillich (INRIA, SECRET project)
More informationCryptanalysis of the TTM Cryptosystem
Cryptanalysis of the TTM Cryptosystem Louis Goubin and Nicolas T Courtois SchlumbergerSema - CP8 36-38 rue de la Princesse BP45 78430 Louveciennes Cedex France LouisGoubin@bullnet,courtois@minrankorg Abstract
More informationMcEliece type Cryptosystem based on Gabidulin Codes
McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Zürich ALCOMA, March 19, 2015 joint work with Kyle Marshall Outline Traditional McEliece Crypto System 1 Traditional
More informationNew results for rank based cryptography
New results for rank based cryptography Philippe Gaborit University of Limoges, France (based on works with O. Ruatta,J. Schrek and G. Zémor) Telecom Sud Paris 6 juin 2014 Summary 1 Post-Quantum Cryptography
More informationLow Rank Parity Check codes and their application to cryptography
Noname manuscript No. (will be inserted by the editor) Low Rank Parity Check codes and their application to cryptography Philippe Gaborit Gaétan Murat Olivier Ruatta Gilles Zémor Abstract In this paper
More informationGröbner Bases in Public-Key Cryptography
Gröbner Bases in Public-Key Cryptography Ludovic Perret SPIRAL/SALSA LIP6, Université Paris 6 INRIA ludovic.perret@lip6.fr ECRYPT PhD SUMMER SCHOOL Emerging Topics in Cryptographic Design and Cryptanalysis
More informationDecoding linear codes via systems solving: complexity issues
Decoding linear codes via systems solving: complexity issues Stanislav Bulygin (joint work with Ruud Pellikaan) University of Kaiserslautern June 19, 2008 Outline Outline of the talk Introduction: codes
More informationError-correcting Pairs for a Public-key Cryptosystem
Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Márquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 Introduction and
More informationDecoding linear codes via systems solving: complexity issues and generalized Newton identities
Decoding linear codes via systems solving: complexity issues and generalized Newton identities Stanislav Bulygin (joint work with Ruud Pellikaan) University of Valladolid Valladolid, Spain March 14, 2008
More informationPractical Analysis of Key Recovery Attack against Search-LWE Problem
Practical Analysis of Key Recovery Attack against Search-LWE Problem The 11 th International Workshop on Security, Sep. 13 th 2016 Momonari Kudo, Junpei Yamaguchi, Yang Guo and Masaya Yasuda 1 Graduate
More informationHexi McEliece Public Key Cryptosystem
Appl Math Inf Sci 8, No 5, 2595-2603 (2014) 2595 Applied Mathematics & Information Sciences An International Journal http://dxdoiorg/1012785/amis/080559 Hexi McEliece Public Key Cryptosystem K Ilanthenral
More informationGabidulin Codes that are Generalized. Reed Solomon Codes
International Journal of Algebra, Vol. 4, 200, no. 3, 9-42 Gabidulin Codes that are Generalized Reed Solomon Codes R. F. Babindamana and C. T. Gueye Departement de Mathematiques et Informatique Faculte
More informationThe Support Splitting Algorithm and its Application to Code-based Cryptography
The Support Splitting Algorithm and its Application to Code-based Cryptography Dimitris E. Simos (joint work with Nicolas Sendrier) Project-Team SECRET INRIA Paris-Rocquencourt May 9, 2012 3rd Code-based
More informationWhich Codes Have 4-Cycle-Free Tanner Graphs?
Which Codes Have 4-Cycle-Free Tanner Graphs? Thomas R. Halford and Keith M. Chugg Communication Sciences Institute University of Southern California Los Angeles, CA 90089-565, USA Email: {halford, chugg}@usc.edu
More informationAttacks in code based cryptography: a survey, new results and open problems
Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria, team-project SECRET April 9, 2018 1. Code based cryptography introduction Difficult problem in coding theory
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationAn Overview to Code based Cryptography
Joachim Rosenthal University of Zürich HKU, August 24, 2016 Outline Basics on Public Key Crypto Systems 1 Basics on Public Key Crypto Systems 2 3 4 5 Where are Public Key Systems used: Public Key Crypto
More informationLecture 2 Linear Codes
Lecture 2 Linear Codes 2.1. Linear Codes From now on we want to identify the alphabet Σ with a finite field F q. For general codes, introduced in the last section, the description is hard. For a code of
More informationCRYPTANALYSE EN TEMPS POLYNOMIAL DU SCHÉMA DE MCELIECE BASÉ SUR LES CODES
POLYNOMIAL DU SCHÉMA CODES GÉOMÉTRIQUES A. COUVREUR 1 I. MÁRQUEZ-CORBELLA 1 R. PELLIKAAN 2 1 INRIA Saclay & LIX 2 Department of Mathematics and Computing Science, TU/e. Journées Codage et Cryptographie
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationCoset Decomposition Method for Decoding Linear Codes
International Journal of Algebra, Vol. 5, 2011, no. 28, 1395-1404 Coset Decomposition Method for Decoding Linear Codes Mohamed Sayed Faculty of Computer Studies Arab Open University P.O. Box: 830 Ardeya
More informationTHIS paper investigates the difficulty of the Goppa Code
A Distinguisher for High Rate McEliece Cryptosystems Jean-Charles Faugère, Valérie Gauthier-Umaña, Ayoub Otmani, Ludovic Perret, Jean-Pierre Tillich Abstract The Goppa Code Distinguishing (GCD problem
More informationVector spaces. EE 387, Notes 8, Handout #12
Vector spaces EE 387, Notes 8, Handout #12 A vector space V of vectors over a field F of scalars is a set with a binary operator + on V and a scalar-vector product satisfying these axioms: 1. (V, +) is
More informationACI-matrices all of whose completions have the same rank
ACI-matrices all of whose completions have the same rank Zejun Huang, Xingzhi Zhan Department of Mathematics East China Normal University Shanghai 200241, China Abstract We characterize the ACI-matrices
More informationOn the Complexity of the Hybrid Approach on HFEv-
On the Complexity of the Hybrid Approach on HFEv- Albrecht Petzoldt National Institute of Standards and Technology, Gaithersburg, Maryland, USA albrecht.petzoldt@gmail.com Abstract. The HFEv- signature
More informationA theory for the distance of cyclic codes
A theory for the distance of cyclic codes (msala@bcri.ucc.ie) Boole Centre for Research in Informatics, UCC Cork, Ireland (Part of this work is jointly with E. Betti and F. Ponchio) Workshop D1: Gröbner
More informationHidden Field Equations
Security of Hidden Field Equations (HFE) 1 The security of Hidden Field Equations ( H F E ) Nicolas T. Courtois INRIA, Paris 6 and Toulon University courtois@minrank.org Permanent HFE web page : hfe.minrank.org
More informationA Projection Decoding of a Binary Extremal Self-Dual Code of Length 40
A Projection Decoding of a Binary Extremal Self-Dual Code of Length 4 arxiv:7.48v [cs.it] 6 Jan 27 Jon-Lark Kim Department of Mathematics Sogang University Seoul, 2-742, South Korea jlkim@sogang.ac.kr
More informationHow to improve information set decoding exploiting that = 0 mod 2
How to improve information set decoding exploiting that 1 + 1 = 0 mod 2 Anja Becker Postdoc at EPFL Seminar CCA January 11, 2013, Paris Representation Find unique solution to hard problem in cryptography
More informationOn Stream Ciphers with Small State
ESC 2017, Canach, January 16. On Stream Ciphers with Small State Willi Meier joint work with Matthias Hamann, Matthias Krause (University of Mannheim) Bin Zhang (Chinese Academy of Sciences, Beijing) 1
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationEnhanced public key security for the McEliece cryptosystem
Enhanced public key security for the McEliece cryptosystem Marco Baldi 1, Marco Bianchi 1, Franco Chiaraluce 1, Joachim Rosenthal 2, and Davide Schipani 2 1 Università Politecnica delle Marche, Ancona,
More informationCyclic Redundancy Check Codes
Cyclic Redundancy Check Codes Lectures No. 17 and 18 Dr. Aoife Moloney School of Electronics and Communications Dublin Institute of Technology Overview These lectures will look at the following: Cyclic
More informationNew polynomials for strong algebraic manipulation detection codes 1
Fifteenth International Workshop on Algebraic and Combinatorial Coding Theory June 18-24, 2016, Albena, Bulgaria pp. 7 12 New polynomials for strong algebraic manipulation detection codes 1 Maksim Alekseev
More informationSolving LPN Using Covering Codes
Solving LPN Using Covering Codes Qian Guo 1,2 Thomas Johansson 1 Carl Löndahl 1 1 Dept of Electrical and Information Technology, Lund University 2 School of Computer Science, Fudan University ASIACRYPT
More information1 Determinants. 1.1 Determinant
1 Determinants [SB], Chapter 9, p.188-196. [SB], Chapter 26, p.719-739. Bellow w ll study the central question: which additional conditions must satisfy a quadratic matrix A to be invertible, that is to
More informationOn the Security of Some Cryptosystems Based on Error-correcting Codes
On the Security of Some Cryptosystems Based on Error-correcting Codes Florent Chabaud * Florent.Chabaud~ens.fr Laboratoire d'informatique de FENS ** 45, rue d'ulm 75230 Paris Cedex 05 FRANCE Abstract.
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationHybrid Approach : a Tool for Multivariate Cryptography
Hybrid Approach : a Tool for Multivariate Cryptography Luk Bettale, Jean-Charles Faugère and Ludovic Perret INRIA, Centre Paris-Rocquencourt, SALSA Project UPMC, Univ. Paris 06, LIP6 CNRS, UMR 7606, LIP6
More informationIntroduction to Quantum Safe Cryptography. ENISA September 2018
Introduction to Quantum Safe Cryptography ENISA September 2018 Introduction This talk will introduce the mathematical background of the most popular PQC primitives Code-based Lattice-based Multivariate
More informationNon-square diagonal matrices
Non-square diagonal matrices Aim lecture: We apply the spectral theory of hermitian operators to look at linear maps T : V W which are not necessarily endomorphisms. This gives useful factorisations of
More informationIsomorphism of Polynomials : New Results
Isomorphism of Polynomials : New Results Charles Bouillaguet, Jean-Charles Faugère 2,3, Pierre-Alain Fouque and Ludovic Perret 3,2 Ecole Normale Supérieure {charles.bouillaguet, pierre-alain.fouque}@ens.fr
More informationWhich Codes Have 4-Cycle-Free Tanner Graphs?
Which Codes Have 4-Cycle-Free Tanner Graphs? Thomas R. Halford Communication Sciences Institute University of Southern California Los Angeles, CA 90089-565 USA Alex J. Grant Institute for Telecommunications
More informationOn the Use of Structured Codes in Code Based Cryptography 1. Nicolas Sendrier
On the Use of Structured Codes in Code Based Cryptography 1 Nicolas Sendrier INRIA, CRI Paris-Rocquencourt, Project-Team SECRET Email: Nicolas.Sendrier@inria.fr WWW: http://www-roc.inria.fr/secret/nicolas.sendrier/
More informationStatistical and Algebraic Properties of DES
Statistical and Algebraic Properties of DES Stian Fauskanger 1 and Igor Semaev 2 1 Norwegian Defence Research Establishment (FFI), PB 25, 2027 Kjeller, Norway 2 Department of Informatics, University of
More informationA new zero-knowledge code based identification scheme with reduced communication
A new zero-knowledge code based identification scheme with reduced communication Carlos Aguilar, Philippe Gaborit, Julien Schrek Université de Limoges, France. {carlos.aguilar,philippe.gaborit,julien.schrek}@xlim.fr
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationList decoding of binary Goppa codes and key reduction for McEliece s cryptosystem
List decoding of binary Goppa codes and key reduction for McEliece s cryptosystem Morgan Barbier morgan.barbier@lix.polytechnique.fr École Polytechnique INRIA Saclay - Île de France 14 April 2011 University
More informationMultivariate Public Key Cryptography or Why is there a rainbow hidden behind fields full of oil and vinegar?
Multivariate Public Key Cryptography or Why is there a rainbow hidden behind fields full of oil and vinegar? Christian Eder, Jean-Charles Faugère and Ludovic Perret Seminar on Fundamental Algorithms, University
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationSolutions to problems from Chapter 3
Solutions to problems from Chapter 3 Manjunatha. P manjup.jnnce@gmail.com Professor Dept. of ECE J.N.N. College of Engineering, Shimoga February 28, 2016 For a systematic (7,4) linear block code, the parity
More informationOn Extremal Codes With Automorphisms
On Extremal Codes With Automorphisms Anton Malevich Magdeburg, 20 April 2010 joint work with S. Bouyuklieva and W. Willems 1/ 33 1. Linear codes 2. Self-dual and extremal codes 3. Quadratic residue codes
More informationRecent Developments in Compressed Sensing
Recent Developments in Compressed Sensing M. Vidyasagar Distinguished Professor, IIT Hyderabad m.vidyasagar@iith.ac.in, www.iith.ac.in/ m vidyasagar/ ISL Seminar, Stanford University, 19 April 2018 Outline
More informationSymmetric Product Codes
Symmetric Product Codes Henry D. Pfister 1, Santosh Emmadi 2, and Krishna Narayanan 2 1 Department of Electrical and Computer Engineering Duke University 2 Department of Electrical and Computer Engineering
More information(IV.C) UNITS IN QUADRATIC NUMBER RINGS
(IV.C) UNITS IN QUADRATIC NUMBER RINGS Let d Z be non-square, K = Q( d). (That is, d = e f with f squarefree, and K = Q( f ).) For α = a + b d K, N K (α) = α α = a b d Q. If d, take S := Z[ [ ] d] or Z
More informationSymmetric configurations for bipartite-graph codes
Eleventh International Workshop on Algebraic and Combinatorial Coding Theory June 16-22, 2008, Pamporovo, Bulgaria pp. 63-69 Symmetric configurations for bipartite-graph codes Alexander Davydov adav@iitp.ru
More informationMATH/MTHE 406 Homework Assignment 2 due date: October 17, 2016
MATH/MTHE 406 Homework Assignment 2 due date: October 17, 2016 Notation: We will use the notations x 1 x 2 x n and also (x 1, x 2,, x n ) to denote a vector x F n where F is a finite field. 1. [20=6+5+9]
More informationChapter 3 Linear Block Codes
Wireless Information Transmission System Lab. Chapter 3 Linear Block Codes Institute of Communications Engineering National Sun Yat-sen University Outlines Introduction to linear block codes Syndrome and
More informationDirect construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes
Direct construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes Cauchois Victor 1 Loidreau Pierre 1 Merkiche Nabil 23 1 DGA-MI / IRMAR 2 DGA-IP 3 Sorbonnes Université, UPMC, LIP6
More informationCompact McEliece keys based on Quasi-Dyadic Srivastava codes
Compact McEliece keys based on Quasi-Dyadic Srivastava codes Edoardo Persichetti Department of Mathematics, University of Auckland, New Zealand epersichetti@mathaucklandacnz Abstract The McEliece cryptosystem
More informationMcEliece in the world of Escher
McEliece in the world of Escher Danilo Gligoroski 1 and Simona Samardjiska 1,2 and Håkon Jacobsen 1 and Sergey Bezzateev 3 1 Department of Telematics, Norwegian University of Science and Technology (NTNU),
More informationThis operation is - associative A + (B + C) = (A + B) + C; - commutative A + B = B + A; - has a neutral element O + A = A, here O is the null matrix
1 Matrix Algebra Reading [SB] 81-85, pp 153-180 11 Matrix Operations 1 Addition a 11 a 12 a 1n a 21 a 22 a 2n a m1 a m2 a mn + b 11 b 12 b 1n b 21 b 22 b 2n b m1 b m2 b mn a 11 + b 11 a 12 + b 12 a 1n
More informationInteresting Examples on Maximal Irreducible Goppa Codes
Interesting Examples on Maximal Irreducible Goppa Codes Marta Giorgetti Dipartimento di Fisica e Matematica, Universita dell Insubria Abstract. In this paper a full categorization of irreducible classical
More informationEfficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank
Efficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank Nicolas T. Courtois 1,2,3 1 CP8 Crypto Team, SchlumbergerSema, BP 45 36-38 rue de la Princesse, 78430Louveciennes Cedex,
More informationAn Overview on Post-Quantum Cryptography with an Emphasis. an Emphasis on Code based Systems
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal University of Zürich Finite Geometries Fifth Irsee Conference, September 10 16, 2017. Outline 1 Basics
More informationSome Reviews on Ranks of Upper Triangular Block Matrices over a Skew Field
International Mathematical Forum, Vol 13, 2018, no 7, 323-335 HIKARI Ltd, wwwm-hikaricom https://doiorg/1012988/imf20188528 Some Reviews on Ranks of Upper Triangular lock Matrices over a Skew Field Netsai
More informationMath 304 (Spring 2010) - Lecture 2
Math 304 (Spring 010) - Lecture Emre Mengi Department of Mathematics Koç University emengi@ku.edu.tr Lecture - Floating Point Operation Count p.1/10 Efficiency of an algorithm is determined by the total
More informationMath Camp Lecture 4: Linear Algebra. Xiao Yu Wang. Aug 2010 MIT. Xiao Yu Wang (MIT) Math Camp /10 1 / 88
Math Camp 2010 Lecture 4: Linear Algebra Xiao Yu Wang MIT Aug 2010 Xiao Yu Wang (MIT) Math Camp 2010 08/10 1 / 88 Linear Algebra Game Plan Vector Spaces Linear Transformations and Matrices Determinant
More informationGeneral error locator polynomials for nth-root codes
General error locator polynomials for nth-root codes Marta Giorgetti 1 and Massimiliano Sala 2 1 Department of Mathematics, University of Milano, Italy 2 Boole Centre for Research in Informatics, UCC Cork,
More informationMatrices: 2.1 Operations with Matrices
Goals In this chapter and section we study matrix operations: Define matrix addition Define multiplication of matrix by a scalar, to be called scalar multiplication. Define multiplication of two matrices,
More informationGeneralized subspace subcodes with application in cryptology
1 Generalized subspace subcodes with application in cryptology Thierry P. BERGER, Cheikh Thiécoumba GUEYE and Jean Belo KLAMTI arxiv:1704.07882v1 [cs.cr] 25 Apr 2017 Cheikh Thiécoumba GUEYE and Jean Belo
More informationBinary Linear Codes G = = [ I 3 B ] , G 4 = None of these matrices are in standard form. Note that the matrix 1 0 0
Coding Theory Massoud Malek Binary Linear Codes Generator and Parity-Check Matrices. A subset C of IK n is called a linear code, if C is a subspace of IK n (i.e., C is closed under addition). A linear
More informationRésolution de systèmes polynomiaux structurés et applications en Cryptologie
Résolution de systèmes polynomiaux structurés et applications en Cryptologie Pierre-Jean Spaenlehauer University of Western Ontario Ontario Research Center for Computer Algebra Magali Bardet, Jean-Charles
More informationQuadratic Equations from APN Power Functions
IEICE TRANS. FUNDAMENTALS, VOL.E89 A, NO.1 JANUARY 2006 1 PAPER Special Section on Cryptography and Information Security Quadratic Equations from APN Power Functions Jung Hee CHEON, Member and Dong Hoon
More informationRank Analysis of Cubic Multivariate Cryptosystems
Rank Analysis of Cubic Multivariate Cryptosystems John Baena 1 Daniel Cabarcas 1 Daniel Escudero 2 Karan Khathuria 3 Javier Verbel 1 April 10, 2018 1 Universidad Nacional de Colombia, Colombia 2 Aarhus
More informationCryptanalysis of the HFE Public Key Cryptosystem by Relinearization
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization Aviad Kipnis 1 and Adi Shamir 2 1 NDS Technologies, Israel 2 Computer Science Dept., The Weizmann Institute, Israel Abstract. The RSA
More informationTHE EXT ALGEBRA AND A NEW GENERALISATION OF D-KOSZUL ALGEBRAS
THE EXT ALGEBRA AND A NEW GENERALISATION OF D-KOSZUL ALGEBRAS JOANNE LEADER AND NICOLE SNASHALL Abstract. We generalise Koszul and D-Koszul algebras by introducing a class of graded algebras called (D,
More informationArrangements, matroids and codes
Arrangements, matroids and codes first lecture Ruud Pellikaan joint work with Relinde Jurrius ACAGM summer school Leuven Belgium, 18 July 2011 References 2/43 1. Codes, arrangements and matroids by Relinde
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationOn families of anticommuting matrices
On families of anticommuting matrices Pavel Hrubeš December 18, 214 Abstract Let e 1,..., e k be complex n n matrices such that e ie j = e je i whenever i j. We conjecture that rk(e 2 1) + rk(e 2 2) +
More informationThroughout these notes we assume V, W are finite dimensional inner product spaces over C.
Math 342 - Linear Algebra II Notes Throughout these notes we assume V, W are finite dimensional inner product spaces over C 1 Upper Triangular Representation Proposition: Let T L(V ) There exists an orthonormal
More informationGröbner Bases Techniques in Post-Quantum Cryptography
Gröbner Bases Techniques in Post-Quantum Cryptography Ludovic Perret Sorbonne Universités, UPMC Univ Paris 06, INRIA Paris LIP6, PolSyS Project, Paris, France Post-Quantum Cryptography Winter School, Fukuoka,
More informationPigeonhole Principle and Ramsey Theory
Pigeonhole Principle and Ramsey Theory The Pigeonhole Principle (PP) has often been termed as one of the most fundamental principles in combinatorics. The familiar statement is that if we have n pigeonholes
More informationHow to Encrypt with the LPN Problem
How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin ICALP 2008 July 9, 2008 Orange Labs the context the authentication protocol HB + by Juels and Weis [JW05] recently renewed
More informationEnhancing the Signal to Noise Ratio
Enhancing the Signal to Noise Ratio in Differential Cryptanalysis, using Algebra Martin Albrecht, Carlos Cid, Thomas Dullien, Jean-Charles Faugère and Ludovic Perret ESC 2010, Remich, 10.01.2010 Outline
More informationError Correcting Codes: Combinatorics, Algorithms and Applications Spring Homework Due Monday March 23, 2009 in class
Error Correcting Codes: Combinatorics, Algorithms and Applications Spring 2009 Homework Due Monday March 23, 2009 in class You can collaborate in groups of up to 3. However, the write-ups must be done
More informationF 2k 1 = F 2n. for all positive integers n.
Question 1 (Fibonacci Identity, 15 points). Recall that the Fibonacci numbers are defined by F 1 = F 2 = 1 and F n+2 = F n+1 + F n for all n 0. Prove that for all positive integers n. n F 2k 1 = F 2n We
More informationAnnouncements Monday, October 02
Announcements Monday, October 02 Please fill out the mid-semester survey under Quizzes on Canvas WeBWorK 18, 19 are due Wednesday at 11:59pm The quiz on Friday covers 17, 18, and 19 My office is Skiles
More informationMaximum Rank Distance Codes are Generic Gabidulin Codes are Not
Maximum Rank Distance Codes are Generic Gabidulin Codes are Not Anna-Lena Horlemann-Trautmann Algorithmics Laboratory, EPF Lausanne, Switzerland April 4th, 2016 Network Coding and Designs, Dubrovnik joint
More informationLinear Algebra I Lecture 8
Linear Algebra I Lecture 8 Xi Chen 1 1 University of Alberta January 25, 2019 Outline 1 2 Gauss-Jordan Elimination Given a system of linear equations f 1 (x 1, x 2,..., x n ) = 0 f 2 (x 1, x 2,..., x n
More informationSimple Matrix Scheme for Encryption (ABC)
Simple Matrix Scheme for Encryption (ABC) Adama Diene, Chengdong Tao, Jintai Ding April 26, 2013 dama Diene, Chengdong Tao, Jintai Ding ()Simple Matrix Scheme for Encryption (ABC) April 26, 2013 1 / 31
More informationOn the minimum distance of LDPC codes based on repetition codes and permutation matrices 1
Fifteenth International Workshop on Algebraic and Combinatorial Coding Theory June 18-24, 216, Albena, Bulgaria pp. 168 173 On the minimum distance of LDPC codes based on repetition codes and permutation
More information