Secure Key Encapsulation Mechanism with Compact Ciphertext and Public Key from Generalized Srivastava code

Code-based public key cryptosystems have been found to be an interesting option in the area of Post-Quantum Cryptography. In this work, we present a key encapsulation mechanism (KEM) using a parity check matrix of the Generalized Srivastava code as the public key matrix. Generalized Srivastava codes are privileged with the decoding technique of Alternant codes as they belong to the family of Alternant codes. We exploit the dyadic structure of the parity check matrix to reduce the storage of the public key. Our encapsulation leads to a shorter ciphertext as compared to DAGS proposed by Banegas et al. in Journal of Mathematical Cryptology which also uses Generalized Srivastava code. Our KEM provides IND-CCA security in the random oracle model. Also, our scheme can be shown to achieve post-quantum security in the quantum random oracle model

Algebraic Codes For Error Correction In Digital Communication Systems

Access to the full-text thesis is no longer available at the author's request, due to 3rd party copyright restrictions. Access removed on 29.11.2016 by CS (TIS).Metadata merged with duplicate record (http://hdl.handle.net/10026.1/899) on 20.12.2016 by CS (TIS).C. Shannon presented theoretical conditions under which communication was possible error-free in the presence of noise. Subsequently the notion of using error correcting codes to mitigate the effects of noise in digital transmission was introduced by R. Hamming. Algebraic codes, codes described using powerful tools from algebra took to the fore early on in the search for good error correcting codes. Many classes of algebraic codes now exist and are known to have the best properties of any known classes of codes. An error correcting code can be described by three of its most important properties length, dimension and minimum distance. Given codes with the same length and dimension, one with the largest minimum distance will provide better error correction. As a result the research focuses on finding improved codes with better minimum distances than any known codes. Algebraic geometry codes are obtained from curves. They are a culmination of years of research into algebraic codes and generalise most known algebraic codes. Additionally they have exceptional distance properties as their lengths become arbitrarily large. Algebraic geometry codes are studied in great detail with special attention given to their construction and decoding. The practical performance of these codes is evaluated and compared with previously known codes in different communication channels. Furthermore many new codes that have better minimum distance to the best known codes with the same length and dimension are presented from a generalised construction of algebraic geometry codes. Goppa codes are also an important class of algebraic codes. A construction of binary extended Goppa codes is generalised to codes with nonbinary alphabets and as a result many new codes are found. This construction is shown as an efficient way to extend another well known class of algebraic codes, BCH codes. A generic method of shortening codes whilst increasing the minimum distance is generalised. An analysis of this method reveals a close relationship with methods of extending codes. Some new codes from Goppa codes are found by exploiting this relationship. Finally an extension method for BCH codes is presented and this method is shown be as good as a well known method of extension in certain cases

Signing with Codes

Code-based cryptography is an area of classical cryptography in which cryptographic primitives rely on hard problems and trapdoor functions related to linear error-correcting codes. Since its inception in 1978, the area has produced the McEliece and the Niederreiter cryptosystems, multiple digital signature schemes, identification schemes and code-based hash functions. All of these are believed to be resistant to attacks by quantum computers. Hence, code-based cryptography represents a post-quantum alternative to the widespread number-theoretic systems. This thesis summarizes recent developments in the field of code-based cryptography, with a particular emphasis on code-based signature schemes. After a brief introduction and analysis of the McEliece and the Niederreiter cryptosystems, we discuss the currently unresolved issue of constructing a practical, yet provably secure signature scheme. A detailed analysis is provided for the Courtois, Finiasz and Sendrier signature scheme, along with the mCFS and parallel CFS variations. Finally, we discuss a recent proposal by Preetha et al. that attempts to solve the issue of provable security, currently failing in the CFS scheme case, by randomizing the public key construct. We conclude that, while the proposal is not yet practical, it represents an important advancement in the search for an ideal code-based signature scheme

Revocable Identity-based Encryption from Codes with Rank Metric

In this paper, we present an identity-based encryption scheme from codes with efficient key revocation. Recently, in Crypto 2017, Gaborit et al. proposed a first identity-based encryption scheme from codes with rank metric, called RankIBE. To extract the decryption key from any public identity, they constructed a trapdoor function which relies on RankSign, a signature scheme proposed by Gaborit et al. in PQCrypto 2014. We adopt the same trapdoor function to add efficient key revocation functionality in the RankIBE scheme. Our revocable IBE scheme from codes with rank metric makes use of a binary tree data structure to reduce the amount of work in terms of key updates for the key authority. The total size of key updates requires logarithmic complexity in the maximum number of users and linear in the number of revoked users. We prove that our revocable IBE scheme is selective-ID secure in the random oracle model, under the hardness of three problems: the Rank Syndrome Decoding (RSD) problem, the Augmented Low-Rank Parity Check Code (LRPC+) problem, and the Rank Support Learning (RSL) problem

Sur l'algorithme de décodage en liste de Guruswami-Sudan sur les anneaux finis

This thesis studies the algorithmic techniques of list decoding, first proposed by Guruswami and Sudan in 1998, in the context of Reed-Solomon codes over finite rings. Two approaches are considered. First we adapt the Guruswami-Sudan (GS) list decoding algorithm to generalized Reed-Solomon (GRS) codes over finite rings with identity. We study in details the complexities of the algorithms for GRS codes over Galois rings and truncated power series rings. Then we explore more deeply a lifting technique for list decoding. We show that the latter technique is able to correct more error patterns than the original GS list decoding algorithm. We apply the technique to GRS code over Galois rings and truncated power series rings and show that the algorithms coming from this technique have a lower complexity than the original GS algorithm. We show that it can be easily adapted for interleaved Reed-Solomon codes. Finally we present the complete implementation in C and C++ of the list decoding algorithms studied in this thesis. All the needed subroutines, such as univariate polynomial root finding algorithms, finite fields and rings arithmetic, are also presented. Independently, this manuscript contains other work produced during the thesis. We study quasi cyclic codes in details and show that they are in one-to-one correspondence with left principal ideal of a certain matrix ring. Then we adapt the GS framework for ideal based codes to number fields codes and provide a list decoding algorithm for the latter.Cette thèse porte sur l'algorithmique des techniques de décodage en liste, initiée par Guruswami et Sudan en 1998, dans le contexte des codes de Reed-Solomon sur les anneaux finis. Deux approches sont considérées. Dans un premier temps, nous adaptons l'algorithme de décodage en liste de Guruswami-Sudan aux codes de Reed-Solomon généralisés sur les anneaux finis. Nous étudions en détails les complexités de l'algorithme pour les anneaux de Galois et les anneaux de séries tronquées. Dans un deuxième temps nous approfondissons l'étude d'une technique de remontée pour le décodage en liste. Nous montrons que cette derni're permet de corriger davantage de motifs d'erreurs que la technique de Guruswami-Sudan originale. Nous appliquons ensuite cette même technique aux codes de Reed-Solomon généralisés sur les anneaux de Galois et les anneaux de séries tronquées et obtenons de meilleures bornes de complexités. Enfin nous présentons l'implantation des algorithmes en C et C++ des algorithmes de décodage en liste étudiés au cours de cette thèse. Tous les sous-algorithmes nécessaires au décodage en liste, comme la recherche de racines pour les polynômes univariés, l'arithmétique des corps et anneaux finis sont aussi présentés. Indépendamment, ce manuscrit contient d'autres travaux sur les codes quasi-cycliques. Nous prouvons qu'ils sont en correspondance biunivoque avec les idéaux à gauche d'un certain anneaux de matrices. Enfin nous adaptons le cadre proposé par Guruswami et Sudan pour les codes à base d'ideaux aux codes construits à l'aide des corps de nombres. Nous fournissons un algorithme de décodage en liste dans ce contexte

Differential Power Analysis of a McEliece Cryptosystem

This work presents the first differential power analysis of an implementation of the McEliece cryptosystem. Target of this side-channel attack is a state-of-the-art FPGA implementation of the efficient QC-MDPC McEliece decryption operation as presented at DATE 2014. The presented cryptanalysis succeeds to recover the complete secret key after a few observed decryptions. It consists of a combination of a differential leakage analysis during the syndrome computation followed by an algebraic step that exploits the relation between the public and private key

Sur des algorithmes de décodage de codes géométriques au delà de la moitié de la distance minimale

This thesis deals with algebraic geometric (AG) codes and theirdecoding. Those codes are composed of vectors constructed by evaluatingspecific functions at points of an algebraic curve. The underlyingalgebraic structure of these codes made it possible to design severaldecoding algorithms. A first one, for codes from plane curves isproposed in 1989 by Justesen, Larsen, Jensen, Havemose and Hoholdt. Itis then extended to any curve by Skorobatov and Vladut and called"basic algorithm" in the literature. A few years later, Pellikaan andindependently Koetter, give a formulation without algebraic geometryusing simply the language of codes. This new interpretation, takes thename "Error Correcting Pairs" (ECP) algorithm and represents abreakthrough in coding theory since it applies to every code having acertain structure which is described only in terms of component-wiseproducts of codes. The decoding radius of this algorithm depends onthe code to which it is applied. For Reed-Solomon codes, it reacheshalf the minimum distance, which is the threshold for the solution tobe unique. For AG, the algorithm almost always manages todecode a quantity of errors equal to half the designeddistance. However, the success of the algorithm is only guaranteed fora quantity of errors less than half the designed distance minussome multiple curve's genus. Several attempts were thenmade to erase this genus-proportional penalty. A first decisiveresult was that of Pellikaan, who proved the existence of an algorithmwith a decoding radius equal to half the designed distance. Thenin 1993 Ehrhard obtained an effective procedure for constructing such analgorithm.In addition to the algorithms for unique decoding, AG codes havealgorithms correcting amount of errors greater than half thedesigned distance. Beyond this quantity, the uniqueness of thesolution may not be guaranteed. We then use a so-called "listdecoding" algorithm which returns the list of any possiblesolutions. This is the case of Sudan's algorithm for Reed-Solomoncodes. Another approach consists in designing algorithms, whichreturns a single solution but may fail. This is the case ofthe "power decoding". Sudan's and power decoding algorithms have firstbeen designed for Reed-Solomon codes, then extended to AG codes. Weobserve that these extensions do not have the same decoding radii:that of Sudan algorithm is lower than that of the power decoding,the difference being proportional to the genus of the curve.In this thesis we present two main results. First, we propose a newalgorithm that we call "power error locating pairs" which, like theECP algorithm, can be applied to any code with a certain structuredescribed in terms of component-wise products. Compared to the ECPalgorithm, this algorithm can correct errors beyond half thedesigned distance of the code. Applied to Reed-Solomon or to AG codes,it is equivalent to the power decoding algorithm. But it can also beapplied to specific cyclic codes for which it can be used to decodebeyond half the Roos bound. Moreover, this algorithm applied to AGcodes disregards the underlying geometric structure whichopens up interesting applications in cryptanalysis.The second result aims to erase the penalty proportional to thegenus in the decoding radius of Sudan's algorithm forAG codes. First, by following Pellikaan's method, weprove that such an algorithm exists. Then, by combining andgeneralizing the works of Ehrhard and Sudan, we give aneffective procedure to build this algorithm.Cette thèse porte sur les codes géométriques et leur décodage. Cescodes sont constitués de vecteurs d'evaluations de fonctionsspécifiques en des points d'une courbe algébrique. La structurealgébrique sous-jacente de ces codes a permis de concevoir plusieursalgorithmes de décodage. Un premier algorithme pour les codesprovenant de courbes planes est proposé en 1989 par Justesen, Larsen,Jensen, Havemose et Hoholdt. Il est ensuite étendu à toute courbe parSkorobatov et Vladut et appelé "basic algorithm" dans laliterature. Quelques années plus tard, Pellikaan et indépendammentKoetter en donnent une formulation sans géométrie algébrique utilisantsimplement le langage des codes. Cette nouvelle interprétation prendle nom d'algorithme "Error Correcting Pairs" (ECP) et représente unepercée en théorie des codes, car l'algorithme s'applique à toutcode muni d'une certaine structure qui se décrit uniquement entermes de produits coordonnées par coordonnées de codes. Le rayon dedécodage de cet algorithme dépend du code auquel il est appliqué. Pourles codes de Reed-Solomon, il atteint la moitié de la distanceminimale,seuil d'unicité de la solution. Pour les codes géométriques,l'algorithme arrive à décoder presque toujours une quantité d'erreurségale à la moitié de la distance construite. Toutefois, le bonfonctionnement de l'algorithme n'est garanti que pour une quantitéd'erreurs inférieure à la moitié de la distance construite moins unmultiple du genre de la courbe. Plusieurs tentatives ont ensuite été menéespour effacer cette penalité dûe au genre. Un premierrésultat déterminant a été celui de Pellikaan, qui a prouvél'existence d'un algorithme avec rayon de décodage égal à la moitié dela distance construite. Puis,en 1993 Ehrhard est parvenu à uneprocédure effective pour construire un tel algorithme.En plus des algorithmes pour le décodage unique,les codesgéométriques disposent d'algorithmes corrigeant une quantité d'erreurssupérieure à la moitié de la distance construite. Au delà de cettequantité, l'unicité de la solution pourrait ne pas être assurée. Onutilise alors des algorithmes dits de "decodage en liste" quirenvoient la liste des solutions possibles. C'est le cas del'algorithme de Sudan. Une autre approche consiste à concevoirdes algorithmes qui renvoient une unique solution mais peuvent échouer.C'est le cas du "power decoding". Les algorithmes de Sudan etdu power decoding ont d'abord été conçus pour les codes deReed-Solomon,puis étendus aux codes géométriques.On observe que ces extensions n'ont pas les mêmes rayonsde décodage: celui de l'algorithme de Sudan est inférieur à celui duPower decoding, la différence étant proportionnelle au genre de la courbe.Dans cette thèse nous présentons deux résultatsprincipaux. Premièrement, nous proposons un nouvel algorithme que nousappelons "power error locating pairs" qui, comme l'algorithme ECP,peut être appliqué à tout code muni d'une certainestructure se décrivant en termes de produits coordonnées parcoordonnées. Comparé à l'algorithme ECP, cetalgorithme peut corriger des erreurs au delà de la moitié de ladistance construite du code. Appliqué aux codes de Reed--Solomon ou,plus généralement, aux codes géométriques, il est equivalent àl'algorithme du power decoding. Mais il peut aussi être appliqué àdes codes cycliques spécifiques pour lesquels il permet de décoder audelà de la moitié de la borne de Roos. Par ailleurs, cet algorithmeappliqué aux codes géométriques fait abstraction de la structuregéométrique sous-jascente ce qui ouvre d'intéressantes applications encryptanalyse.Le second résultat a pour but d'effacer la penalité proportionnelle augenre dans le rayon de décodage de l'algorithme de Sudan pour lescodes géométriques. D'abord, en suivant la méthode de Pellikaan, nousprouvons que un tel algorithme existe. Puis, engénéralisant les travaux de Ehrhard et Sudan, nous donnons uneprocédure effective pour construire cet algorithme

Sur quelques applications du codage parcimonieux et sa mise en oeuvre

Le codage parcimonieux permet la reconstruction d'un signal à partir de quelques projections linéaires de celui-ci, sous l'hypothèse que le signal se décompose de manière parcimonieuse, c'est-à-dire avec peu de coefficients, sur un dictionnaire connu. Le codage est simple, et la complexité est déportée sur la reconstruction. Après une explication détaillée du fonctionnement du codage parcimonieux, une présentation de quelques résultats théoriques et quelques simulations pour cerner les performances envisageables, nous nous intéressons à trois problèmes : d'abord, l'étude de conception d'un système permettant le codage d'un signal par une matrice binaire, et des avantages apportés par une telle implémentation. Ensuite, nous nous intéressons à la détermination du dictionnaire de représentation parcimonieuse du signal par des méthodes d'apprentissage. Enfin, nous discutons la possibilité d'effectuer des opérations comme la classification sur le signal sans le reconstruire.Compressed sensing allows to reconstruct a signal from a few linear projections, under the assumption that the signal can be sparsely represented, that is, with only a few coefficients, on a known dictionary. Coding is very simple and all the complexity is gathered on the reconstruction. After more detailed explanations of the principle of compressed sensing, some theoretic resultats from literature and a few simulations allowing to get an idea of expected performances, we focusson three problems: First, the study for the building of a system using compressed sensing with a binary matrix and the obtained benefits. Then, we have a look at the building of a dictionary for sparse representations of the signal. And lastly, we discuss the possibility of processing signal without reconstruction, with an example in classification.SAVOIE-SCD - Bib.électronique (730659901) / SudocGRENOBLE1/INP-Bib.électronique (384210012) / SudocGRENOBLE2/3-Bib.électronique (384219901) / SudocSudocFranceF