Codes used in Cryptography
|
|
- Morris Miles Randall
- 6 years ago
- Views:
Transcription
1 Prasad Krishnan Signal Processing and Communications Research Center, International Institute of Information Technology, Hyderabad March 29, 2016
2 Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
3 Linear Codes Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
4 Linear Codes What is a code A code is a finite subset of some mathematical structure. Used to encode messages passing through a channel. The elements of the subset are picked in such a way as to ensure that errors occurring during transmission do not cause confusion during decoding. Encoding function of a code C E : Messages Codewords.
5 Linear Codes Linear Codes over F n q C is a linear code if E is linear in the message set. If E : F k q F n q, then we can represent E using a matrix G k n over F such that c = xg. G is called the generator matrix of C, which is a (n, k) code. The linear code is completely defined by its generator matrix G k n. Alternatively, one can used a parity check matrix H n k n to define the code, where H is any matrix such that GH T = 0. C = Span(G) = Null space(h).
6 Linear Codes Linear Codes over F n q Received vector is r = c + e e = (e 0, e 1,..., e n 1 ) captures the error occuring in the n coordinates. Minimum distance: d = min c C (w H (c)). Singleton bound: d n k + 1. Theorem (Error correction) A linear code C with minimum distance 2t + 1 can correct any t errors. Theorem (Independence of the H matrix) A linear code C has minimum distance d if and only if any set of d 1 columns of H are linearly independent.
7 Linear Codes Linear Codes over F n q - Syndrome Decoding Received vector r = c + e F n q. Compute s = rh T = ch T + eh T = xgh T + eh T = eh T F n k q. 2t + 1 d n k + 1. Corresponding to any error vector of weight upto t there is an unique syndrome. Syndrome decoding for errors of weight upto t. 1. Find the syndrome s 2. Find e corresponding to s (here code structure helps build efficient algorithms). 3. Find c = r e. Map it back to x.
8 Codes and Cryptography Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
9 Codes and Cryptography Linear Codes over F n q - Connection to Crytography Public Key Cryptography: Want to convey a message secretly (make it easy for the intended receiver, but hard for everyone else). Encoding key is public, but decoding key is ideally known to receiver alone. {E e : Plaintext Ciphertext e KeySpace}. (1) {D d : Plaintext Ciphertext d KeySpace}. (2) Given a (e, d) pair (e and d are mathematically related) 1. D d (E e (p)) = p p Plaintext. 2. Knowing e it is hard to get d.
10 Codes and Cryptography McEliece Cryptosystem - Code-based Crypto System Example Want to transmit x F k q secretly. Choose A code C (i.e., an appropriate Gk n ) that can correct t errors, and has an efficient decoding algorithm = O(nt). An invertible matrix Sk k A permutation matrix P n n McEliece Scheme Public Key: G = SGP (generates code having same distance properties as C, but does not have an efficient decoding algorithm). Send xg + e, for some random t vector e with w H (e) = t. Private Key: (S, P, Efficient decoding algorithm for code G)
11 Codes and Cryptography McEliece Cryptosystem - Code-based Crypto Example Receiver and wiretapper both see r = xg + e. Receiver knows S, P and the efficient decoding algorithm for G. Thus it does the following. Note that e and e have weight t. rp 1 = xsgpp 1 + ep 1 (3) = xsg + e, (4) From the above equation, receiver can decode for x = xs by the efficient algorithm. Finally get x = x S 1. Wiretapper sees a random code, G, in the sense that there is no efficient algorithm to get x (the bruteforce method is exponential in n k).
12 Codes and Cryptography McEliece Cryptosystem - Code-based Crypto Example McEliece chose the class of binary Goppa codes for his scheme, because Fast algorithms are available for codes with large k, n (required further for making the algorithm secure). McEliece gives an example of n = 1024, k = 524 with t = 50. Large number of Goppa codes exist so wiretapper finds it hard to find G. Unbroken, unlike other codes proposed like Reed Solomon, etc. (till 2008 :(, but suggested increase in size of parameters). Rest of this talk : Focus on understanding construction and decoding of Goppa Codes (well, kind of)
13 Codes and Cryptography Why Kind of?
14 Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
15 Cyclic Codes Denote a codeword (c 0, c 1,..., c n 1 ) as a polynomial in X, c(x ) = c 0 + c 1 X + c 2 X c n 1 X n 1. A cyclic code is a linear code where if c(x ) is a codeword, then Xc(X )mod(x n 1), i.e., (c 0, c 1, c 2,..., c n 1 ) C (c n 1, c 0, c 1,..., c n 2 ) C. For any (n, k) cyclic code C, we can identify one (n k) degree polynomial g(x ), such that any C = {m(x )g(x ) : m(x ) F q [X ], deg(m(x )) k 1}which is known as the generator polynomial of C. Generator polynomial of n-length cyclic codes divide x n 1.
16 Bose-Chaudhari-Hocquenghem codes Let α be the n th root of unity in F q m for a given m. A (narrow-sense) BCH code with design distance 2t + 1 and length n over F q has generator polynomial g BCH (X ) = LCM(minpoly q (α)minpoly q (α 2 )..minpoly q (α 2t )), where minpoly q (α i ) is the minimum degree polynomial with coefficients from F q with α i as a root.
17 Parity Check matrix Thus, any for any codeword c(x ), (c(α), c(α 2 ),..., c(α 2t )) = 0. In other words, the parity check matrix 1 α α 2... α n 1 1 α 2 α 4... α 2 n 1 H BCH = α 2t α 4t... α 2t(n 1) BCH q (n, 2t) = NullSpace(H BCH ) in F n q. Any set of 2t columns from H BCH is linearly independent over F q. Therefore BCH code with design distance 2t + 1 can correct any t errors.
18 Decoding Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
19 Decoding Decoding r(x ) = c(x ) + e(x ), w H (e) t. Idea: find syndrome, find error, find information symbols. For any α i, i = 1, 2,.., 2t we have n 1 r(α i ) = c(α i ) + e(α i ) = e(α i ) = e j (α i ) j Suppose e has errors in ν locations for some ν t. Let those locations be j 1, j 2,..., j ν. Then, j=0 r(α i ) = ν e jl (α i ) j l, i = 1, 2,.., 2t. l=1
20 Decoding Decoding Let X l = α j l and S i = r(α i ). Therefore we have the set of equations S 1 = e j1 X 1 + e j2 X e jν X ν (5) S 2 = e j1 X e j2 X e jν X 2 ν (6)... (7) S 2t = e j1 X 2t 1 + e j2 X 2t e jν X 2t ν, (8) Note that X l = α j l indicates the location of the l th error (i.e, j l ) while e jl is the error value at that position. We want to get both X l s and the e jl s in that order. Direct solving for X l s involve nonlinear equations. So we use another trick.
21 Decoding Decoding Error Locator Polynomial: A polynomial whose roots are X 1 l, l = 1,.., ν. Λ(x) = Π ν i=1(1 X l x) = 1 + Λ 1 x + Λ 2 x Λ ν x ν. If we have the coefficients Λ i s, then getting the roots of Λ(x) is equivalent to finding error locations (can be done by evaluations of Λ(x)). If we have the error locations, we can use the equations in the previous slide to get the error values. Coefficients Λ i s and the syndromes are related by Newton s identities.
22 Decoding Decoding Newton s identities: S 1 S 2... S ν S 2 S 3... S ν S ν S ν+1... S 2ν 1 Λ ν Λ ν 1. Λ 1 = S ν+1 S ν+2. S 2ν Above equation is well defined for ν t. Set ν = t. Form M ν (the matrix above) and find det(m ν ). If det(m ν ) = 0 then set ν ν 1 and repeat the previous step. If M ν is invertible, solve for coefficients Λ i, i = 1, 2,.., ν. Finally solve for the error values.
23 Reed Solomon and Generalised Reed Solomon Codes Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
24 Reed Solomon and Generalised Reed Solomon Codes Generalised Reed Solomon Codes RS Code is a BCH Code with n = q m 1 over F q m. Thus, g RS (X ) = (X α)(x α 2 )...(X α 2t ) Another way to encode RS code: For any m(x ) (upto degree k 1), the codeword is (m(1), m(α),..., m(α n 1 )) (min distance d = n k + 1). GRS Codes (also have max distance d = n k + 1) v = (v 1, v 2,..., v n ) : non-zero elements in F q m β = (β 1, β 2,..., β n ): distinct elements in F q m. The GRS(β, v,) is the set of all vectors of the form (v 1 m(β 1 ), v 2 m(β 2 ),..., v n m(β n )), where m(x ) is any polynomial of degree k 1.
25 Reed Solomon and Generalised Reed Solomon Codes Generalised RS Codes The H matrix GRS Code takes the form, β 1 β 2... β n H GRS = β1 2 β βn β1 n k 1 β2 n k 1... βn n k 1 = XY, y 1... y y n (9) (10) where y = (y 1,..., y n ) is some vector (with non-zero y i s) such that H GRS is an appropriate H matrix to GRS(β, v). GRS(β, v) = NullSpace(H GRS ) in F q m.
26 Alternant Codes Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
27 Alternant Codes Alternant Codes Long BCH codes are not good (rate(k/n) and error correction (d/n)don t keep growing together). Rectified by Alternant codes. Subcodes of GRS codes. Alternant Code For β consisting of n distinct values from F q m, and y being non-zero values from F q m, A(β, y) = NullSpace(H GRS ) in F q.
28 Goppa Codes Outline Coding Theory and Cryptography Linear Codes Codes and Cryptography Decoding Variants of BCH codes Reed Solomon and Generalised Reed Solomon Codes Alternant Codes Goppa Codes
29 Goppa Codes Goppa Codes Let G(z) be a polynomial with coefficients from F q m. Let β = {β 1, β 2,..., β n } be n elements such that G(β i ) 0, i = 1, 2,..., n. For a vector a = (a 1,..., a n ) F n q, we define associate the rational function R a (z) = n i=1 a i z β i. 1 Note that has an polynomial inverse in Fq[z] z β i (G(z)). Goppa Code (β, G(z)) is defined as { a F n q R a (z) 0(modG(z)) }.
30 Goppa Codes Goppa Codes as Alternant Codes G(z) a polynomial with coefficients from F q m. β = {β 1, β 2,..., β n } are n elements such that G(β i ) 0, i = 1, 2,..., n. Let y = (G(β 1 ) 1, G(β 2 ) 1,..., G(β n ) 1 ). Goppa Code Goppa Code (β, G(z)) = A(β, y). If β is set of all non-zeros of G(z) then the Goppa code is completely determined by G(z). Has an optimised decoding algorithm because of its further structure.
Code-Based Cryptography Error-Correcting Codes and Cryptography
Code-Based Cryptography Error-Correcting Codes and Cryptography I. Márquez-Corbella 0 1. Error-Correcting Codes and Cryptography 1. Introduction I - Cryptography 2. Introduction II - Coding Theory 3. Encoding
More informationList decoding of binary Goppa codes and key reduction for McEliece s cryptosystem
List decoding of binary Goppa codes and key reduction for McEliece s cryptosystem Morgan Barbier morgan.barbier@lix.polytechnique.fr École Polytechnique INRIA Saclay - Île de France 14 April 2011 University
More information5.0 BCH and Reed-Solomon Codes 5.1 Introduction
5.0 BCH and Reed-Solomon Codes 5.1 Introduction A. Hocquenghem (1959), Codes correcteur d erreurs; Bose and Ray-Chaudhuri (1960), Error Correcting Binary Group Codes; First general family of algebraic
More informationEE512: Error Control Coding
EE51: Error Control Coding Solution for Assignment on BCH and RS Codes March, 007 1. To determine the dimension and generator polynomial of all narrow sense binary BCH codes of length n = 31, we have to
More informationChannel Coding for Secure Transmissions
Channel Coding for Secure Transmissions March 27, 2017 1 / 51 McEliece Cryptosystem Coding Approach: Noiseless Main Channel Coding Approach: Noisy Main Channel 2 / 51 Outline We present an overiew of linear
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationELEC3227/4247 Mid term Quiz2 Solution with explanation
ELEC7/447 Mid term Quiz Solution with explanation Ang Man Shun Department of Electrical and Electronic Engineering, University of Hong Kong Document creation date : 015 1 05 This document explain the solution
More informationCode-based Cryptography
a Hands-On Introduction Daniel Loebenberger Ηράκλειο, September 27, 2018 Post-Quantum Cryptography Various flavours: Lattice-based cryptography Hash-based cryptography Code-based
More informationErrors, Eavesdroppers, and Enormous Matrices
Errors, Eavesdroppers, and Enormous Matrices Jessalyn Bolkema September 1, 2016 University of Nebraska - Lincoln Keep it secret, keep it safe Public Key Cryptography The idea: We want a one-way lock so,
More informationError Correction Review
Error Correction Review A single overall parity-check equation detects single errors. Hamming codes used m equations to correct one error in 2 m 1 bits. We can use nonbinary equations if we create symbols
More informationThe BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes
S-723410 BCH and Reed-Solomon Codes 1 S-723410 BCH and Reed-Solomon Codes 3 Background The algebraic structure of linear codes and, in particular, cyclic linear codes, enables efficient encoding and decoding
More informationError-correcting Pairs for a Public-key Cryptosystem
Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Márquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 Introduction and
More informationECEN 604: Channel Coding for Communications
ECEN 604: Channel Coding for Communications Lecture: Introduction to Cyclic Codes Henry D. Pfister Department of Electrical and Computer Engineering Texas A&M University ECEN 604: Channel Coding for Communications
More information} has dimension = k rank A > 0 over F. For any vector b!
FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class
More information1 Vandermonde matrices
ECE 771 Lecture 6 BCH and RS codes: Designer cyclic codes Objective: We will begin with a result from linear algebra regarding Vandermonde matrices This result is used to prove the BCH distance properties,
More informationHexi McEliece Public Key Cryptosystem
Appl Math Inf Sci 8, No 5, 2595-2603 (2014) 2595 Applied Mathematics & Information Sciences An International Journal http://dxdoiorg/1012785/amis/080559 Hexi McEliece Public Key Cryptosystem K Ilanthenral
More informationMATH32031: Coding Theory Part 15: Summary
MATH32031: Coding Theory Part 15: Summary 1 The initial problem The main goal of coding theory is to develop techniques which permit the detection of errors in the transmission of information and, if necessary,
More informationCyclic Redundancy Check Codes
Cyclic Redundancy Check Codes Lectures No. 17 and 18 Dr. Aoife Moloney School of Electronics and Communications Dublin Institute of Technology Overview These lectures will look at the following: Cyclic
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationChapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding
Chapter 6 Reed-Solomon Codes 6. Finite Field Algebra 6. Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding 6. Finite Field Algebra Nonbinary codes: message and codeword symbols
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationAn Enhanced (31,11,5) Binary BCH Encoder and Decoder for Data Transmission
An Enhanced (31,11,5) Binary BCH Encoder and Decoder for Data Transmission P.Mozhiarasi, C.Gayathri, V.Deepan Master of Engineering, VLSI design, Sri Eshwar College of Engineering, Coimbatore- 641 202,
More informationCoding Theory: Linear-Error Correcting Codes Anna Dovzhik Math 420: Advanced Linear Algebra Spring 2014
Anna Dovzhik 1 Coding Theory: Linear-Error Correcting Codes Anna Dovzhik Math 420: Advanced Linear Algebra Spring 2014 Sharing data across channels, such as satellite, television, or compact disc, often
More informationError-correcting codes and applications
Error-correcting codes and applications November 20, 2017 Summary and notation Consider F q : a finite field (if q = 2, then F q are the binary numbers), V = V(F q,n): a vector space over F q of dimension
More informationMcEliece type Cryptosystem based on Gabidulin Codes
McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Zürich ALCOMA, March 19, 2015 joint work with Kyle Marshall Outline Traditional McEliece Crypto System 1 Traditional
More informationCoding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013
Coding Theory and Applications Solved Exercises and Problems of Cyclic Codes Enes Pasalic University of Primorska Koper, 2013 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a collection of solved
More informationCryptographic Engineering
Cryptographic Engineering Clément PERNET M2 Cyber Security, UFR-IM 2 AG, Univ. Grenoble-Alpes ENSIMAG, Grenoble INP Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece
More informationx n k m(x) ) Codewords can be characterized by (and errors detected by): c(x) mod g(x) = 0 c(x)h(x) = 0 mod (x n 1)
Cyclic codes: review EE 387, Notes 15, Handout #26 A cyclic code is a LBC such that every cyclic shift of a codeword is a codeword. A cyclic code has generator polynomial g(x) that is a divisor of every
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationSolutions of Exam Coding Theory (2MMC30), 23 June (1.a) Consider the 4 4 matrices as words in F 16
Solutions of Exam Coding Theory (2MMC30), 23 June 2016 (1.a) Consider the 4 4 matrices as words in F 16 2, the binary vector space of dimension 16. C is the code of all binary 4 4 matrices such that the
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationMath 512 Syllabus Spring 2017, LIU Post
Week Class Date Material Math 512 Syllabus Spring 2017, LIU Post 1 1/23 ISBN, error-detecting codes HW: Exercises 1.1, 1.3, 1.5, 1.8, 1.14, 1.15 If x, y satisfy ISBN-10 check, then so does x + y. 2 1/30
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationBinary Primitive BCH Codes. Decoding of the BCH Codes. Implementation of Galois Field Arithmetic. Implementation of Error Correction
BCH Codes Outline Binary Primitive BCH Codes Decoding of the BCH Codes Implementation of Galois Field Arithmetic Implementation of Error Correction Nonbinary BCH Codes and Reed-Solomon Codes Preface The
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationCode Based Cryptography
Code Based Cryptography Alain Couvreur INRIA & LIX, École Polytechnique École de Printemps Post Scryptum 2018 A. Couvreur Code Based Crypto Post scryptum 2018 1 / 66 Outline 1 Introduction 2 A bit coding
More informationFault Tolerant Computing CS 530 Information redundancy: Coding theory. Yashwant K. Malaiya Colorado State University
CS 530 Information redundancy: Coding theory Yashwant K. Malaiya Colorado State University March 30, 2017 1 Information redundancy: Outline Using a parity bit Codes & code words Hamming distance Error
More informationThe Golay codes. Mario de Boer and Ruud Pellikaan
The Golay codes Mario de Boer and Ruud Pellikaan Appeared in Some tapas of computer algebra (A.M. Cohen, H. Cuypers and H. Sterk eds.), Project 7, The Golay codes, pp. 338-347, Springer, Berlin 1999, after
More informationFault Tolerance & Reliability CDA Chapter 2 Cyclic Polynomial Codes
Fault Tolerance & Reliability CDA 5140 Chapter 2 Cyclic Polynomial Codes - cylic code: special type of parity check code such that every cyclic shift of codeword is a codeword - for example, if (c n-1,
More informationMATH 291T CODING THEORY
California State University, Fresno MATH 291T CODING THEORY Fall 2011 Instructor : Stefaan Delcroix Contents 1 Introduction to Error-Correcting Codes 3 2 Basic Concepts and Properties 6 2.1 Definitions....................................
More informationStrengthening McEliece Cryptosystem
Strengthening McEliece Cryptosystem Pierre Loidreau Project CODES, INRIA Rocquencourt Research Unit - B.P. 105-78153 Le Chesnay Cedex France Pierre.Loidreau@inria.fr Abstract. McEliece cryptosystem is
More informationLecture 19 : Reed-Muller, Concatenation Codes & Decoding problem
IITM-CS6845: Theory Toolkit February 08, 2012 Lecture 19 : Reed-Muller, Concatenation Codes & Decoding problem Lecturer: Jayalal Sarma Scribe: Dinesh K Theme: Error correcting codes In the previous lecture,
More informationPAPER A Low-Complexity Step-by-Step Decoding Algorithm for Binary BCH Codes
359 PAPER A Low-Complexity Step-by-Step Decoding Algorithm for Binary BCH Codes Ching-Lung CHR a),szu-linsu, Members, and Shao-Wei WU, Nonmember SUMMARY A low-complexity step-by-step decoding algorithm
More informationList Decoding of Binary Goppa Codes up to the Binary Johnson Bound
List Decoding of Binary Goppa Codes up to the Binary Johnson Bound Daniel Augot Morgan Barbier Alain Couvreur École Polytechnique INRIA Saclay - Île de France ITW 2011 - Paraty Augot - Barbier - Couvreur
More informationChapter 6. BCH Codes
Chapter 6 BCH Codes Description of the Codes Decoding of the BCH Codes Outline Implementation of Galois Field Arithmetic Implementation of Error Correction Nonbinary BCH Codes and Reed-Solomon Codes Weight
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven ASCrypto Summer School: 18 September 2017 Error correction
More informationInformation Leakage of Correlated Source Coded Sequences over a Channel with an Eavesdropper
Information Leakage of Correlated Source Coded Sequences over a Channel with an Eavesdropper Reevana Balmahoon and Ling Cheng School of Electrical and Information Engineering University of the Witwatersrand
More informationCyclic codes. Vahid Meghdadi Reference: Error Correction Coding by Todd K. Moon. February 2008
Cyclic codes Vahid Meghdadi Reference: Error Correction Coding by Todd K. Moon February 2008 1 Definitions Definition 1. A ring < R, +,. > is a set R with two binary operation + (addition) and. (multiplication)
More informationError Correcting Codes: Combinatorics, Algorithms and Applications Spring Homework Due Monday March 23, 2009 in class
Error Correcting Codes: Combinatorics, Algorithms and Applications Spring 2009 Homework Due Monday March 23, 2009 in class You can collaborate in groups of up to 3. However, the write-ups must be done
More informationSolutions or answers to Final exam in Error Control Coding, October 24, G eqv = ( 1+D, 1+D + D 2)
Solutions or answers to Final exam in Error Control Coding, October, Solution to Problem a) G(D) = ( +D, +D + D ) b) The rate R =/ and ν i = ν = m =. c) Yes, since gcd ( +D, +D + D ) =+D + D D j. d) An
More informationChapter 6 Lagrange Codes
Chapter 6 Lagrange Codes 6. Introduction Joseph Louis Lagrange was a famous eighteenth century Italian mathematician [] credited with minimum degree polynomial interpolation amongst his many other achievements.
More informationCyclic codes: overview
Cyclic codes: overview EE 387, Notes 14, Handout #22 A linear block code is cyclic if the cyclic shift of a codeword is a codeword. Cyclic codes have many advantages. Elegant algebraic descriptions: c(x)
More informationOpen problems on cyclic codes
Open problems on cyclic codes Pascale Charpin Contents 1 Introduction 3 2 Different kinds of cyclic codes. 4 2.1 Notation.............................. 5 2.2 Definitions............................. 6
More informationMATH3302 Coding Theory Problem Set The following ISBN was received with a smudge. What is the missing digit? x9139 9
Problem Set 1 These questions are based on the material in Section 1: Introduction to coding theory. You do not need to submit your answers to any of these questions. 1. The following ISBN was received
More informationInformation redundancy
Information redundancy Information redundancy add information to date to tolerate faults error detecting codes error correcting codes data applications communication memory p. 2 - Design of Fault Tolerant
More informationCoset Decomposition Method for Decoding Linear Codes
International Journal of Algebra, Vol. 5, 2011, no. 28, 1395-1404 Coset Decomposition Method for Decoding Linear Codes Mohamed Sayed Faculty of Computer Studies Arab Open University P.O. Box: 830 Ardeya
More informationDecoding Procedure for BCH, Alternant and Goppa Codes defined over Semigroup Ring
Decoding Procedure for BCH, Alternant and Goppa Codes defined over Semigroup Ring Antonio Aparecido de Andrade Department of Mathematics, IBILCE, UNESP, 15054-000, São José do Rio Preto, SP, Brazil E-mail:
More informationFPGA-based Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1. Yale University, USA 2. Fraunhofer Institute SIT, Germany April 9, 2018 PQCrypto 2018
More informationError Correction and Trellis Coding
Advanced Signal Processing Winter Term 2001/2002 Digital Subscriber Lines (xdsl): Broadband Communication over Twisted Wire Pairs Error Correction and Trellis Coding Thomas Brandtner brandt@sbox.tugraz.at
More informationA Fuzzy Sketch with Trapdoor
A Fuzzy Sketch with Trapdoor Julien Bringer 1, Hervé Chabanne 1, Quoc Dung Do 2 1 SAGEM Défense Sécurité, 2 Ecole Polytechnique, ENST Paris. Abstract In 1999, Juels and Wattenberg introduce an effective
More informationAn Introduction to (Network) Coding Theory
An to (Network) Anna-Lena Horlemann-Trautmann University of St. Gallen, Switzerland April 24th, 2018 Outline 1 Reed-Solomon Codes 2 Network Gabidulin Codes 3 Summary and Outlook A little bit of history
More informationChapter 9: BCH, Reed-Solomon, and Related Codes
Chapter 9: BCH, Reed-Solomon, and Related Codes Draft of February 23, 2001 9.1 Introduction. In Chapter 7 we gave one useful generalization of the (7, 4) Hamming code of the Introduction: the family of
More informationReed-Solomon codes. Chapter Linear codes over finite fields
Chapter 8 Reed-Solomon codes In the previous chapter we discussed the properties of finite fields, and showed that there exists an essentially unique finite field F q with q = p m elements for any prime
More informationREED-SOLOMON CODE SYMBOL AVOIDANCE
Vol105(1) March 2014 SOUTH AFRICAN INSTITUTE OF ELECTRICAL ENGINEERS 13 REED-SOLOMON CODE SYMBOL AVOIDANCE T Shongwe and A J Han Vinck Department of Electrical and Electronic Engineering Science, University
More informationAn Overview to Code based Cryptography
Joachim Rosenthal University of Zürich HKU, August 24, 2016 Outline Basics on Public Key Crypto Systems 1 Basics on Public Key Crypto Systems 2 3 4 5 Where are Public Key Systems used: Public Key Crypto
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationCS6304 / Analog and Digital Communication UNIT IV - SOURCE AND ERROR CONTROL CODING PART A 1. What is the use of error control coding? The main use of error control coding is to reduce the overall probability
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationCompact McEliece keys based on Quasi-Dyadic Srivastava codes
Compact McEliece keys based on Quasi-Dyadic Srivastava codes Edoardo Persichetti Department of Mathematics, University of Auckland, New Zealand epersichetti@mathaucklandacnz Abstract The McEliece cryptosystem
More informationNew algebraic decoding method for the (41, 21,9) quadratic residue code
New algebraic decoding method for the (41, 21,9) quadratic residue code Mohammed M. Al-Ashker a, Ramez Al.Shorbassi b a Department of Mathematics Islamic University of Gaza, Palestine b Ministry of education,
More informationMATH Examination for the Module MATH-3152 (May 2009) Coding Theory. Time allowed: 2 hours. S = q
MATH-315201 This question paper consists of 6 printed pages, each of which is identified by the reference MATH-3152 Only approved basic scientific calculators may be used. c UNIVERSITY OF LEEDS Examination
More informationAn Introduction to (Network) Coding Theory
An Introduction to (Network) Coding Theory Anna-Lena Horlemann-Trautmann University of St. Gallen, Switzerland July 12th, 2018 1 Coding Theory Introduction Reed-Solomon codes 2 Introduction Coherent network
More informationRoll No. :... Invigilator's Signature :.. CS/B.TECH(ECE)/SEM-7/EC-703/ CODING & INFORMATION THEORY. Time Allotted : 3 Hours Full Marks : 70
Name : Roll No. :.... Invigilator's Signature :.. CS/B.TECH(ECE)/SEM-7/EC-703/2011-12 2011 CODING & INFORMATION THEORY Time Allotted : 3 Hours Full Marks : 70 The figures in the margin indicate full marks
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationEE 229B ERROR CONTROL CODING Spring 2005
EE 229B ERROR CONTROL CODING Spring 2005 Solutions for Homework 1 1. Is there room? Prove or disprove : There is a (12,7) binary linear code with d min = 5. If there were a (12,7) binary linear code with
More informationA 2-error Correcting Code
A 2-error Correcting Code Basic Idea We will now try to generalize the idea used in Hamming decoding to obtain a linear code that is 2-error correcting. In the Hamming decoding scheme, the parity check
More informationImplementation of Galois Field Arithmetic. Nonbinary BCH Codes and Reed-Solomon Codes
BCH Codes Wireless Information Transmission System Lab Institute of Communications Engineering g National Sun Yat-sen University Outline Binary Primitive BCH Codes Decoding of the BCH Codes Implementation
More informationInformation Theory. Lecture 7
Information Theory Lecture 7 Finite fields continued: R3 and R7 the field GF(p m ),... Cyclic Codes Intro. to cyclic codes: R8.1 3 Mikael Skoglund, Information Theory 1/17 The Field GF(p m ) π(x) irreducible
More informationObjective: To become acquainted with the basic concepts of cyclic codes and some aspects of encoder implementations for them.
ECE 7670 Lecture 5 Cyclic codes Objective: To become acquainted with the basic concepts of cyclic codes and some aspects of encoder implementations for them. Reading: Chapter 5. 1 Cyclic codes Definition
More informationELG 5372 Error Control Coding. Lecture 12: Ideals in Rings and Algebraic Description of Cyclic Codes
ELG 5372 Error Control Coding Lecture 12: Ideals in Rings and Algebraic Description of Cyclic Codes Quotient Ring Example + Quotient Ring Example Quotient Ring Recall the quotient ring R={,,, }, where
More informationSigning with Codes. c Zuzana Masárová 2014
Signing with Codes by Zuzana Masárová A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master of Mathematics in Combinatorics and Optimization
More informationNew Algebraic Decoding of (17,9,5) Quadratic Residue Code by using Inverse Free Berlekamp-Massey Algorithm (IFBM)
International Journal of Computational Intelligence Research (IJCIR). ISSN: 097-87 Volume, Number 8 (207), pp. 205 2027 Research India Publications http://www.ripublication.com/ijcir.htm New Algebraic
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationGenerator Matrix. Theorem 6: If the generator polynomial g(x) of C has degree n-k then C is an [n,k]-cyclic code. If g(x) = a 0. a 1 a n k 1.
Cyclic Codes II Generator Matrix We would now like to consider how the ideas we have previously discussed for linear codes are interpreted in this polynomial version of cyclic codes. Theorem 6: If the
More informationNotes on Alekhnovich s cryptosystems
Notes on Alekhnovich s cryptosystems Gilles Zémor November 2016 Decisional Decoding Hypothesis with parameter t. Let 0 < R 1 < R 2 < 1. There is no polynomial-time decoding algorithm A such that: Given
More informationAttacks in code based cryptography: a survey, new results and open problems
Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria, team-project SECRET April 9, 2018 1. Code based cryptography introduction Difficult problem in coding theory
More informationA Brief Encounter with Linear Codes
Boise State University ScholarWorks Mathematics Undergraduate Theses Department of Mathematics 8-2014 A Brief Encounter with Linear Codes Brent El-Bakri Boise State University, brentelbakri@boisestate.edu
More informationBerlekamp-Massey decoding of RS code
IERG60 Coding for Distributed Storage Systems Lecture - 05//06 Berlekamp-Massey decoding of RS code Lecturer: Kenneth Shum Scribe: Bowen Zhang Berlekamp-Massey algorithm We recall some notations from lecture
More informationSection 3 Error Correcting Codes (ECC): Fundamentals
Section 3 Error Correcting Codes (ECC): Fundamentals Communication systems and channel models Definition and examples of ECCs Distance For the contents relevant to distance, Lin & Xing s book, Chapter
More informationPart III. Cyclic codes
Part III Cyclic codes CHAPTER 3: CYCLIC CODES, CHANNEL CODING, LIST DECODING Cyclic codes are very special linear codes. They are of large interest and importance for several reasons: They posses a rich
More informationLecture Introduction. 2 Linear codes. CS CTT Current Topics in Theoretical CS Oct 4, 2012
CS 59000 CTT Current Topics in Theoretical CS Oct 4, 01 Lecturer: Elena Grigorescu Lecture 14 Scribe: Selvakumaran Vadivelmurugan 1 Introduction We introduced error-correcting codes and linear codes in
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationCOMPSCI 650 Applied Information Theory Apr 5, Lecture 18. Instructor: Arya Mazumdar Scribe: Hamed Zamani, Hadi Zolfaghari, Fatemeh Rezaei
COMPSCI 650 Applied Information Theory Apr 5, 2016 Lecture 18 Instructor: Arya Mazumdar Scribe: Hamed Zamani, Hadi Zolfaghari, Fatemeh Rezaei 1 Correcting Errors in Linear Codes Suppose someone is to send
More informationMATH 291T CODING THEORY
California State University, Fresno MATH 291T CODING THEORY Spring 2009 Instructor : Stefaan Delcroix Chapter 1 Introduction to Error-Correcting Codes It happens quite often that a message becomes corrupt
More informationError-Correcting Codes
Error-Correcting Codes HMC Algebraic Geometry Final Project Dmitri Skjorshammer December 14, 2010 1 Introduction Transmission of information takes place over noisy signals. This is the case in satellite
More informationThe number of message symbols encoded into a
L.R.Welch THE ORIGINAL VIEW OF REED-SOLOMON CODES THE ORIGINAL VIEW [Polynomial Codes over Certain Finite Fields, I.S.Reed and G. Solomon, Journal of SIAM, June 1960] Parameters: Let GF(2 n ) be the eld
More informationLecture B04 : Linear codes and singleton bound
IITM-CS6845: Theory Toolkit February 1, 2012 Lecture B04 : Linear codes and singleton bound Lecturer: Jayalal Sarma Scribe: T Devanathan We start by proving a generalization of Hamming Bound, which we
More informationLecture 12: November 6, 2017
Information and Coding Theory Autumn 017 Lecturer: Madhur Tulsiani Lecture 1: November 6, 017 Recall: We were looking at codes of the form C : F k p F n p, where p is prime, k is the message length, and
More information3. Coding theory 3.1. Basic concepts
3. CODING THEORY 1 3. Coding theory 3.1. Basic concepts In this chapter we will discuss briefly some aspects of error correcting codes. The main problem is that if information is sent via a noisy channel,
More information