Cryptographic Engineering
|
|
- Dwight Farmer
- 5 years ago
- Views:
Transcription
1 Cryptographic Engineering Clément PERNET M2 Cyber Security, UFR-IM 2 AG, Univ. Grenoble-Alpes ENSIMAG, Grenoble INP
2 Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece cryptosystem
3 Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece cryptosystem
4 Errors everywhere
5 Errors everywhere
6 Error models Communication channel Radio transmission Ethernet, DSL CD/DVD Audio/Video/ROM RAM HDD electromagnetic interferences electromagnetic interferences scratches, dust cosmic radiations magnetic field, crash
7 Error models Communication channel Radio transmission Ethernet, DSL CD/DVD Audio/Video/ROM RAM HDD Message Sender Message electromagnetic interferences electromagnetic interferences scratches, dust cosmic radiations magnetic field, crash Message Receiver
8 Error models Communication channel Radio transmission Ethernet, DSL CD/DVD Audio/Video/ROM RAM HDD Message Sender Message Error electromagnetic interferences electromagnetic interferences scratches, dust cosmic radiations magnetic field, crash Message Receiver
9 Error models Communication channel Radio transmission Ethernet, DSL CD/DVD Audio/Video/ROM RAM HDD electromagnetic interferences electromagnetic interferences scratches, dust cosmic radiations magnetic field, crash Message Sender encoding code word code word Error received word Receiver decoding Message
10 Generalities on coding theory Goals: Detect: require retransmission Correct: i.e. when no interraction possible Tool: Adding redundancy (integrity certificate)
11 Generalities on coding theory Goals: Detect: require retransmission Correct: i.e. when no interraction possible Tool: Adding redundancy (integrity certificate) Example (NATO phonetic alphabet) A Alfa, B Bravo, C Charlie, D Delta... Alpha Bravo India Tango Tango Echo Delta India Oscar Uniform Sierra!
12 Generalities on coding theory Goals: Detect: require retransmission Correct: i.e. when no interraction possible Tool: Adding redundancy (integrity certificate) Example (NATO phonetic alphabet) A Alfa, B Bravo, C Charlie, D Delta... Alpha Bravo India Tango Tango Echo Delta India Oscar Uniform Sierra! Two categories of codes: stream codes: online processing of the stream of information block codes: cutting information in blocks and applying the same treatment to each block
13 Generalities on coding theory Goals: Detect: require retransmission Correct: i.e. when no interraction possible Tool: Adding redundancy (integrity certificate) Example (NATO phonetic alphabet) A Alfa, B Bravo, C Charlie, D Delta... Alpha Bravo India Tango Tango Echo Delta India Oscar Uniform Sierra! Two categories of codes: stream codes: online processing of the stream of information block codes: cutting information in blocks and applying the same treatment to each block
14 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n.
15 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n. Parity check (x 1, x 2, x 3 ) (x 1, x 2, x 3, s) with s = 3 i=1 x i mod 2 3 i=1 x i + s = 0 mod 2
16 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n. Parity check (x 1, x 2, x 3 ) (x 1, x 2, x 3, s) (x 1, x 2, x 3, s) Error detected with s = 3 i=1 x i mod 2 3 i=1 x i + s = 0 mod 2
17 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n. Parity check (x 1, x 2, x 3 ) (x 1, x 2, x 3, s) (x 1, x 2, x 3, s) Error detected with s = 3 i=1 x i mod 2 3 i=1 x i + s = 0 mod 2 Repetition code Say that again?
18 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n. Parity check (x 1, x 2, x 3 ) (x 1, x 2, x 3, s) (x 1, x 2, x 3, s) Error detected with s = 3 i=1 x i mod 2 3 i=1 x i + s = 0 mod 2 Repetition code Say that again? a aaa aab aaa a
19 Generalities A code is a sub-set C E of a set of possible words. Often, E is built from an alphabet Σ: E = Σ n. Parity check (x 1, x 2, x 3 ) (x 1, x 2, x 3, s) (x 1, x 2, x 3, s) Error detected with s = 3 i=1 x i mod 2 3 i=1 x i + s = 0 mod 2 Repetition code Say that again? a aaa aab aaa a E : Σ Σ r x (x,..., x), and C = Im(E) Σ }{{} r times
20 Types of channels Symmetric binary channel p: error rate 0 1 p 0 1 p p 1 p 1 Floppy CD Optic fibre Satellite DSL LAN (7kB every 700MB) to
21 Capacity of a channel Input distribution: random var. X with val. in V: Pr[X = v i ] = p i. Output distribution: random var. Y. Transition probabilities: p j i = Pr[Y = v j X = v i ] Mutual information I(X, Y) = x,y log(p(x, y)) p(x, y) log(p(x)) log(p(y)) = H(X) H(X Y) = H(Y) H(Y X). Mesures how much information is shared between X and Y how much information of the source has been transmitted Definition (Channel capacity) C = max all probability distrib for X I(X, Y)
22 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X).
23 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X). Exercise (Capacity of the symmetric binary channel) Let p X = Pr[X = 0], then Pr[X = 1] = 1 p X symmetric p i j = p constant and p i i = 1 p
24 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X). Exercise (Capacity of the symmetric binary channel) Let p X = Pr[X = 0], then Pr[X = 1] = 1 p X symmetric p i j = p constant and p i i = 1 p symmectric H(Y X) = H(Y X = 0) = H(Y X = 1) independent from the probability distribution of X.
25 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X). Exercise (Capacity of the symmetric binary channel) Let p X = Pr[X = 0], then Pr[X = 1] = 1 p X symmetric p i j = p constant and p i i = 1 p symmectric H(Y X) = H(Y X = 0) = H(Y X = 1) independent from the probability distribution of X. H(Y) H(Y X) is maximal when H(Y) is maximal Pr[Y = 0] = Pr[Y = 1] = 1/2. { Pr[Y = 0] = px (1 p) + (1 p X )p,, Pr[Y = 1] = p X p + (1 p)(1 p X ) when
26 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X). Exercise (Capacity of the symmetric binary channel) Let p X = Pr[X = 0], then Pr[X = 1] = 1 p X symmetric p i j = p constant and p i i = 1 p symmectric H(Y X) = H(Y X = 0) = H(Y X = 1) independent from the probability distribution of X. H(Y) H(Y X) is maximal when H(Y) is maximal Pr[Y = 0] = Pr[Y = 1] = 1/2. { Pr[Y = 0] = px (1 p) + (1 p X )p,, Pr[Y = 1] = p X p + (1 p)(1 p X ) for p X = 1/2 maximal C = H(X) H(Y X) = 1 + p log p + (1 p) log(1 p) when
27 Examples of channel capacities If H(Y) = H(Y X) input does not impact output C = 0 If H(Y X) = 0 no uncertainty on the output for a given input error free channel C = H(X). Exercise (Capacity of the symmetric binary channel) Let p X = Pr[X = 0], then Pr[X = 1] = 1 p X symmetric p i j = p constant and p i i = 1 p symmectric H(Y X) = H(Y X = 0) = H(Y X = 1) independent from the probability distribution of X. H(Y) H(Y X) is maximal when H(Y) is maximal Pr[Y = 0] = Pr[Y = 1] = 1/2. { Pr[Y = 0] = px (1 p) + (1 p X )p,, Pr[Y = 1] = p X p + (1 p)(1 p X ) for p X = 1/2 maximal C = H(X) H(Y X) = 1 + p log p + (1 p) log(1 p) p=1/2 C = 0 but > 0 otherwise when
28 Second theorem of Shannon Theorem (Shannon) Over a binary channel of capacity C, for any ɛ > 0, there is an (n, k) code of rate R = k/n that can decode with probability of error < ɛ if and only if 0 R < C.
29 Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece cryptosystem
30 Linear Codes Linear Codes Let E = V n over a finite field V. A linear code C is a subspace of E. length: n dimension: k = dim(c) Rate (of information): k/n Encoding function: E : V k V n s.t. C = Im(E) V n
31 Linear Codes Linear Codes Let E = V n over a finite field V. A linear code C is a subspace of E. length: n dimension: k = dim(c) Rate (of information): k/n Encoding function: E : V k V n s.t. C = Im(E) V n Example Parity code: k = n 1 r-repetition code: k = n/r 1-detector r 1-detector, r 1 2 -corrector
32 Distance of a code Hamming weight: w H (x) = {i, x i 0}.
33 Distance of a code Hamming weight: w H (x) = {i, x i 0}. Hamming distance: d H (x, y) = w H (x y) = {i, x i y i }
34 Distance of a code Hamming weight: w H (x) = {i, x i 0}. Hamming distance: d H (x, y) = w H (x y) = {i, x i y i } minimal distance of a code δ = min x,y C d H (x, y) In a linear code: δ = min x C\{0} w H (x)) t δ
35 Distance of a code Hamming weight: w H (x) = {i, x i 0}. Hamming distance: d H (x, y) = w H (x y) = {i, x i y i } minimal distance of a code δ = min x,y C d H (x, y) In a linear code: δ = min x C\{0} w H (x)) t C is t-corrector if x E {c C, d H (x, c) t} 1
36 Distance of a code Hamming weight: w H (x) = {i, x i 0}. Hamming distance: d H (x, y) = w H (x y) = {i, x i y i } minimal distance of a code δ = min x,y C d H (x, y) In a linear code: δ = min x C\{0} w H (x)) t δ C is t-corrector if x E {c C, d H (x, c) t} 1 c 1, c 2 C c 1 c 2 d H (c 1, c 2 ) > 2t
37 Perfect codes Definition A code is perfect if any detected error can be corrected. Example 4-repetition is not perfect 3-repetition is perfect
38 Perfect codes Definition A code is perfect if any detected error can be corrected. Example 4-repetition is not perfect 3-repetition is perfect Property A code is perfect if the balls of radius t around the codewords form a partition of the ambiant space.
39 Generator matrix and parity check matrix Generator matrix The matrix of the encoding function (depends on a choice of basis): E : x T x T G 1 0 Systematic form: G =... G 0 1
40 Generator matrix and parity check matrix Generator matrix The matrix of the encoding function (depends on a choice of basis): E : x T x T G 1 0 Systematic form: G =... G Parity check matrix H K (n k) n s.t. ker(h) = C: c C Hc = 0 2. basis of ker(g T ): HG T = 0
41 Generator matrix and parity check matrix Generator matrix The matrix of the encoding function (depends on a choice of basis): E : x T x T G 1 0 Systematic form: G =... G Parity check matrix H K (n k) n s.t. ker(h) = C: c C Hc = 0 2. basis of ker(g T ): HG T = 0 Exercise Find G and H of the binary parity check and of the k-repetition codes.
42 Generator matrix and parity check matrix Generator matrix The matrix of the encoding function (depends on a choice of basis): E : x T x T G 1 0 Systematic form: G =... G Parity check matrix H K (n k) n s.t. ker(h) = C: c C Hc = 0 2. basis of ker(g T ): HG T = 0 Exercise Find G and H of the binary parity check and of the k-repetition codes. 1 1 G par =......, H par = [1... 1], G rep = H par, G rep = H par 1 1
43 Role of the parity check matrix Certificate for detecting errors c C Hc = 0 Syndrom: s x = Hx = H(c + e) = He
44 Role of the parity check matrix Certificate for detecting errors c C Hc = 0 Syndrom: s x = Hx = H(c + e) = He a first correction algorithm: pre-compute all se for w H(e) t in a table S For x received. If sx 0, look for s x in the table S return the corresponding codeword O x s=hx s==0? Return x N s c Return c
45 Hamming codes Let H = Parameters of the corresponding code? Generator matrix? Minimal distance? Is it a perfect code?
46 Hamming codes Let H = Parameters of the corresponding code? (n, k) = (7, 4) Generator matrix? Minimal distance? Is it a perfect code?
47 Hamming codes Let H = Parameters of the corresponding code? (n, k) = (7, 4) Generator matrix? G = Minimal distance? Is it a perfect code?
48 Hamming codes Let H = Parameters of the corresponding code? (n, k) = (7, 4) Generator matrix? G = Minimal distance? δ 3. If δ = 1, i, Hi = 0 If δ = 2, i j, Hi = H j δ = 3 Is it a perfect code?
49 Hamming codes Let H = Parameters of the corresponding code? (n, k) = (7, 4) Generator matrix? G = Minimal distance? δ 3. If δ = 1, i, Hi = 0 If δ = 2, i j, Hi = H j δ = 3 Is it a perfect code? δ = 3 t = 1 corrector. C = 2 k # of elements in each ball of radius 1: 2 k (1 + 7) = 16 8 = 2 7 = K n perfect
50 Hamming codes Let H = Parameters of the corresponding code? (n, k) = (7, 4) Generator matrix? G = Minimal distance? δ 3. If δ = 1, i, Hi = 0 If δ = 2, i j, Hi = H j δ = 3 Is it a perfect code? δ = 3 t = 1 corrector. C = 2 k # of elements in each ball of radius 1: 2 k (1 + 7) = 16 8 = 2 7 = K n perfect Generalization l: H(2 l 1, 2 l l), is 1-corrector, perfect. Example: Minitel, ECC memory: l = 7
51 Some bounds Let C be a code (n, k, δ) over a field F q with q elements. k and δ can not be simulatneously large for a given n. Sphere packing: q k t ( n ) i=0 i (q 1) i q n, t = δ 1 2.
52 Some bounds Let C be a code (n, k, δ) over a field F q with q elements. k and δ can not be simulatneously large for a given n. Sphere packing: q k t ( n ) i=0 i (q 1) i q n, t = δ 1 2. Singleton bound: δ n k + 1
53 Some bounds Let C be a code (n, k, δ) over a field F q with q elements. k and δ can not be simulatneously large for a given n. Sphere packing: q k t ( n ) i=0 i (q 1) i q n, t = δ 1 2. Singleton bound: δ n k + 1 Sketch of proof: Let H be the parity check matrix (n k) n. δ is the smallest number of linearly dependent cols of H. n k + 1 = rank(h) + 1 cols are always linearly dependent.
54 Some bounds Let C be a code (n, k, δ) over a field F q with q elements. k and δ can not be simulatneously large for a given n. Sphere packing: q k t ( n ) i=0 i (q 1) i q n, t = δ 1 2. Singleton bound: δ n k + 1 Sketch of proof: Let H be the parity check matrix (n k) n. δ is the smallest number of linearly dependent cols of H. n k + 1 = rank(h) + 1 cols are always linearly dependent. How to build codes correcting up to n k 2.
55 Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece cryptosystem
56 Reed-Solomon codes Definition (Reed-Solomon codes) Let K be a finite field, and x 1,..., x n K distinct elements. The Reed-Solomon code of length n and dimension k is defined by C(n, k) = {(f (x 1 ),..., f (x n )), f K[X]; deg f < k}
57 Reed-Solomon codes Definition (Reed-Solomon codes) Let K be a finite field, and x 1,..., x n K distinct elements. The Reed-Solomon code of length n and dimension k is defined by C(n, k) = {(f (x 1 ),..., f (x n )), f K[X]; deg f < k} Example (n, k) = (5, 3), f = x 2 + 2x + 1 over Z/31Z. (1, 2, 1, 0, 0) Eval (f (1), f (5), f (8), f (10), f (12)) = (4, 17, 5, 7, 17) (4, 17, 5, 7, 17) Interp. (1, 2, 1, 0, 0) x 2 + 2x + 1 (4, 17, 13, 7, 17) Interp. (12, 8, 11, 10, 1) x x x 2 + 8x + 12
58 Minimal distance of Reed-Solomon codes Property δ = n k + 1 (Maximum Distance Separable codes)
59 Minimal distance of Reed-Solomon codes Property δ = n k + 1 (Maximum Distance Separable codes) Proof. Singeton bound: δ n k + 1
60 Minimal distance of Reed-Solomon codes Property δ = n k + 1 (Maximum Distance Separable codes) Proof. Singeton bound: δ n k + 1 Let f, g C: deg f, deg g < k. If f (x i ) g(x i ) for d < n k + 1 values x i, Then f (x j ) g(x j ) = 0 for at least n d > k 1 values x j. Now deg(f g) < k, hence f = g.
61 Minimal distance of Reed-Solomon codes Property δ = n k + 1 (Maximum Distance Separable codes) Proof. Singeton bound: δ n k + 1 Let f, g C: deg f, deg g < k. If f (x i ) g(x i ) for d < n k + 1 values x i, Then f (x j ) g(x j ) = 0 for at least n d > k 1 values x j. Now deg(f g) < k, hence f = g. correct up to n k 2 errors.
62 Rational fraction reconstruction Problem (RFR: Rational Fraction Reconstruction) Given A, B K[X] with deg B < deg A = n, find f, g K[X], with deg f d F, deg g n d F 1 and f = gb mod A. Theorem Let (f 0 = A, f 1 = B,..., f l ) the sequence of remainders of the extended Euclidean algorithm applied on (A, B) and u i, v i the coefficients s.t. f i = u i f 0 + v i f 1. Then, at iteration j s.t. deg f j d F < deg f j 1, 1. (f j, v j ) is a solution of problem RFR. 2. it is minimal: any other solution (f, g) writes f = qf j, g = qv j for q K[X].
63 Reed-Solomon decoding with Extended Euclidean algorithm Berlekamp-Welch using extended Euclidean algorithm Erroneous interpolant: P = Interp((y i, x i )) Error locator polynomial: Λ = i y iis erroneous (X x i) Find f with deg f d F s.t.. f and P match on n t evaluations x i. Λf }{{} = }{{} Λ P mod f j g j n (X x i ) i=1 and (Λf, Λ) is minimal computed by extended Euclidean Algorithm f = f j /g j.
64 Another decoding algorithm: syndrom based From now on: K = F q, n = q 1, x i = α i where α is a primitive n-th root of unity. E(f ) = (f (α 0 ), f (α 1 ), f (α 2 ),..., f (α n 1 )) = DFT α (f )
65 Another decoding algorithm: syndrom based From now on: K = F q, n = q 1, x i = α i where α is a primitive n-th root of unity. E(f ) = (f (α 0 ), f (α 1 ), f (α 2 ),..., f (α n 1 )) = DFT α (f ) Linear recurring sequences Sequences (a 0, a 1,..., a n,... ) such that t 1 j 0 a j+t = λ i a i+j i=0 generator polynomial: Λ(z) = z t t 1 i=0 λ iz i minimal polynomial: Λ(z) of minimal degree linear complexity of (a i ) i : degree t of the minimal polynomial Λ Computing Λ min : Berlekamp/Massey algorithm, from 2t consecutive elements, in O ( t 2)
66 Blahut theorem Theorem ( [Blahut84], [Prony1795] ) The DFT α of a vector of weight t has linear complexity t.
67 Blahut theorem Theorem ( [Blahut84], [Prony1795] ) The DFT α of a vector of weight t has linear complexity t. Skecth of proof Let v = e i be a 1-weight vector. Then DFT α (v) = Ev (α0,α 1,...,α n )(X i ) = ((α 0 ) i, (α 1 ) i,..., (α n 1 ) i ) is linearly generated by Λ(z) = z α i.
68 Blahut theorem Theorem ( [Blahut84], [Prony1795] ) The DFT α of a vector of weight t has linear complexity t. Skecth of proof Let v = e i be a 1-weight vector. Then DFT α (v) = Ev (α0,α 1,...,α n )(X i ) = ((α 0 ) i, (α 1 ) i,..., (α n 1 ) i ) is linearly generated by Λ(z) = z α i. For v = t j=1 e i j, the sequence DFT α (v) is generated by ppcm j (z α ij ) = t j=1 (z αij )
69 Blahut theorem Theorem ( [Blahut84], [Prony1795] ) The DFT α of a vector of weight t has linear complexity t. Skecth of proof Let v = e i be a 1-weight vector. Then DFT α (v) = Ev (α0,α 1,...,α n )(X i ) = ((α 0 ) i, (α 1 ) i,..., (α n 1 ) i ) is linearly generated by Λ(z) = z α i. For v = t j=1 e i j, the sequence DFT α (v) is generated by ppcm j (z α ij ) = t j=1 (z αij ) Corollary The roots of Λ localize the non-zero elements les éléments non nuls de v: α ij. error locator
70 Syndrom Decoding of Reed-Solomon codes C = {(f (x 1 ),..., f (x n )) deg f < k} Evaluation f m = f (x), deg f < k 0 y = Eval(f ), y i = f (x i) error e P = f + Interp(e) 0 Interpolation z = y + e
71 Syndrom Decoding of Reed-Solomon codes C = {(f (x 1 ),..., f (x n )) deg f < k} Evaluation f m = f (x), deg f < k 0 y = Eval(f ), y i = f (x i) error e g = f + Interp(e) z = y + e 0 Interpolation Berlekamp Massey algorithm f
72 Codes derived from Reed Solomon codes Generalized Reed-Solomon codes C GRS (n, k, v) = {(v 1 f (x 1 ),..., v n f (x n )), f K <k [X]} same dimension and minimal distance MDS Allows to prove existence of a dual GRS code in the same evaluation points
73 Codes derived from Reed Solomon codes Goppa codes Let Motivation: allow arbitrary length n for a fixed field F q. (GRS codes require q < n). Idea: use a GRS over F q m, and restrict to F q. K = F q, K = F q m and (α (K ) n f F q m[x], deg f = t 1 and m(t 1) < n v = ( 1 f (α i) ) C K = C GRS (n, k, v) over K with parameters (n, k, t) Then Minimum distance: t C Goppa = C K F n q Binary Goppa, with f square free Minimum distance: = 2t + 1
74 Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece cryptosystem
75 A code based cryptosystem [Mc Eliece 78] Designing a one way function with trapdoor Use the encoder of a linear code: message [ G ] = codeword Encoding is easy (matrix-vector product) Decoding a random linear code is NP-complete Trapdoor: efficient decoding algorithm when the code familiy is known
76 A code based cryptosystem [Mc Eliece 78] Designing a one way function with trapdoor Use the encoder of a linear code: message [ G ] = codeword Encoding is easy (matrix-vector product) Decoding a random linear code is NP-complete Trapdoor: efficient decoding algorithm when the code familiy is known requires a family F of codes indistinguishable from random linear codes with fast decoding algorithm
77 Mc Eliece Cryptosystem Key generation Select an (n, k) binary linear code C F correcting t errors, having an efficient decoding algorithm A C, Form G F k n q, a generator matrix for C Select a random k k non-singular matrix S Select a random n-dimensional permutation P. Ĝ = SGP Public key: (Ĝ, t) Private key: (S, G, P) and A C
78 Mc Eliece Cryptosystem Encrypt E(m) = mĝ + e = msgp + e = y where e is an error vector of Hamming weight at most t. Decrypt 1. y = yp 1 = msg + ep 1 2. m = A C (y ) = ms 3. m = m S 1
79 Parameters for Mc Eliece in practice (n, k, d) Code family key size Security Attack (256, 128, 129) Gen. Reed-Solomon 67ko 2 95 [SS92]
80 Parameters for Mc Eliece in practice (n, k, d) Code family key size Security Attack (256, 128, 129) Gen. Reed-Solomon 67ko 2 95 [SS92] subcodes of GRS [Wie10]
81 Parameters for Mc Eliece in practice (n, k, d) Code family key size Security Attack (256, 128, 129) Gen. Reed-Solomon 67ko 2 95 [SS92] subcodes of GRS [Wie10] (1024, 176, 128) Reed-Muller codes 22.5ko 2 72 [MS07, CB13] (2048, 232, 256) Reed-Muller codes 59.4ko 2 93 [MS07, CB13]
82 Parameters for Mc Eliece in practice (n, k, d) Code family key size Security Attack (256, 128, 129) Gen. Reed-Solomon 67ko 2 95 [SS92] subcodes of GRS [Wie10] (1024, 176, 128) Reed-Muller codes 22.5ko 2 72 [MS07, CB13] (2048, 232, 256) Reed-Muller codes 59.4ko 2 93 [MS07, CB13] (171, 109, 61) 128 Alg.-Geom. codes 16ko 2 66 [FM08, CMP14]
83 Parameters for Mc Eliece in practice (n, k, d) Code family key size Security Attack (256, 128, 129) Gen. Reed-Solomon 67ko 2 95 [SS92] subcodes of GRS [Wie10] (1024, 176, 128) Reed-Muller codes 22.5ko 2 72 [MS07, CB13] (2048, 232, 256) Reed-Muller codes 59.4ko 2 93 [MS07, CB13] (171, 109, 61) 128 Alg.-Geom. codes 16ko 2 66 [FM08, CMP14] (1024, 524, 101) 2 Goppa codes 67ko 2 62 (2048, 1608, 48) 2 Goppa codes 412ko 2 96
84 Advantages of McEliece cryptosystem Security Based on two assumptions: decoding a random linear code is hard (NP complete reduction) the generator matrix of a Goppa code looks random (indistinguishability) Pros: faster encoding/decoding algorithms than RSA, ECC (for a given security parameter) Post quantum security: still robust against quantum computer attacks Cons: harder to use it for signature (non determinstic encoding) large key size
Chapter 7. Error Control Coding. 7.1 Historical background. Mikael Olofsson 2005
Chapter 7 Error Control Coding Mikael Olofsson 2005 We have seen in Chapters 4 through 6 how digital modulation can be used to control error probabilities. This gives us a digital channel that in each
More informationList decoding of binary Goppa codes and key reduction for McEliece s cryptosystem
List decoding of binary Goppa codes and key reduction for McEliece s cryptosystem Morgan Barbier morgan.barbier@lix.polytechnique.fr École Polytechnique INRIA Saclay - Île de France 14 April 2011 University
More informationError-correcting Pairs for a Public-key Cryptosystem
Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Márquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 Introduction and
More informationChannel Coding for Secure Transmissions
Channel Coding for Secure Transmissions March 27, 2017 1 / 51 McEliece Cryptosystem Coding Approach: Noiseless Main Channel Coding Approach: Noisy Main Channel 2 / 51 Outline We present an overiew of linear
More informationErrors, Eavesdroppers, and Enormous Matrices
Errors, Eavesdroppers, and Enormous Matrices Jessalyn Bolkema September 1, 2016 University of Nebraska - Lincoln Keep it secret, keep it safe Public Key Cryptography The idea: We want a one-way lock so,
More informationSparse Polynomial Interpolation and Berlekamp/Massey algorithms that correct Outlier Errors in Input Values
Sparse Polynomial Interpolation and Berlekamp/Massey algorithms that correct Outlier Errors in Input Values Clément PERNET joint work with Matthew T. COMER and Erich L. KALTOFEN : LIG/INRIA-MOAIS, Grenoble
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationThe BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes
S-723410 BCH and Reed-Solomon Codes 1 S-723410 BCH and Reed-Solomon Codes 3 Background The algebraic structure of linear codes and, in particular, cyclic linear codes, enables efficient encoding and decoding
More informationMATH32031: Coding Theory Part 15: Summary
MATH32031: Coding Theory Part 15: Summary 1 The initial problem The main goal of coding theory is to develop techniques which permit the detection of errors in the transmission of information and, if necessary,
More informationAdaptive decoding for dense and sparse evaluation/interpolation codes
Adaptive decoding for dense and sparse evaluation/interpolation codes Clément PERNET INRIA/LIG-MOAIS, Grenoble Université joint work with M. Comer, E. Kaltofen, J-L. Roch, T. Roche Séminaire Calcul formel
More informationCS6304 / Analog and Digital Communication UNIT IV - SOURCE AND ERROR CONTROL CODING PART A 1. What is the use of error control coding? The main use of error control coding is to reduce the overall probability
More informationMATH3302 Coding Theory Problem Set The following ISBN was received with a smudge. What is the missing digit? x9139 9
Problem Set 1 These questions are based on the material in Section 1: Introduction to coding theory. You do not need to submit your answers to any of these questions. 1. The following ISBN was received
More informationCode-Based Cryptography Error-Correcting Codes and Cryptography
Code-Based Cryptography Error-Correcting Codes and Cryptography I. Márquez-Corbella 0 1. Error-Correcting Codes and Cryptography 1. Introduction I - Cryptography 2. Introduction II - Coding Theory 3. Encoding
More informationCode-based Cryptography
a Hands-On Introduction Daniel Loebenberger Ηράκλειο, September 27, 2018 Post-Quantum Cryptography Various flavours: Lattice-based cryptography Hash-based cryptography Code-based
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationCodes used in Cryptography
Prasad Krishnan Signal Processing and Communications Research Center, International Institute of Information Technology, Hyderabad March 29, 2016 Outline Coding Theory and Cryptography Linear Codes Codes
More informationError-correcting codes and applications
Error-correcting codes and applications November 20, 2017 Summary and notation Consider F q : a finite field (if q = 2, then F q are the binary numbers), V = V(F q,n): a vector space over F q of dimension
More informationReed-Solomon codes. Chapter Linear codes over finite fields
Chapter 8 Reed-Solomon codes In the previous chapter we discussed the properties of finite fields, and showed that there exists an essentially unique finite field F q with q = p m elements for any prime
More informationAn Introduction to (Network) Coding Theory
An Introduction to (Network) Coding Theory Anna-Lena Horlemann-Trautmann University of St. Gallen, Switzerland July 12th, 2018 1 Coding Theory Introduction Reed-Solomon codes 2 Introduction Coherent network
More informationPhysical Layer and Coding
Physical Layer and Coding Muriel Médard Professor EECS Overview A variety of physical media: copper, free space, optical fiber Unified way of addressing signals at the input and the output of these media:
More informationMcEliece type Cryptosystem based on Gabidulin Codes
McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Zürich ALCOMA, March 19, 2015 joint work with Kyle Marshall Outline Traditional McEliece Crypto System 1 Traditional
More informationWild McEliece Incognito
Wild McEliece Incognito Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Seminaire de Cryptographie Rennes April 1, 2011 Bad news Quantum computers
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationCoding Theory: Linear-Error Correcting Codes Anna Dovzhik Math 420: Advanced Linear Algebra Spring 2014
Anna Dovzhik 1 Coding Theory: Linear-Error Correcting Codes Anna Dovzhik Math 420: Advanced Linear Algebra Spring 2014 Sharing data across channels, such as satellite, television, or compact disc, often
More informationMATH 291T CODING THEORY
California State University, Fresno MATH 291T CODING THEORY Spring 2009 Instructor : Stefaan Delcroix Chapter 1 Introduction to Error-Correcting Codes It happens quite often that a message becomes corrupt
More informationCode-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June 4th 2013 Pierre-Louis CAYREL
More informationArrangements, matroids and codes
Arrangements, matroids and codes first lecture Ruud Pellikaan joint work with Relinde Jurrius ACAGM summer school Leuven Belgium, 18 July 2011 References 2/43 1. Codes, arrangements and matroids by Relinde
More informationAn Introduction to (Network) Coding Theory
An to (Network) Anna-Lena Horlemann-Trautmann University of St. Gallen, Switzerland April 24th, 2018 Outline 1 Reed-Solomon Codes 2 Network Gabidulin Codes 3 Summary and Outlook A little bit of history
More informationLecture 3: Error Correcting Codes
CS 880: Pseudorandomness and Derandomization 1/30/2013 Lecture 3: Error Correcting Codes Instructors: Holger Dell and Dieter van Melkebeek Scribe: Xi Wu In this lecture we review some background on error
More informationLecture Introduction. 2 Linear codes. CS CTT Current Topics in Theoretical CS Oct 4, 2012
CS 59000 CTT Current Topics in Theoretical CS Oct 4, 01 Lecturer: Elena Grigorescu Lecture 14 Scribe: Selvakumaran Vadivelmurugan 1 Introduction We introduced error-correcting codes and linear codes in
More informationSection 3 Error Correcting Codes (ECC): Fundamentals
Section 3 Error Correcting Codes (ECC): Fundamentals Communication systems and channel models Definition and examples of ECCs Distance For the contents relevant to distance, Lin & Xing s book, Chapter
More informationPost-quantum cryptography Why? Kristian Gjøsteen Department of Mathematical Sciences, NTNU Finse, May 2017
Post-quantum cryptography Why? Kristian Gjøsteen Department of Mathematical Sciences, NTNU Finse, May 2017 1 Background I will use: Linear algebra. Vectors x. Matrices A, matrix multiplication AB, xa,
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationCoding Theory and Applications. Linear Codes. Enes Pasalic University of Primorska Koper, 2013
Coding Theory and Applications Linear Codes Enes Pasalic University of Primorska Koper, 2013 2 Contents 1 Preface 5 2 Shannon theory and coding 7 3 Coding theory 31 4 Decoding of linear codes and MacWilliams
More informationThe Golay codes. Mario de Boer and Ruud Pellikaan
The Golay codes Mario de Boer and Ruud Pellikaan Appeared in Some tapas of computer algebra (A.M. Cohen, H. Cuypers and H. Sterk eds.), Project 7, The Golay codes, pp. 338-347, Springer, Berlin 1999, after
More information: Error Correcting Codes. October 2017 Lecture 1
03683072: Error Correcting Codes. October 2017 Lecture 1 First Definitions and Basic Codes Amnon Ta-Shma and Dean Doron 1 Error Correcting Codes Basics Definition 1. An (n, K, d) q code is a subset of
More informationMATH 291T CODING THEORY
California State University, Fresno MATH 291T CODING THEORY Fall 2011 Instructor : Stefaan Delcroix Contents 1 Introduction to Error-Correcting Codes 3 2 Basic Concepts and Properties 6 2.1 Definitions....................................
More informationAlgebraic Geometry Codes. Shelly Manber. Linear Codes. Algebraic Geometry Codes. Example: Hermitian. Shelly Manber. Codes. Decoding.
Linear December 2, 2011 References Linear Main Source: Stichtenoth, Henning. Function Fields and. Springer, 2009. Other Sources: Høholdt, Lint and Pellikaan. geometry codes. Handbook of Coding Theory,
More informationDecoding Reed-Muller codes over product sets
Rutgers University May 30, 2016 Overview Error-correcting codes 1 Error-correcting codes Motivation 2 Reed-Solomon codes Reed-Muller codes 3 Error-correcting codes Motivation Goal: Send a message Don t
More informationCapacity of a channel Shannon s second theorem. Information Theory 1/33
Capacity of a channel Shannon s second theorem Information Theory 1/33 Outline 1. Memoryless channels, examples ; 2. Capacity ; 3. Symmetric channels ; 4. Channel Coding ; 5. Shannon s second theorem,
More informationMATH3302. Coding and Cryptography. Coding Theory
MATH3302 Coding and Cryptography Coding Theory 2010 Contents 1 Introduction to coding theory 2 1.1 Introduction.......................................... 2 1.2 Basic definitions and assumptions..............................
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationKnow the meaning of the basic concepts: ring, field, characteristic of a ring, the ring of polynomials R[x].
The second exam will be on Friday, October 28, 2. It will cover Sections.7,.8, 3., 3.2, 3.4 (except 3.4.), 4. and 4.2 plus the handout on calculation of high powers of an integer modulo n via successive
More information16.36 Communication Systems Engineering
MIT OpenCourseWare http://ocw.mit.edu 16.36 Communication Systems Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. 16.36: Communication
More informationLecture 12. Block Diagram
Lecture 12 Goals Be able to encode using a linear block code Be able to decode a linear block code received over a binary symmetric channel or an additive white Gaussian channel XII-1 Block Diagram Data
More informationSolutions of Exam Coding Theory (2MMC30), 23 June (1.a) Consider the 4 4 matrices as words in F 16
Solutions of Exam Coding Theory (2MMC30), 23 June 2016 (1.a) Consider the 4 4 matrices as words in F 16 2, the binary vector space of dimension 16. C is the code of all binary 4 4 matrices such that the
More informationECEN 604: Channel Coding for Communications
ECEN 604: Channel Coding for Communications Lecture: Introduction to Cyclic Codes Henry D. Pfister Department of Electrical and Computer Engineering Texas A&M University ECEN 604: Channel Coding for Communications
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationLecture 12: November 6, 2017
Information and Coding Theory Autumn 017 Lecturer: Madhur Tulsiani Lecture 1: November 6, 017 Recall: We were looking at codes of the form C : F k p F n p, where p is prime, k is the message length, and
More informationCode Based Cryptography
Code Based Cryptography Alain Couvreur INRIA & LIX, École Polytechnique École de Printemps Post Scryptum 2018 A. Couvreur Code Based Crypto Post scryptum 2018 1 / 66 Outline 1 Introduction 2 A bit coding
More informationMATH/MTHE 406 Homework Assignment 2 due date: October 17, 2016
MATH/MTHE 406 Homework Assignment 2 due date: October 17, 2016 Notation: We will use the notations x 1 x 2 x n and also (x 1, x 2,, x n ) to denote a vector x F n where F is a finite field. 1. [20=6+5+9]
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationAn Enhanced (31,11,5) Binary BCH Encoder and Decoder for Data Transmission
An Enhanced (31,11,5) Binary BCH Encoder and Decoder for Data Transmission P.Mozhiarasi, C.Gayathri, V.Deepan Master of Engineering, VLSI design, Sri Eshwar College of Engineering, Coimbatore- 641 202,
More information4F5: Advanced Communications and Coding
4F5: Advanced Communications and Coding Coding Handout 4: Reed Solomon Codes Jossy Sayir Signal Processing and Communications Lab Department of Engineering University of Cambridge jossy.sayir@eng.cam.ac.uk
More informationCyclic Redundancy Check Codes
Cyclic Redundancy Check Codes Lectures No. 17 and 18 Dr. Aoife Moloney School of Electronics and Communications Dublin Institute of Technology Overview These lectures will look at the following: Cyclic
More informationLecture B04 : Linear codes and singleton bound
IITM-CS6845: Theory Toolkit February 1, 2012 Lecture B04 : Linear codes and singleton bound Lecturer: Jayalal Sarma Scribe: T Devanathan We start by proving a generalization of Hamming Bound, which we
More informationCryptographic applications of codes in rank metric
Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Université de Rennes Pierre.Loidreau@m4x.org June 16th, 2009 Introduction Rank metric and cryptography Gabidulin codes and linearized
More informationAlgebraic Codes for Error Control
little -at- mathcs -dot- holycross -dot- edu Department of Mathematics and Computer Science College of the Holy Cross SACNAS National Conference An Abstract Look at Algebra October 16, 2009 Outline Coding
More informationChapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding
Chapter 6 Reed-Solomon Codes 6. Finite Field Algebra 6. Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding 6. Finite Field Algebra Nonbinary codes: message and codeword symbols
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationError Detection & Correction
Error Detection & Correction Error detection & correction noisy channels techniques in networking error detection error detection capability retransmition error correction reconstruction checksums redundancy
More informationComputing over Z, Q, K[X]
Computing over Z, Q, K[X] Clément PERNET M2-MIA Calcul Exact Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to
More informationCodes over Subfields. Chapter Basics
Chapter 7 Codes over Subfields In Chapter 6 we looked at various general methods for constructing new codes from old codes. Here we concentrate on two more specialized techniques that result from writing
More informationLecture 14: Hamming and Hadamard Codes
CSCI-B69: A Theorist s Toolkit, Fall 6 Oct 6 Lecture 4: Hamming and Hadamard Codes Lecturer: Yuan Zhou Scribe: Kaiyuan Zhu Recap Recall from the last lecture that error-correcting codes are in fact injective
More informationA Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem
A Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem Daniel Augot and Matthieu Finiasz INRIA, Domaine de Voluceau F-78153 Le Chesnay CEDEX Abstract. The Polynomial Reconstruction
More informationEE512: Error Control Coding
EE51: Error Control Coding Solution for Assignment on BCH and RS Codes March, 007 1. To determine the dimension and generator polynomial of all narrow sense binary BCH codes of length n = 31, we have to
More informationCryptographic Engineering
Cryptographic Engineering Clément PERNET M2 Cyber Security, UFR-IM 2 AG, Univ. Grenoble-Alpes ENSIMAG, Grenoble INP Outline Unconditional security of symmetric cryptosystem Probabilities and information
More informationOptical Storage Technology. Error Correction
Optical Storage Technology Error Correction Introduction With analog audio, there is no opportunity for error correction. With digital audio, the nature of binary data lends itself to recovery in the event
More informationRoll No. :... Invigilator's Signature :.. CS/B.TECH(ECE)/SEM-7/EC-703/ CODING & INFORMATION THEORY. Time Allotted : 3 Hours Full Marks : 70
Name : Roll No. :.... Invigilator's Signature :.. CS/B.TECH(ECE)/SEM-7/EC-703/2011-12 2011 CODING & INFORMATION THEORY Time Allotted : 3 Hours Full Marks : 70 The figures in the margin indicate full marks
More informationHow SAGE helps to implement Goppa Codes and McEliece PKCSs
How SAGE helps to implement and s DSI GmbH Bremen Institute of Informatics & Automation, IIA Faculty EEE & CS, Hochschule Bremen University of Applied Sciences, risse@hs-bremen.de ICIT 11, May 11 th, 2011,
More informationIntroduction to Wireless & Mobile Systems. Chapter 4. Channel Coding and Error Control Cengage Learning Engineering. All Rights Reserved.
Introduction to Wireless & Mobile Systems Chapter 4 Channel Coding and Error Control 1 Outline Introduction Block Codes Cyclic Codes CRC (Cyclic Redundancy Check) Convolutional Codes Interleaving Information
More informationx n k m(x) ) Codewords can be characterized by (and errors detected by): c(x) mod g(x) = 0 c(x)h(x) = 0 mod (x n 1)
Cyclic codes: review EE 387, Notes 15, Handout #26 A cyclic code is a LBC such that every cyclic shift of a codeword is a codeword. A cyclic code has generator polynomial g(x) that is a divisor of every
More informationSome error-correcting codes and their applications
Chapter 14 Some error-correcting codes and their applications J. D. Key 1 14.1 Introduction In this chapter we describe three types of error-correcting linear codes that have been used in major applications,
More informationCoding Theory. Ruud Pellikaan MasterMath 2MMC30. Lecture 11.1 May
Coding Theory Ruud Pellikaan g.r.pellikaan@tue.nl MasterMath 2MMC30 /k Lecture 11.1 May 12-2016 Content lecture 11 2/31 In Lecture 8.2 we introduced the Key equation Now we introduce two algorithms which
More informationSigning with Codes. c Zuzana Masárová 2014
Signing with Codes by Zuzana Masárová A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master of Mathematics in Combinatorics and Optimization
More informationError Correcting Codes: Combinatorics, Algorithms and Applications Spring Homework Due Monday March 23, 2009 in class
Error Correcting Codes: Combinatorics, Algorithms and Applications Spring 2009 Homework Due Monday March 23, 2009 in class You can collaborate in groups of up to 3. However, the write-ups must be done
More informationOutline. EECS Components and Design Techniques for Digital Systems. Lec 18 Error Coding. In the real world. Our beautiful digital world.
Outline EECS 150 - Components and esign Techniques for igital Systems Lec 18 Error Coding Errors and error models Parity and Hamming Codes (SECE) Errors in Communications LFSRs Cyclic Redundancy Check
More informationAnd for polynomials with coefficients in F 2 = Z/2 Euclidean algorithm for gcd s Concept of equality mod M(x) Extended Euclid for inverses mod M(x)
Outline Recall: For integers Euclidean algorithm for finding gcd s Extended Euclid for finding multiplicative inverses Extended Euclid for computing Sun-Ze Test for primitive roots And for polynomials
More informationCoding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013
Coding Theory and Applications Solved Exercises and Problems of Cyclic Codes Enes Pasalic University of Primorska Koper, 2013 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a collection of solved
More information: Coding Theory. Notes by Assoc. Prof. Dr. Patanee Udomkavanich October 30, upattane
2301532 : Coding Theory Notes by Assoc. Prof. Dr. Patanee Udomkavanich October 30, 2006 http://pioneer.chula.ac.th/ upattane Chapter 1 Error detection, correction and decoding 1.1 Basic definitions and
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationBinary Linear Codes G = = [ I 3 B ] , G 4 = None of these matrices are in standard form. Note that the matrix 1 0 0
Coding Theory Massoud Malek Binary Linear Codes Generator and Parity-Check Matrices. A subset C of IK n is called a linear code, if C is a subspace of IK n (i.e., C is closed under addition). A linear
More informationShannon s noisy-channel theorem
Shannon s noisy-channel theorem Information theory Amon Elders Korteweg de Vries Institute for Mathematics University of Amsterdam. Tuesday, 26th of Januari Amon Elders (Korteweg de Vries Institute for
More informationChannel Coding I. Exercises SS 2017
Channel Coding I Exercises SS 2017 Lecturer: Dirk Wübben Tutor: Shayan Hassanpour NW1, Room N 2420, Tel.: 0421/218-62387 E-mail: {wuebben, hassanpour}@ant.uni-bremen.de Universität Bremen, FB1 Institut
More informationBerlekamp-Massey decoding of RS code
IERG60 Coding for Distributed Storage Systems Lecture - 05//06 Berlekamp-Massey decoding of RS code Lecturer: Kenneth Shum Scribe: Bowen Zhang Berlekamp-Massey algorithm We recall some notations from lecture
More informationCommunications II Lecture 9: Error Correction Coding. Professor Kin K. Leung EEE and Computing Departments Imperial College London Copyright reserved
Communications II Lecture 9: Error Correction Coding Professor Kin K. Leung EEE and Computing Departments Imperial College London Copyright reserved Outline Introduction Linear block codes Decoding Hamming
More informationInformation redundancy
Information redundancy Information redundancy add information to date to tolerate faults error detecting codes error correcting codes data applications communication memory p. 2 - Design of Fault Tolerant
More informationAn Overview to Code based Cryptography
Joachim Rosenthal University of Zürich HKU, August 24, 2016 Outline Basics on Public Key Crypto Systems 1 Basics on Public Key Crypto Systems 2 3 4 5 Where are Public Key Systems used: Public Key Crypto
More informationLecture 19 : Reed-Muller, Concatenation Codes & Decoding problem
IITM-CS6845: Theory Toolkit February 08, 2012 Lecture 19 : Reed-Muller, Concatenation Codes & Decoding problem Lecturer: Jayalal Sarma Scribe: Dinesh K Theme: Error correcting codes In the previous lecture,
More information3F1: Signals and Systems INFORMATION THEORY Examples Paper Solutions
Engineering Tripos Part IIA THIRD YEAR 3F: Signals and Systems INFORMATION THEORY Examples Paper Solutions. Let the joint probability mass function of two binary random variables X and Y be given in the
More informationOutline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials
Outline MSRI-UP 2009 Coding Theory Seminar, Week 2 John B. Little Department of Mathematics and Computer Science College of the Holy Cross Cyclic Codes Polynomial Algebra More on cyclic codes Finite fields
More informationCoset Decomposition Method for Decoding Linear Codes
International Journal of Algebra, Vol. 5, 2011, no. 28, 1395-1404 Coset Decomposition Method for Decoding Linear Codes Mohamed Sayed Faculty of Computer Studies Arab Open University P.O. Box: 830 Ardeya
More informationELEC-E7240 Coding Methods L (5 cr)
Introduction ELEC-E7240 Coding Methods L (5 cr) Patric Östergård Department of Communications and Networking Aalto University School of Electrical Engineering Spring 2017 Patric Östergård (Aalto) ELEC-E7240
More informationOn Syndrome Decoding of Chinese Remainder Codes
On Syndrome Decoding of Chinese Remainder Codes Wenhui Li Institute of, June 16, 2012 Thirteenth International Workshop on Algebraic and Combinatorial Coding Theory (ACCT 2012) Pomorie, Bulgaria Wenhui
More informationCyclic codes: overview
Cyclic codes: overview EE 387, Notes 14, Handout #22 A linear block code is cyclic if the cyclic shift of a codeword is a codeword. Cyclic codes have many advantages. Elegant algebraic descriptions: c(x)
More informationCoding problems for memory and storage applications
.. Coding problems for memory and storage applications Alexander Barg University of Maryland January 27, 2015 A. Barg (UMD) Coding for memory and storage January 27, 2015 1 / 73 Codes with locality Introduction:
More informationCyclic Codes. Saravanan Vijayakumaran August 26, Department of Electrical Engineering Indian Institute of Technology Bombay
1 / 25 Cyclic Codes Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2014 2 / 25 Cyclic Codes Definition A cyclic shift
More informationThe Method of Types and Its Application to Information Hiding
The Method of Types and Its Application to Information Hiding Pierre Moulin University of Illinois at Urbana-Champaign www.ifp.uiuc.edu/ moulin/talks/eusipco05-slides.pdf EUSIPCO Antalya, September 7,
More informationChannel Coding I. Exercises SS 2017
Channel Coding I Exercises SS 2017 Lecturer: Dirk Wübben Tutor: Shayan Hassanpour NW1, Room N 2420, Tel.: 0421/218-62387 E-mail: {wuebben, hassanpour}@ant.uni-bremen.de Universität Bremen, FB1 Institut
More informationWeek 3: January 22-26, 2018
EE564/CSE554: Error Correcting Codes Spring 2018 Lecturer: Viveck R. Cadambe Week 3: January 22-26, 2018 Scribe: Yu-Tse Lin Disclaimer: These notes have not been subjected to the usual scrutiny reserved
More information