1,211 research outputs found
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
The main practical limitation of the McEliece public-key encryption scheme is
probably the size of its key. A famous trend to overcome this issue is to focus
on subclasses of alternant/Goppa codes with a non trivial automorphism group.
Such codes display then symmetries allowing compact parity-check or generator
matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC)
or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such
symmetric alternant/Goppa codes in cryptography introduces a fundamental
weakness. It is indeed possible to reduce the key-recovery on the original
symmetric public-code to the key-recovery on a (much) smaller code that has not
anymore symmetries. This result is obtained thanks to a new operation on codes
called folding that exploits the knowledge of the automorphism group. This
operation consists in adding the coordinates of codewords which belong to the
same orbit under the action of the automorphism group. The advantage is
twofold: the reduction factor can be as large as the size of the orbits, and it
preserves a fundamental property: folding the dual of an alternant (resp.
Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point
is to show that all the existing constructions of alternant/Goppa codes with
symmetries follow a common principal of taking codes whose support is globally
invariant under the action of affine transformations (by building upon prior
works of T. Berger and A. D{\"{u}}r). This enables not only to present a
unified view but also to generalize the construction of QC, QD and even
quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to
boost up any key-recovery attack on McEliece systems based on symmetric
alternant or Goppa codes, and in particular algebraic attacks.Comment: 19 page
An exact solution method for binary equilibrium problems with compensation and the power market uplift problem
We propose a novel method to find Nash equilibria in games with binary
decision variables by including compensation payments and
incentive-compatibility constraints from non-cooperative game theory directly
into an optimization framework in lieu of using first order conditions of a
linearization, or relaxation of integrality conditions. The reformulation
offers a new approach to obtain and interpret dual variables to binary
constraints using the benefit or loss from deviation rather than marginal
relaxations. The method endogenizes the trade-off between overall (societal)
efficiency and compensation payments necessary to align incentives of
individual players. We provide existence results and conditions under which
this problem can be solved as a mixed-binary linear program.
We apply the solution approach to a stylized nodal power-market equilibrium
problem with binary on-off decisions. This illustrative example shows that our
approach yields an exact solution to the binary Nash game with compensation. We
compare different implementations of actual market rules within our model, in
particular constraints ensuring non-negative profits (no-loss rule) and
restrictions on the compensation payments to non-dispatched generators. We
discuss the resulting equilibria in terms of overall welfare, efficiency, and
allocational equity
Higher-order CIS codes
We introduce {\bf complementary information set codes} of higher-order. A
binary linear code of length and dimension is called a complementary
information set code of order (-CIS code for short) if it has
pairwise disjoint information sets. The duals of such codes permit to reduce
the cost of masking cryptographic algorithms against side-channel attacks. As
in the case of codes for error correction, given the length and the dimension
of a -CIS code, we look for the highest possible minimum distance. In this
paper, this new class of codes is investigated. The existence of good long CIS
codes of order is derived by a counting argument. General constructions
based on cyclic and quasi-cyclic codes and on the building up construction are
given. A formula similar to a mass formula is given. A classification of 3-CIS
codes of length is given. Nonlinear codes better than linear codes are
derived by taking binary images of -codes. A general algorithm based on
Edmonds' basis packing algorithm from matroid theory is developed with the
following property: given a binary linear code of rate it either provides
disjoint information sets or proves that the code is not -CIS. Using
this algorithm, all optimal or best known codes where and are shown to be -CIS for all
such and , except for with and with .Comment: 13 pages; 1 figur
Numerical cubature using error-correcting codes
We present a construction for improving numerical cubature formulas with
equal weights and a convolution structure, in particular equal-weight product
formulas, using linear error-correcting codes. The construction is most
effective in low degree with extended BCH codes. Using it, we obtain several
sequences of explicit, positive, interior cubature formulas with good
asymptotics for each fixed degree as the dimension . Using a
special quadrature formula for the interval [arXiv:math.PR/0408360], we obtain
an equal-weight -cubature formula on the -cube with O(n^{\floor{t/2}})
points, which is within a constant of the Stroud lower bound. We also obtain
-cubature formulas on the -sphere, -ball, and Gaussian with
points when is odd. When is spherically symmetric and
, we obtain points. For each , we also obtain explicit,
positive, interior formulas for the -simplex with points; for
, we obtain O(n) points. These constructions asymptotically improve the
non-constructive Tchakaloff bound.
Some related results were recently found independently by Victoir, who also
noted that the basic construction more directly uses orthogonal arrays.Comment: Dedicated to Wlodzimierz and Krystyna Kuperberg on the occasion of
their 40th anniversary. This version has a major improvement for the n-cub
On the Structure of the Linear Codes with a Given Automorphism
The purpose of this paper is to present the structure of the linear codes
over a finite field with q elements that have a permutation automorphism of
order m. These codes can be considered as generalized quasi-cyclic codes.
Quasi-cyclic codes and almost quasi-cyclic codes are discussed in detail,
presenting necessary and sufficient conditions for which linear codes with such
an automorphism are self-orthogonal, self-dual, or linear complementary dual
Frames of translates with prescribed fine structure in shift invariant spaces
For a given finitely generated shift invariant (FSI) subspace \cW\subset
L^2(\R^k) we obtain a simple criterion for the existence of shift generated
(SG) Bessel sequences E(\cF) induced by finite sequences of vectors \cF\in
\cW^n that have a prescribed fine structure i.e., such that the norms of the
vectors in \cF and the spectra of S_{E(\cF)} is prescribed in each fiber of
\text{Spec}(\cW)\subset \T^k. We complement this result by developing an
analogue of the so-called sequences of eigensteps from finite frame theory in
the context of SG Bessel sequences, that allows for a detailed description of
all sequences with prescribed fine structure. Then, given we characterize the finite sequences \cF\in\cW^n such
that , for , and such that the fine spectral
structure of the shift generated Bessel sequences E(\cF) have minimal spread
(i.e. we show the existence of optimal SG Bessel sequences with prescribed
norms); in this context the spread of the spectra is measured in terms of the
convex potential P^\cW_\varphi induced by \cW and an arbitrary convex
function .Comment: 31 pages. Accepted in the JFA. This revised version has several
changes in the notation and the organization of the text. There exists text
overlap with arXiv:1508.01739 in the preliminary section
-Almost collision-flat universal hash functions and mosaics of designs
We introduce, motivate and study -almost collision-flat (ACFU)
universal hash functions . Their
main property is that the number of collisions in any given value is bounded.
Each -ACFU hash function is an -almost universal (AU)
hash function, and every -almost strongly universal (ASU) hash
function is an -ACFU hash function. We study how the size of the
seed set depends on and .
Depending on how these parameters are interrelated, seed-minimizing ACFU hash
functions are equivalent to mosaics of balanced incomplete block designs
(BIBDs) or to duals of mosaics of quasi-symmetric block designs; in a third
case, mosaics of transversal designs and nets yield seed-optimal ACFU hash
functions, but a full characterization is missing. By either extending
or , it is possible to obtain an -ACFU
hash function from an -AU hash function or an -ASU
hash function, generalizing the construction of mosaics of designs from a given
resolvable design (Gnilke, Greferath, Pav{\v c}evi\'c, Des. Codes Cryptogr.
86(1)). The concatenation of an ASU and an ACFU hash function again yields an
ACFU hash function. Finally, we motivate ACFU hash functions by their
applicability in privacy amplification
- …