A new algorithm for finding minimum-weight words in a linear code: application to primitive narrow-sense BCH codes of length 511
|
|
- Valentine Barker
- 5 years ago
- Views:
Transcription
1 INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE A new algorithm for finding minimum-weight words in a linear code: application to primitive narrow-sense BCH codes of length 511 Anne Canteaut et Florent Chabaud N 685 octobre 1995 PROGRAMME apport de recherche ISSN
2
3 A new algorithm for nding minimum-weight words in a linear code: application to primitive narrow-sense BCH codes of length 511 Anne Canteaut et Florent Chabaud Programme Calcul symbolique, programmation et genie logiciel Projet Codes Rapport de recherche n685 octobre pages Abstract: An algorithm for nding small-weight words in large linear codes is developed. It is in particular able to decode random [51,56,57]-linear codes in 9 hours on a DEC alpha computer. We determine with it the minimum distance of some binary BCH codes of length 511, which were not known. Key-words: error-correcting codes, decoding algorithm, minimum weight, random linear codes, BCH codes. (Resume : tsvp) submitted to IEEE Transactions on Information Theory Also with Ecole Nationale Superieure de Techniques Avancees, laboratoire LEI, boulevard Victor, F Paris. Laboratoire d'informatique de l'ecole Normale Superieure, 5 rue d'ulm, 750 Paris Cedex 05 Unité de recherche INRIA Rocquencourt Domaine de Voluceau, Rocquencourt, BP 105, 7815 LE CHESNAY Cedex (France) Téléphone : ( 1) Télécopie : ( 1)
4 Un nouvel algorithme pour trouver des mots de poids minimum dans un code lineaire : application aux codes BCH primitifs au sens strict de longueur 511 Resume : Nous developpons un algorithme de recherche de mots de poids minimum dans un code lineaire. Cet algorithme nous permet notamment de decoder les codes lineaires aleatoires de parametres [51,56,57] en 9 heures sur une station DEC alpha. Gr^ace a lui, nous determinons la distance minimale de certains codes BCH binaires de longueur 511, lesquelles etaient jusqu'alors inconnues. Mots-cle : codes correcteurs d'erreurs, algorithme de decodage, poids minimum, codes lineaires aleatoires, codes BCH
5 A new algorithm for nding minimum-weight words in a linear code 1 Introduction In this paper we present a probabilistic algorithm for nding small-weight words in any linear code. This algorithm could be applied to two important NP-complete problems []: computing the minimum distance of a linear code and decoding. It associates an iterative procedure stemming from linear programming for reducing the computational cost of many Gaussian eliminations and a heuristic proposed by Stern. We then give a very precise analysis of the complexity of our algorithm which enables us to optimize the parameters it depends from. Hence our algorithm is to our knowledge the best procedure for decoding without using the structure of the code. Section describes our algorithm for binary codes but it could be generalized to linear codes over GF(q) (see []). Using Markov chain theory we show in section how to compute the number of elementary operations it requires; we give then the parameters which minimize this theoretical running-time and an explicit expression which approximates the number of operations performed for decoding and for nding a minimum-weight word in a random [n; k]-binary code. Two applications of our algorithm are then exposed: section presents experimental results for decoding [56,18]-binary linear codes which validate the previous theoretical approach; section 5 gives new results for the true minimum distance of some narrow-sense BCH codes of length 511. Description of the algorithm As usual wt(x) will denote the Hamming weight of the binary word x. Let C be a linear code over GF() of length n and dimension k. We try now to nd a codeword of weight w where w is small..1 The probabilistic method Enumerating randomly selecting codewords in hope than one of weight w will be found is obviously not a suitable algorithm because the probability that the weight of a random codeword will be w is very small. It is then necessary to bias this random selection by only examining codewords verifying a given property so that their weight will be a priori small, for example codewords which vanish on a randomly chosen coordinate subset. The problem is therefore to nd a compromise between the number of operations required by searching such particular codewords and the success probability, i.e. the probability that the weight of such a codeword will be w. All algorithms for nding short codewords use therefore the same method [10], [11], [1]: they only take in account codewords which are particular linear combinations of a small number of rows of a systematic generator matrix. The algorithm proposed by Stern [1] and slightly modied was shown to give the best results [5]. RR n685
6 A. Canteaut et F. Chabaud Let N = f1; ; ng be the set of all coordinates. For any subset I of N, G = (V; W ) I denotes the decomposition of matrix G onto I, that means V = (G i ) ii and W = (G j ) jnni, where G i is the ith column of matrix G. denition 1 Let I be a k-element subset of N. I is an information window for code C i G = (Id k ; Z) I is a systematic generator matrix for the code. The complementary set, J = N n I, is called a redundancy window. From now on we index the rows of Z with I since G = (Id k ; Z) I is a generator matrix for the code and we denote by Z i the i-th row of matrix Z. The idea suggested by Stern is to randomly choose at each iteration an information window I which is split into two parts I 1 and I of same size, and a subset L of J of size `. We only examine codewords c verifying the following property, where p is a xed parameter for the algorithm: wt(c ji1 ) = wt(c ji ) = p and wt(c jl ) = 0 (1) until we nd such a particular codeword whose restriction on J n L has weight w? p. All codewords which verify condition 1 can easily be constructed as soon as the corresponding systematic generator matrix G = (Id k ; Z) I is known: randomly split the rows of Z into two subsets Z 1 et Z corresponding to I 1 and I. for each linear combination 1 of p rows of matrix Z 1, compute 1jL. for each linear combination of p rows of matrix Z, compute jl. if 1jL = jl, check whether wt(( 1 + ) jjnl ) = w? p.. The iterative procedure The previous algorithm therefore explores a set of randomly selected information windows by performing at each iteration a Gaussian elimination on an (n k)-generator matrix. In order to avoid this time-consuming procedure, we here propose to choose at each step the new information window by modifying only one element of the previous one. This method is analogous to the one used in the simplex method as suggested in [1] and [15, ]. denition Two information windows I and I 0 are close i: 9 I; 9 N n I; such that I 0 = (I n fg) [ fg As any two information windows can be joined by a sequence of close information windows, we use this iterative method in order to nd one which enables us to discover a codeword of weight w. The following proposition shows how choosing and such that I 0 is still an information window. INRIA
7 A new algorithm for nding minimum-weight words in a linear code 5 proposition 1 Let I be an information window such that G = (Id k ; Z) I is a generator matrix for C. Let be I, J and I 0 = (I n fg) [ fg. I 0 is an information window i z ; = 1, where Z = (z i;j ) ii;jj Proof. Since G = (Id k ; Z) I, we have: G = z ; G + P iinfg z i;g i As the columns indexed by I are linearly independent, G and (G i ) iinfg are linearly independent i z ; = 1. As the probabilistic method procedure only deals with the redundant part of the systematic generator matrix, we only need a procedure able to obtain the redundant matrix Z 0 corresponding to I 0 from Z. proposition Let I and I 0 be two close information windows such that I 0 = (I nfg)[fg. Let (Id k ; Z) I and (Id k ; Z 0 ) I 0 be the corresponding systematic generator matrices. Then Z 0 is obtained from Z by: 8j J 0 ; z 0 ;j = z ;j 8i I 0 n fg; { 8j J 0 n fg; z 0 i;j = z i;j + z i; z ;j { z 0 i; = z i; Proof. As I 0 = (I n fg) [ fg, (Id k ; Z 0 ) I 0 is obtained by exchanging the -th and -th columns of (Id k ; Z) I. This can be done by a simple pivoting operation in position (; ), i.e. by adding the -th row of matrix Z to all other rows Z i i the corresponding element z i; is not equal to zero.. Description of the iterative algorithm The use of this iterative procedure leads then to the following algorithm: Initialization: Randomly choose an information window I and apply a Gaussian elimination in order to obtain a systematic generator matrix (Id k ; Z) I. Until a codeword of weight w will be found: randomly split I in two subsets I 1 and I where ji 1 j = bk=c and ji j = dk=e. The rows of Z are then split in two parts Z 1 and Z. randomly select an `-element subset L of J. RR n685
8 6 A. Canteaut et F. Chabaud for each linear combination 1 of p rows of matrix Z 1, compute 1jL. for each linear combination of p rows of matrix Z, compute jl. if 1jL = jl, check whether wt(( 1 + ) jjnl ) = w? p. randomly choose I and J. Replace I with (I n fg) [ fg by updating matrix Z according to the preceding proposition. Remark: This algorithm can also be used for decoding. Let x = c+e be a corrupted message where c is a codeword and e an error-vector of weight w such that w t = b d?1 c where d is the minimum distance of the code. Matrix G? = x is a generator matrix of an [n; k + 1; t]-code. Our algorithm then enables us to recover the minimum-weight word of this new code, which is the error-vector e. Theoretical running-time We give here an explicit and computable expression for the work factor of this algorithm, i.e. the average number of elementary operations it requires..1 Average number? of operations by iteration k= 1. There are exactly p linear combinations of p rows of matrix Z1 (resp. Z ); computing each of them on an `-bit selection requires p` binary additions.. The average number of collisions i.e. the average number of pairs ( 1 ; ) such that ( 1 + ) jl = 0 is equal to (k=. For each collision we must perform p? 1 additions ` of (n? k? `)-bit? words for computing ( 1 + ) jjnl and a weight-checking. k=. We need K(p p + `) more operations to perform the dynamic memory allocation where K is the size of a computer word (K= or 6). p ). For updating matrix Z according to proposition we have to add row Z to all other rows Z i when z i; = 1. Assuming that the average weight of column Z is k=, the work factor involved in this procedure is 1 k(n? k). Hence the average number of elementary operations performed at each iteration is:? k= k= p k= k(n? k) p;` = p` + p(n? k? `) + K(p + `) + p ` p () INRIA
9 A new algorithm for nding minimum-weight words in a linear code 7. Expected number of iterations The average number of iterations performed by the algorithm is not the same as the one performed by the initial Stern's algorithm since the successive information windows are not independent anymore. Hence the algorithm must be modeled by a discrete-time stochastic process. Let c be the codeword of weight w to recover and supp(c) its support. Let I be the information window and I 1, I and L the other selections corresponding to the i-th iteration. The i-th iteration can then be associated with the random variable X i whose state space is E = f0; : : :; p? 1g [ f(p) S ; (p) F g [ fp + 1; : : :; wg where X i = u i ji \ supp(c)j = u; 8u f0; : : :; p? 1g [ fp + 1; : : :; wg X i = (p) F i ji \ supp(c)j = p and (ji 1 \ supp(c)j 6= p or ji \ supp(c)j 6= p or jl \ supp(c)j 6= 0) X i = (p) S i ji 1 \ supp(c)j = ji \ supp(c)j = p and jl \ supp(c)j = 0 The success space is then S = f(p) S g and the failure space is F = f0; : : :; (p) F ; : : :; wg. proposition The stochastic process fx i g in associated with the algorithm is an homogeneous Markov chain. Proof. The selections I, I 1, I and L corresponding to the i-th iteration only depend on the previous information window since I 1, I and L are randomly chosen. Then we have for all i and for all (u 0 ; u 1 ; ; u i ) E; P r[x i = u i =X i?1 = u i?1 ; X i? = u i? ; ; X 0 = u 0 ] = P r[x i = u i =X i?1 = u i?1 ]: Furthermore this probability does not depend on the iteration. Hence there exists a matrix P such that : 8i N; 8(u; v) E ; P r[x i = v=x i?1 = u] = P u;v fx i g in is therefore completely determined by its starting distribution 0 and its transition matrix P. proposition The transition matrix P associated with the homogeneous Markov chain representing the algorithm is given by: P u;u = k? u k P u;u?1 = u k P u;u+1 = k? u k n? k? (w? u) n? k n? k? (w? u) n? k w? u n? k + u k w? u n? k for all u E n f(p) S; (p) F g for all u 6= p + 1 for all u 6= p? 1 RR n685
10 8 A. Canteaut et F. Chabaud P u;v = 0 for all v = fu? 1; u; u + 1g k? p n? k? (w? p) P (p)f ;(p) F = (1? ) + p k n? k k w? p n? k p + 1 n? k? (w? (p + 1)) P p+1;(p)f = (1? ) k n? k k? (p? 1) w? (p? 1) P p?1;(p)f = (1? ) k n? k p + 1 n? k? (w? (p + 1)) P p+1;(p)s = k n? k k? (p? 1) w? (p? 1) P p?1;(p)s = k n? k k? p n? k? (w? p) P (p)f ;(p) S = + p k n? k k w? p n? k P (p)s;(p) S = 1 P (p)s;u = 0 for all u 6= (p) S The initial probability vector is 0 =? w n?w! u? k?u? n k 0uw : Since the single success state is an absorbing state, fx i g in is a transient chain. The following theorem can then be applied for computing the excepted number of iterations performed by the algorithm. proposition 5 [9] If fx i g in is a transient chain with transition matrix P, and Q is the sub-stochastic matrix corresponding to transitions among the transient states, i.e. Q = (P u;v ) u F then (Id? Q) has an inverse R called the fundamental matrix of the chain v F and R = 1X m=0 Q m = (Id? Q)?1 : theorem 1 The expectation N of the number of iterations required until X n reaches a success state is given by: X X N = 0 (u) R u;v uf vf where R is the corresponding fundamental matrix. INRIA
11 A new algorithm for nding minimum-weight words in a linear code 9 Proof. N = X n0np r[n = n] = X n1p r[n n] = X n0p r[x n F]: As the initial probability distribution is vector 0, we have: Let Q = (P u;v ) u F v F N = X n0 then we have X uf P r[x n F=X 0 = u] 0 (u) P r[x i F=X 0 = u] = X vf(q i ) u;v : Thanks to the preceding proposition we nally obtain X X N = 0 (u) R u;v uf vf proposition 6 Suppose that the number of codewords of weight w is A w. The overall work factor required by the algorithm is: where N is given by theorem 1 and p;` by equation. W p;l = p;` N A w (). Theoretical running-time for the general decoding and minimum-weight problems Using the implicit formula we now give the optimal parameters p and ` for some basic problems. The following work factors are computed for some [n; k]-random binary codes whose minimum distance is obtained with the Gilbert-Varshamov's bound. Comparisons with other decoding algorithms [10, 11, 1] are made in []; the work factor required by the initial Stern's algorithm is shown to be at least times higher for the following problems. RR n685
12 10 A. Canteaut et F. Chabaud..1 Decoding random linear codes We here give the optimal parameters and the work factors required for recovering an errorvector of weight t = b d?1 c. We recall that p corresponds to the number of rows of each part of the generator matrix we use for the linear combinations and that ` is the size of the selection L on which the examined words vanish. Note that the code we consider for computing the work factor is an [n; k + 1]-code according to the remark in section.. code [6,,7] [18,6,15] [56,18,9] [51,56,57] [768,8,85] t optimal p = 1 p = 1 p = 1 p = 1 p = parameters ` = ` = 6 ` = 7 ` = 9 ` = 17 work factor 15:9 19:6 6:51 0:8 5:55 [10,51,11] [156,768,170] [08,10,6] p = p = p = ` = 18 ` = 19 ` = 0 68:51 96:87 15:50 Table 1: Optimal parameters for decoding random [n; n=] binary codes We see in gure 1 that, for a xed rate r = k=n, log (W ) linearly depends on n when parameters p and ` are optimized and that the work factor can be written in the form W opt = na(r)+b. Figure shows how parameters p and ` act on the work factor for decoding a random [n; n=] code: if they are not optimized, log (W ) does not linearly depend on n anymore. Furthermore we see in gure that a(r) is closed to the entropy function H (r) multiplied by a xed coecient, where H (x) =?x log (x)? (1? x) log (1? x). proposition 7 The theoretical work factor required for decoding a random [n; k]-binary code can be approximated by the following formula: W opt = nah(k=n)+b where a = 5:511 10? and b = 1.. Finding minimum-weight codewords We now give the theoretical complexity of the algorithm for recovering a word of weight d in a random [n; k] binary code, where d is given by the Gilbert-Varshamov's bound. We assume that all these codes contain exactly one word of weight d. INRIA
13 A new algorithm for nding minimum-weight words in a linear code 11 code [6,,7] [18,6,15] [56,18,9] optimal p = 1 p = 1 p = 1 parameters ` = ` = 5 ` = 7 work factor 17:9 5:55 0:65 [8,19,] [51,56,57] [60,0,71] p = p = p = ` = 1 ` = 15 ` = 16 55:77 70:7 85:78 Table : Optimal parameters for nding a minimum-weight word in random [n; n=]-binary codes As for the general decoding problem log (W opt ) linearly depends on n for a xed rate r = k=n (see gure ). If this work factor is written in the form W opt = nc(r)n+d, gure 5 shows that c(r) is closed to the translated entropy function ch (r + r 0 ). proposition 8 The theoretical work factor required for nding a minimum-weight word in a random [n; k]-binary code can be approximated by the following formula: W opt = nch( k n +r0)+d where c = 0:1, d = 10 and r 0 = :15 10? Experimental results for decoding random [56; 18]- binary codes In order to check the correctness of our optimization we have made a great number of simulations for a small problem: decoding a random [56,18,9]-binary code, i.e. recovering an error-vector of weight 1. For each set of parameters 1000 computations have been made on a DEC alpha computer running at 175 MHz. The results given in table conrm the validity of the previous theory. We see that decoding a random [56,18,9]-code requires around seconds. Thus decoding a [51,56,57]-one requires around 9 hours on our computer. 5 True minimum distance of primitive binary narrowsense BCH codes of length 511 Let q = m and n = m? 1. Let be a primitive n-th root of unity in GF(q). RR n685
14 1 A. Canteaut et F. Chabaud theoretical theoretical experimental average corrected parameters work factor average average deviation CPU CPU log (W ) iteration iteration % time time number number (s) (s) p = 1, ` = p = 1, ` = p = 1, ` = p = 1, ` = p = 1, ` = p =, ` = p =, ` = p =, ` = p =, ` = p =, ` = Table : Decoding random [56; 18; 9]-binary codes denition The primitive binary narrow-sense BCH code of length n = m? 1 and designed distance, denoted by B(n; ), is the largest binary cyclic code of length n having zeros ; ; : : :;?1 The minimum distance d of B(n; ) satises the BCH bound: d. There is no general method for nding the true minimum distance of a BCH code although several innite classes are known to have minimum distance equal to their designed distance [1, 7, 1]. The true minimum distance has been determined for all narrow-sense BCH codes of length less than 511. For the length 511 the true minimum distance of 1 of them is still unknown [1]. Using the previously presented algorithm we show that the designed distance is reached for 5 of these codes. It is well-known that the automorphism group of an extended primitive BCH code contains the ane group on GF( m ); then we have the following proposition: proposition 9 If B( m? 1; ) contains a word of even weight w then it contains a word of weight w? 1. Thus we obtain: theorem B(511; 9), B(511; 7), B(511; 1), B(511; ) and B(511; 87) have minimum distance equal to their designed distance. Proof. Let us dene GF( 9 ) by = 0. For each of these B(511; ) a word of weight + 1 was found. We here list all the corresponding exponents. INRIA
15 A new algorithm for nding minimum-weight words in a linear code 1 = 9: (6, 1, 8, 51, 6, 7, 11, 16, 19, 1, 157, 188,, 7, 65, 70, 01, 06, 07, 17, 7, 5, 68, 69, 1, 15,, 1, 9, 98) = 7: (, 1, 7, 8, 56, 9, 10, 10, 115, 118, 1, 19, 15, 159, 197, 0, 15,, 0, 9, 50, 51, 90,, 7, 9, 59, 60, 67, 8, 96,, 61, 9, 9, 99, 50, 509) = 1: (9, 0, 0, 7, 8,,, 5, 66, 68, 8, 9, 95, 106, 108, 110, 111, 175, 185, 0,, 50, 6, 70, 1,, 6, 6, 79, 8, 85, 01, 0, 10, 6, 6, 6, 67, 78, 8, 99, 507) = : (0, 16, 5, 8, 56, 57, 58, 80, 8, 87, 115, 1, 17, 18, 156, 165, 167, 190, 196, 06, 9, 0,, 58, 69, 8, 95, 96, 09, 17, 1,,, 5, 6, 61, 75, 9, 05, 18, 9,, 60, 9) = 87: (18, 19,, 5, 7,, 50, 51, 6, 70, 7, 77, 81, 88, 96, 101, 10, 116, 117, 1, 16, 15, 158, 16, 165, 166, 17, 179, 19, 19, 195, 197, 199, 0, 10, 1, 5, 0, 0,, 5, 6, 7, 8, 87, 90, 9, 9, 95, 97, 01, 06, 0,, 7, 0, 9, 5, 61, 8, 85, 9, 9, 00, 11, 1, 17, 1,, 6, 6, 5, 59, 61, 66, 7, 75, 76, 80, 81, 8, 87, 89, 9, 50, 50, 505, 510) Table gives the list of all narrow-sense BCH codes of length 511, their minimum distance and the way they were found. Acknowledgements: We wish to thank Herve Chabanne who initiated this work. References [1] D. Augot, P. Charpin, and N. Sendrier. Studying the locator polynomials of minimum weight codewords of BCH codes. IEEE Trans. Inform. Theory, 8():960{97, 199. [] E.R. Berlekamp, R.J. McEliece, and H.C.A. Van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory, IT-():8{86, May [] A. Canteaut and H. Chabanne. A further improvement of the work factor in an attempt at breaking McEliece's cryptosystem. In P. Charpin, editor, EUROCODE 9, pages 16{167. INRIA, 199. RR n685
16 1 A. Canteaut et F. Chabaud [] A. Canteaut and F. Chabaud. Improvements of the attacks on cryptosystems based on error-correcting codes. Rapport interne du Departement Mathematiques et Informatique LIENS-95-1, Ecole Normale Superieure, Paris, July [5] F. Chabaud. On the security of some cryptosystems based on error-correcting codes. In pre-proceedings of EUROCRYPT '9. Springer-Verlag, 199. [6] H.J. Helgert and R.D. Stina. Shortened BCH codes. IEEE Trans. Inform. Theory, pages 818{80, November 197. [7] T. Kasami and S. Lin. Some results on the minimum weight of primitive BCH codes. IEEE Trans. Inform. Theory, pages 8{85, November 197. [8] T. Kasami and N. Tokura. Some remarks on BCH bounds and minimum weights of binary primitive BCH codes. IEEE Trans. Inform. Theory, pages 08{1, May [9] J.G. Kemeny and J.L. Snell. Finite Markov chains. D.Van Nostrand, Princeton, New Jersey, [10] P.J. Lee and E.F. Brickell. An observation on the security of McEliece's public-key cryptosystem. In C.G. Gunther, editor, Advances in Cryptology { EUROCRYPT '88, number 0 in Lecture Notes in Computer Science, pages 75{80. Springer-Verlag, [11] J.S. Leon. A probabilistic algorithm for computing minimum weights of large errorcorrecting codes. IEEE Trans. Inform. Theory, IT-(5):15{159, September [1] J.K. Omura. Iterative decoding of linear codes by a modulo- linear program. Discrete Math, :19{08, 197. [1] W.W. Peterson and E.J. Weldon. Error-Correcting Codes. MIT Press, [1] J. Stern. A method for nding codewords of small weight. In G. Cohen and J. Wolfmann, editors, Coding Theory and Applications, number 88 in Lecture Notes in Computer Science, pages 106{11. Springer-Verlag, [15] J. van Tilburg. On the McEliece public-key cryptosystem. In S. Goldwasser, editor, Advances in Cryptology { CRYPT0 '88, number 0 in Lecture Notes in Computer Science, pages 119{11. Springer-Verlag, INRIA
17 A new algorithm for nding minimum-weight words in a linear code log (W opt ) r = 1= + r = 1= r = = r = 1=8 r = 7= length of the code Figure 1: Evolution of the theoretical work factor with optimized parameters for decoding random [n; nr]-binary codes RR n685
18 Unité de recherche INRIA Lorraine, Technopôle de Nancy-Brabois, Campus scientifique, 615 rue du Jardin Botanique, BP 101, 5600 VILLERS LÈS NANCY Unité de recherche INRIA Rennes, Irisa, Campus universitaire de Beaulieu, 50 RENNES Cedex Unité de recherche INRIA Rhône-Alpes, 6 avenue Félix Viallet, 801 GRENOBLE Cedex 1 Unité de recherche INRIA Rocquencourt, Domaine de Voluceau, Rocquencourt, BP 105, 7815 LE CHESNAY Cedex Unité de recherche INRIA Sophia-Antipolis, 00 route des Lucioles, BP 9, 0690 SOPHIA-ANTIPOLIS Cedex Éditeur INRIA, Domaine de Voluceau, Rocquencourt, BP 105, 7815 LE CHESNAY Cedex (France) ISSN
19 16 A. Canteaut et F. Chabaud log ( Wp;` W opt ) p = 1; ` = 0 p = 1; ` = 5 p = 1; ` = 10 + p = ; ` = length of the code Figure : Inuence of parameters p and ` on the work factor for decoding [n; n=] random codes a 0:055H a =8 1= 1= = 7=8 1 r = k=n Figure : Evolution of coecient a vs. r = k=n INRIA
20 A new algorithm for nding minimum-weight words in a linear code log (W opt ) r = 1= r = 1= r = = r = 1=8 r = 7= length of the code Figure : Evolution of the theoretical work factor with optimized parameters for nding a minimum-weight word in random [n; nr]-binary codes RR n685
21 18 A. Canteaut et F. Chabaud n k d argument in n k d argument in RM(7) [7] PS(7,1) [1] RM(7) [7] RM(6) [7] ES [1] ID [1] RM(6) [7] ID [1] S [6] RM(15) [7] ES [1] ID [1] ID [1] # -DI [8] PS(7,) [1] RM() [7] 1 RM(5) [7] ID [1] S [6] RM(5) [7] # -DI [8] RM() [7] RM() [7] # -DI [8] PS(7,5) [1] RM() [7] ## NI [1] ID [1] # -DI [8] RM() [7] ES [1] 5 5 ID [1] ES [1] RM() [7] ES [1] ES [1] NI [1] RM() [7] RM() [7] PS(7,) [1] ID [1] 8 RM() [7] RM() [7] RM(1) [7] RM() [7] # d = + ## d = + new result ES exhaustive search ID idempotent NI Newton's identities RM(s) intersection with the shortened sth-order Reed-Muller code S code shortening PS(n ; ) product subcode: n = n 1 n and = n 1 where BCH(n ; ) has minimum distance equal to -DI -divisibility of RM() since B(511; ) is included in the punctured Reed-Muller code of order for all > 85 Table : BCH codes of length 511 INRIA
22 A new algorithm for nding minimum-weight words in a linear code 19 a 0:1 0:1 0:08 0:06 0:0 0:0 a 0:1H (r + 0:015) 0 1=8 1= 1= = 7=8 1 r = k=n Figure 5: Evolution of coecient c vs. r = k=n RR n685
Multiplication by an Integer Constant: Lower Bounds on the Code Length
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Multiplication by an Integer Constant: Lower Bounds on the Code Length Vincent Lefèvre N 4493 Juillet 2002 THÈME 2 ISSN 0249-6399 ISRN INRIA/RR--4493--FR+ENG
More informationBound on Run of Zeros and Ones for Images of Floating-Point Numbers by Algebraic Functions
Bound on Run of Zeros and Ones for Images of Floating-Point Numbers by Algebraic Functions Tomas Lang, Jean-Michel Muller To cite this version: Tomas Lang, Jean-Michel Muller Bound on Run of Zeros and
More informationCryptanalysis of the Original McEliece Cryptosystem
Cryptanalysis of the Original McEliece Cryptosystem Anne Canteaut and Nicolas Sendrier INRIA - projet CODES BP 105 78153 Le Chesnay, France Abstract. The class of public-ey cryptosystems based on error-correcting
More informationOn the Security of Some Cryptosystems Based on Error-correcting Codes
On the Security of Some Cryptosystems Based on Error-correcting Codes Florent Chabaud * Florent.Chabaud~ens.fr Laboratoire d'informatique de FENS ** 45, rue d'ulm 75230 Paris Cedex 05 FRANCE Abstract.
More informationMaximizing the Cohesion is NP-hard
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Maximizing the Cohesion is NP-hard arxiv:1109.1994v2 [cs.ni] 9 Oct 2011 Adrien Friggeri Eric Fleury N 774 version 2 initial version 8 September
More informationBounded Normal Approximation in Highly Reliable Markovian Systems
Bounded Normal Approximation in Highly Reliable Markovian Systems Bruno Tuffin To cite this version: Bruno Tuffin. Bounded Normal Approximation in Highly Reliable Markovian Systems. [Research Report] RR-3020,
More informationBernstein s basis and real root isolation
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Bernstein s basis and real root isolation Bernard Mourrain Fabrice Rouillier Marie-Françoise Roy N 5149 Mars 2004 THÈME 2 N 0249-6399 ISRN
More informationThe 0-1 Outcomes Feature Selection Problem : a Chi-2 Approach
The 0-1 Outcomes Feature Selection Problem : a Chi-2 Approach Cyril Duron, Jean-Marie Proth To cite this version: Cyril Duron, Jean-Marie Proth. The 0-1 Outcomes Feature Selection Problem : a Chi-2 Approach.
More informationA Fast Provably Secure Cryptographic Hash Function
A Fast Provably Secure Cryptographic Hash Function Daniel Augot, Matthieu Finiasz, and Nicolas Sendrier Projet Codes, INRIA Rocquencourt BP 15, 78153 Le Chesnay - Cedex, France [DanielAugot,MatthieuFiniasz,NicolasSendrier]@inriafr
More informationBoundary Control Problems for Shape Memory Alloys under State Constraints
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Boundary Control Problems for Shape Memory Alloys under State Constraints Nikolaus Bubner, Jan Sokołowski and Jürgen Sprekels N 2994 Octobre
More informationDecomposing Bent Functions
2004 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 49, NO. 8, AUGUST 2003 Decomposing Bent Functions Anne Canteaut and Pascale Charpin Abstract In a recent paper [1], it is shown that the restrictions
More informationOptimal and asymptotically optimal CUSUM rules for change point detection in the Brownian Motion model with multiple alternatives
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Optimal and asymptotically optimal CUSUM rules for change point detection in the Brownian Motion model with multiple alternatives Olympia
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationISSN ISRN INRIA/RR FR+ENG. apport de recherche
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE 3914 Analytic Combinatorics of Chord Diagrams Philippe Flajolet, Marc Noy N3914 March 2000 THEME 2 ISSN 0249-6399 ISRN INRIA/RR--3914--FR+ENG
More informationhold or a eistel cipher. We nevertheless prove that the bound given by Nyberg and Knudsen still holds or any round keys. This stronger result implies
Dierential cryptanalysis o eistel ciphers and dierentially uniorm mappings Anne Canteaut INRIA Projet codes Domaine de Voluceau BP 105 78153 Le Chesnay Cedex rance Abstract In this paper we study the round
More informationSYND: a Fast Code-Based Stream Cipher with a Security Reduction
SYND: a Fast Code-Based Stream Cipher with a Security Reduction Philippe Gaborit XLIM-DMI, Université de Limoges 13 av. Albert Thomas 87000, Limoges, France gaborit@unilim.fr Cedric Lauradoux INRIA Rocquencourt,
More informationSensitivity to the cutoff value in the quadratic adaptive integrate-and-fire model
Sensitivity to the cutoff value in the quadratic adaptive integrate-and-fire model Jonathan Touboul To cite this version: Jonathan Touboul. Sensitivity to the cutoff value in the quadratic adaptive integrate-and-fire
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationCongestion in Randomly Deployed Wireless Ad-Hoc and Sensor Networks
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Congestion in Randomly Deployed Wireless Ad-Hoc and Sensor Networks Alonso Silva Patricio Reyes Mérouane Debbah N 6854 February 29 Thème
More informationThroughput optimization for micro-factories subject to failures
Throughput optimization for micro-factories subject to failures Anne Benoit, Alexandru Dobrila, Jean-Marc Nicod, Laurent Philippe To cite this version: Anne Benoit, Alexandru Dobrila, Jean-Marc Nicod,
More informationThe BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes
S-723410 BCH and Reed-Solomon Codes 1 S-723410 BCH and Reed-Solomon Codes 3 Background The algebraic structure of linear codes and, in particular, cyclic linear codes, enables efficient encoding and decoding
More informationImproving Goldschmidt Division, Square Root and Square Root Reciprocal
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Improving Goldschmidt Division, Square Root and Square Root Reciprocal Milos Ercegovac, Laurent Imbert, David Matula, Jean-Michel Muller,
More informationSign methods for counting and computing real roots of algebraic systems
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Sign methods for counting and computing real roots of algebraic systems Ioannis Z. Emiris & Bernard Mourrain & Mihail N. Vrahatis N 3669
More informationIdeals over a Non-Commutative Ring and their Application in Cryptology
Ideals over a Non-Commutative Ring and their Application in Cryptology E. M. Gabidulin, A. V. Paramonov and 0. V. Tretjakov Moscow Institute of Physics and Technology 141700 Dolgoprudnii Moscow Region,
More informationIN this paper, we exploit the information given by the generalized
4496 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 10, OCTOBER 2006 A New Upper Bound on the Block Error Probability After Decoding Over the Erasure Channel Frédéric Didier Abstract Motivated by
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationDIFFERENTIAL cryptanalysis is the first statistical attack
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 57, NO 12, DECEMBER 2011 8127 Differential Properties of x x 2t 1 Céline Blondeau, Anne Canteaut, Pascale Charpin Abstract We provide an extensive study of
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationPerturbed path following interior point algorithms 1. 8cmcsc8. RR n2745
Perturbed path following interior point algorithms 0 0 8cmcsc8 RR n2745 INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Perturbed path following interior point algorithms J. Frédéric Bonnans,
More informationSecret-sharing with a class of ternary codes
Theoretical Computer Science 246 (2000) 285 298 www.elsevier.com/locate/tcs Note Secret-sharing with a class of ternary codes Cunsheng Ding a, David R Kohel b, San Ling c; a Department of Computer Science,
More informationA Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem
A Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem Daniel Augot and Matthieu Finiasz INRIA, Domaine de Voluceau F-78153 Le Chesnay CEDEX Abstract. The Polynomial Reconstruction
More informationThe Support Splitting Algorithm and its Application to Code-based Cryptography
The Support Splitting Algorithm and its Application to Code-based Cryptography Dimitris E. Simos (joint work with Nicolas Sendrier) Project-Team SECRET INRIA Paris-Rocquencourt May 9, 2012 3rd Code-based
More informationOpen problems on cyclic codes
Open problems on cyclic codes Pascale Charpin Contents 1 Introduction 3 2 Different kinds of cyclic codes. 4 2.1 Notation.............................. 5 2.2 Definitions............................. 6
More informationQuartic formulation of Coulomb 3D frictional contact
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Quartic formulation of Coulomb 3D frictional contact Olivier Bonnefon Gilles Daviet N 0400 January 10, 2011 Modeling, Optimization, and
More informationOn Semigroups of Matrices in the (max,+) Algebra
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE On Semigroups of Matrices in the (max,) Algebra Stéphane GAUBERT N 2172 Janvier 1994 PROGRAMME 5 Traitement du signal, automatique et productique
More informationOn Cryptographic Properties of the Cosets of R(1;m)
1494 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 4, MAY 2001 On Cryptographic Properties of the Cosets of R(1;m) Anne Canteaut, Claude Carlet, Pascale Charpin, and Caroline Fontaine Abstract
More informationError Bounds on Complex Floating-Point Multiplication
Error Bounds on Complex Floating-Point Multiplication Richard Brent, Colin Percival, Paul Zimmermann To cite this version: Richard Brent, Colin Percival, Paul Zimmermann. Error Bounds on Complex Floating-Point
More informationapport de recherche N 2589 Boubakar GAMATIE Juillet 1995 INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE PROGRAMME 2 ISSN
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE A THEORY OF SEQUENTIAL FUNCTIONS Boubakar GAMATIE N 2589 Juillet 1995 PROGRAMME 2 apport de recherche ISSN 0249-6399 A THEORY OF SEQUENTIAL
More informationDifferential properties of power functions
Differential properties of power functions Céline Blondeau, Anne Canteaut and Pascale Charpin SECRET Project-Team - INRIA Paris-Rocquencourt Domaine de Voluceau - B.P. 105-8153 Le Chesnay Cedex - France
More informationEuler scheme for SDEs with non-lipschitz diffusion coefficient: strong convergence
Author manuscript, published in "SAIM: Probability and Statistics 12 (28) 15" INSTITUT NATIONAL D RCHRCH N INFORMATIQU T N AUTOMATIQU uler scheme for SDs with non-lipschitz diffusion coefficient: strong
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationHenry law and gas phase disappearance
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE arxiv:0904.1195v1 [physics.chem-ph] 7 Apr 2009 Henry law and gas phase disappearance Jérôme Jaffré Amel Sboui apport de recherche N 6891
More informationAn algorithm for reporting maximal c-cliques
An algorithm for reporting maximal c-cliques Frédéric Cazals, Chinmay Karande To cite this version: Frédéric Cazals, Chinmay Karande. An algorithm for reporting maximal c-cliques. [Research Report] RR-5642,
More informationHow to improve information set decoding exploiting that = 0 mod 2
How to improve information set decoding exploiting that 1 + 1 = 0 mod 2 Anja Becker Postdoc at EPFL Seminar CCA January 11, 2013, Paris Representation Find unique solution to hard problem in cryptography
More informationOn the behavior of upwind schemes in the low Mach number limit. IV : P0 Approximation on triangular and tetrahedral cells
On the behavior of upwind schemes in the low Mach number limit. IV : P0 Approximation on triangular and tetrahedral cells Hervé Guillard To cite this version: Hervé Guillard. On the behavior of upwind
More informationOptimal Routing Policy in Two Deterministic Queues
Optimal Routing Policy in Two Deterministic Queues Bruno Gaujal, Emmanuel Hyon To cite this version: Bruno Gaujal, Emmanuel Hyon. Optimal Routing Policy in Two Deterministic Queues. [Research Report] RR-37,
More informationTHIS paper investigates the difficulty of the Goppa Code
A Distinguisher for High Rate McEliece Cryptosystems Jean-Charles Faugère, Valérie Gauthier-Umaña, Ayoub Otmani, Ludovic Perret, Jean-Pierre Tillich Abstract The Goppa Code Distinguishing (GCD problem
More informationA CMA-ES for Mixed-Integer Nonlinear Optimization
A CMA-ES for Mixed-Integer Nonlinear Optimization Nikolaus Hansen To cite this version: Nikolaus Hansen. A CMA-ES for Mixed-Integer Nonlinear Optimization. [Research Report] RR-, INRIA.. HAL Id: inria-
More informationComputation of the singular subspace associated with the smallest singular values of large matrices
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Computation of the singular subspace associated with the smallest singular values of large matrices Bernard Philippe and Miloud Sadkane
More informationLaboratoire de l Informatique du Parallélisme
Laboratoire de l Informatique du Parallélisme Ecole Normale Supérieure de Lyon Unité de recherche associée au CNRS n 1398 An Algorithm that Computes a Lower Bound on the Distance Between a Segment and
More informationCryptanalysis of the Sidelnikov cryptosystem
Cryptanalysis of the Sidelnikov cryptosystem Lorenz Minder, Amin Shokrollahi Laboratoire de mathématiques algorithmiques (LMA), EPFL c 2007 IACR. This paper appeared in Advances in cryptology Eurocrypt
More informationOptimal Routing Policy in Two Deterministic Queues
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Optimal Routing Policy in Two Deterministic Queues Bruno Gaujal Emmanuel Hyon N 3997 Septembre 2000 THÈME 1 ISSN 0249-6399 ISRN INRIA/RR--3997--FR+ENG
More informationAdvances in code-based public-key cryptography. D. J. Bernstein University of Illinois at Chicago
Advances in code-based public-key cryptography D. J. Bernstein University of Illinois at Chicago Advertisements 1. pqcrypto.org: Post-quantum cryptography hash-based, lattice-based, code-based, multivariate
More informationGabidulin Codes that are Generalized. Reed Solomon Codes
International Journal of Algebra, Vol. 4, 200, no. 3, 9-42 Gabidulin Codes that are Generalized Reed Solomon Codes R. F. Babindamana and C. T. Gueye Departement de Mathematiques et Informatique Faculte
More information2 Description of McEliece s Public-Key Cryptosystem
1 A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM Bart Preneel 1,2, Antoon Bosselaers 1, René Govaerts 1 and Joos Vandewalle 1 A software implementation of the McEliece public-key cryptosystem
More informationImproved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5
Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 Anne Canteaut 1 and Michaël Trabbia 1,2 1 INRIA projet CODES B.P. 105 78153 Le Chesnay Cedex - France Anne.Canteaut@inria.fr
More informationElementary 2-Group Character Codes. Abstract. In this correspondence we describe a class of codes over GF (q),
Elementary 2-Group Character Codes Cunsheng Ding 1, David Kohel 2, and San Ling Abstract In this correspondence we describe a class of codes over GF (q), where q is a power of an odd prime. These codes
More informationTransform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and
Transform Domain Analysis of DES Guang Gong and Solomon W. Golomb Communication Sciences Institute University of Southern California Electrical Engineering-Systems, EEB # 500 Los Angeles, California 90089-2565
More informationEfficient polynomial L -approximations
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Efficient polynomial L -approximations Nicolas Brisebarre Sylvain Chevillard N???? December 2006 Thème SYM apport de recherche ISSN 0249-6399
More informationA General Framework for Nonlinear Functional Regression with Reproducing Kernel Hilbert Spaces
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE A General Framework for Nonlinear Functional Regression with Reproducing Kernel Hilbert Spaces Hachem Kadri Emmanuel Duflos Manuel Davy
More informationStrengthening McEliece Cryptosystem
Strengthening McEliece Cryptosystem Pierre Loidreau Project CODES, INRIA Rocquencourt Research Unit - B.P. 105-78153 Le Chesnay Cedex France Pierre.Loidreau@inria.fr Abstract. McEliece cryptosystem is
More informationNumerical modification of atmospheric models to include the feedback of oceanic currents on air-sea fluxes in ocean-atmosphere coupled models
Numerical modification of atmospheric models to include the feedback of oceanic currents on air-sea fluxes in ocean-atmosphere coupled models Florian Lemarié To cite this version: Florian Lemarié. Numerical
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven ASCrypto Summer School: 18 September 2017 Error correction
More informationCRYPTANALYSE EN TEMPS POLYNOMIAL DU SCHÉMA DE MCELIECE BASÉ SUR LES CODES
POLYNOMIAL DU SCHÉMA CODES GÉOMÉTRIQUES A. COUVREUR 1 I. MÁRQUEZ-CORBELLA 1 R. PELLIKAAN 2 1 INRIA Saclay & LIX 2 Department of Mathematics and Computing Science, TU/e. Journées Codage et Cryptographie
More informationAlgebraic Characterization of Minimum Weight Codewords of Cyclic Codes
Algebraic Characterization of Minimum Weight Codewords of Cyclic Codes Daniel Augot Abstract We consider primitive cyclic codes of length n over GF (q), where n = q m 1, and for any such code with defining
More informationGeometry and Numerics of CMC Surfaces with Radial Metrics
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Geometry and Numerics of CMC Surfaces with Radial Metrics Gabriel Dos Reis N 4763 Mars 2003 THÈME 2 ISSN 0249-6399 ISRN INRIA/RR--4763--FRENG
More informationA filtering method for the interval eigenvalue problem
A filtering method for the interval eigenvalue problem Milan Hladik, David Daney, Elias P. Tsigaridas To cite this version: Milan Hladik, David Daney, Elias P. Tsigaridas. A filtering method for the interval
More informationChapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding
Chapter 6 Reed-Solomon Codes 6. Finite Field Algebra 6. Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding 6. Finite Field Algebra Nonbinary codes: message and codeword symbols
More informationCoding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013
Coding Theory and Applications Solved Exercises and Problems of Cyclic Codes Enes Pasalic University of Primorska Koper, 2013 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a collection of solved
More informationSecurity Proofs for Signature Schemes. Ecole Normale Superieure. 45, rue d'ulm Paris Cedex 05
Security Proofs for Signature Schemes David Pointcheval David.Pointcheval@ens.fr Jacques Stern Jacques.Stern@ens.fr Ecole Normale Superieure Laboratoire d'informatique 45, rue d'ulm 75230 Paris Cedex 05
More informationAlgebraic Cryptanalysis of Compact McEliece s Variants Toward a Complexity Analysis
Algebraic Cryptanalysis of Compact McEliece s Variants Toward a Complexity Analysis Jean-Charles Faugère 1, Ayoub Otmani 2,3, Ludovic Perret 1, and Jean-Pierre Tillich 2 1 SALSA Project - INRIA (Centre
More informationLaboratoire de l Informatique du Parallélisme. École Normale Supérieure de Lyon Unité Mixte de Recherche CNRS-INRIA-ENS LYON n o 8512
Laboratoire de l Informatique du Parallélisme École Normale Supérieure de Lyon Unité Mixte de Recherche CNRS-INRIA-ENS LYON n o 8512 SPI A few results on table-based methods Jean-Michel Muller October
More informationRON M. ROTH * GADIEL SEROUSSI **
ENCODING AND DECODING OF BCH CODES USING LIGHT AND SHORT CODEWORDS RON M. ROTH * AND GADIEL SEROUSSI ** ABSTRACT It is shown that every q-ary primitive BCH code of designed distance δ and sufficiently
More information5.0 BCH and Reed-Solomon Codes 5.1 Introduction
5.0 BCH and Reed-Solomon Codes 5.1 Introduction A. Hocquenghem (1959), Codes correcteur d erreurs; Bose and Ray-Chaudhuri (1960), Error Correcting Binary Group Codes; First general family of algebraic
More informationFinding good differential patterns for attacks on SHA-1
Finding good differential patterns for attacks on SHA-1 Krystian Matusiewicz and Josef Pieprzyk Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie University,
More informationIterative Methods for Model Reduction by Domain Decomposition
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE arxiv:0712.0691v1 [physics.class-ph] 5 Dec 2007 Iterative Methods for Model Reduction by Domain Decomposition Marcelo Buffoni Haysam Telib
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationNumerical Analysis of Different Vibrational Relaxation Models for Master Equations.
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Numerical Analysis of Different Vibrational Relaxation Models for Master Equations. F. Mallinger, N 3263 Septembre 1997 THÈME 4 apport de
More informationOpen problems related to algebraic attacks on stream ciphers
Open problems related to algebraic attacks on stream ciphers Anne Canteaut INRIA - projet CODES B.P. 105 78153 Le Chesnay cedex - France e-mail: Anne.Canteaut@inria.fr Abstract The recently developed algebraic
More informationOn the Use of Structured Codes in Code Based Cryptography 1. Nicolas Sendrier
On the Use of Structured Codes in Code Based Cryptography 1 Nicolas Sendrier INRIA, CRI Paris-Rocquencourt, Project-Team SECRET Email: Nicolas.Sendrier@inria.fr WWW: http://www-roc.inria.fr/secret/nicolas.sendrier/
More informationBounds on eigenvalues and singular values of interval matrices
Bounds on eigenvalues and singular values of interval matrices Milan Hladik, David Daney, Elias P. Tsigaridas To cite this version: Milan Hladik, David Daney, Elias P. Tsigaridas. Bounds on eigenvalues
More informationComparison of TCP Reno and TCP Vegas via Fluid Approximation
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Comparison of TCP Reno and TCP Vegas via Fluid Approximation Thomas Bonald N 3563 Novembre 1998 THÈME 1 apport de recherche ISSN 0249-6399
More informationCryptanalysis of the TTM Cryptosystem
Cryptanalysis of the TTM Cryptosystem Louis Goubin and Nicolas T Courtois SchlumbergerSema - CP8 36-38 rue de la Princesse BP45 78430 Louveciennes Cedex France LouisGoubin@bullnet,courtois@minrankorg Abstract
More informationReal-Parameter Black-Box Optimization Benchmarking 2009: Noiseless Functions Definitions
Real-Parameter Black-Box Optimization Benchmarking 2009: Noiseless Functions Definitions Nikolaus Hansen, Steffen Finck, Raymond Ros, Anne Auger To cite this version: Nikolaus Hansen, Steffen Finck, Raymond
More informationHyperbent functions, Kloosterman sums and Dickson polynomials
Hyperbent functions, Kloosterman sums and Dickson polynomials Pascale Charpin INRIA, Codes Domaine de Voluceau-Rocquencourt BP 105-78153, Le Chesnay France Email: pascale.charpin@inria.fr Guang Gong Department
More informationMINIMAL CODEWORDS IN LINEAR CODES. Yuri Borissov, Nickolai Manev
Serdica Math. J. 30 (2004, 303 324 MINIMAL CODEWORDS IN LINEAR CODES Yuri Borissov, Nickolai Manev Communicated by V. Brînzănescu Abstract. Cyclic binary codes C of block length n = 2 m 1 and generator
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationapport de recherche ISSN
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE An Algorithm for Estimating all Matches Between Two Strings Mihail J. ATALLAH, Frederic CHYZAK, Philippe DUMAS N 3194 Juin 1997 THEME 2
More informationA New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis
A New Baby-Step Giant-Step Algorithm and Some Applications to Cryptanalysis Jean Sébastien Coron 1, David Lefranc 2 and Guillaume Poupard 3 1 Université du Luxembourg Luxembourg coron@clipper.ens.fr 2
More informationAnti-sparse coding for approximate nearest neighbor search
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE arxiv:1110.3767v2 [cs.cv] 25 Oct 2011 Anti-sparse coding for approximate nearest neighbor search Hervé Jégou Teddy Furon Jean-Jacques Fuchs
More informationOn formulas for decoding binary cyclic codes
On formulas for decoding binary cyclic codes Daniel Augot INRIA-Rocquencourt Domaine de Voluceau Le Chesnay, FRANCE Magali Bardet Laboratoire LITIS Université de Rouen Jean-Charles Faugère INRIA Rocquencourt,
More informationRigid Transformation Estimation in Point Registration Procedures: Study of the Use of Mahalanobis Distances
Rigid Transformation Estimation in Point Registration Procedures: Study of the Use of Mahalanobis Distances Manuel Yguel To cite this version: Manuel Yguel. Rigid Transformation Estimation in Point Registration
More informationMidterm for Introduction to Numerical Analysis I, AMSC/CMSC 466, on 10/29/2015
Midterm for Introduction to Numerical Analysis I, AMSC/CMSC 466, on 10/29/2015 The test lasts 1 hour and 15 minutes. No documents are allowed. The use of a calculator, cell phone or other equivalent electronic
More informationWild McEliece Incognito
Wild McEliece Incognito Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Seminaire de Cryptographie Rennes April 1, 2011 Bad news Quantum computers
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationThe failure of McEliece PKC based on Reed-Muller codes.
The failure of McEliece PKC based on Reed-Muller codes. May 8, 2013 I. V. Chizhov 1, M. A. Borodin 2 1 Lomonosov Moscow State University. email: ivchizhov@gmail.com, ichizhov@cs.msu.ru 2 Lomonosov Moscow
More informationA note on intersection types
A note on intersection types Christian Retoré To cite this version: Christian Retoré. A note on intersection types. RR-2431, INRIA. 1994. HAL Id: inria-00074244 https://hal.inria.fr/inria-00074244
More informationNORMALE SUPERIEURE. Département de Mathématiques et Informatique CNRS URA Black Box Cryptanalysis of Cryptographic.
E COLE NORMALE SUPERIEURE Black Box Cryptanalysis of Cryptographic Primitives Claus Peter SCHNORR Serge VAUDENAY LIENS - 95-28 Département de Mathématiques et Informatique CNRS URA 1327 Black Box Cryptanalysis
More informationON PERTURBATION OF BINARY LINEAR CODES. PANKAJ K. DAS and LALIT K. VASHISHT
Math Appl 4 (2015), 91 99 DOI: 1013164/ma201507 ON PERTURBATION OF BINARY LINEAR CODES PANKAJ K DAS and LALIT K VASHISHT Abstract We present new codes by perturbation of rows of the generating matrix of
More informationReducing Key Length of the McEliece Cryptosystem
Reducing Key Length of the McEliece Cryptosystem Thierry Pierre Berger, Pierre-Louis Cayrel, Philippe Gaborit, Ayoub Otmani To cite this version: Thierry Pierre Berger, Pierre-Louis Cayrel, Philippe Gaborit,
More information