8 research outputs found
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
The main practical limitation of the McEliece public-key encryption scheme is
probably the size of its key. A famous trend to overcome this issue is to focus
on subclasses of alternant/Goppa codes with a non trivial automorphism group.
Such codes display then symmetries allowing compact parity-check or generator
matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC)
or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such
symmetric alternant/Goppa codes in cryptography introduces a fundamental
weakness. It is indeed possible to reduce the key-recovery on the original
symmetric public-code to the key-recovery on a (much) smaller code that has not
anymore symmetries. This result is obtained thanks to a new operation on codes
called folding that exploits the knowledge of the automorphism group. This
operation consists in adding the coordinates of codewords which belong to the
same orbit under the action of the automorphism group. The advantage is
twofold: the reduction factor can be as large as the size of the orbits, and it
preserves a fundamental property: folding the dual of an alternant (resp.
Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point
is to show that all the existing constructions of alternant/Goppa codes with
symmetries follow a common principal of taking codes whose support is globally
invariant under the action of affine transformations (by building upon prior
works of T. Berger and A. D{\"{u}}r). This enables not only to present a
unified view but also to generalize the construction of QC, QD and even
quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to
boost up any key-recovery attack on McEliece systems based on symmetric
alternant or Goppa codes, and in particular algebraic attacks.Comment: 19 page
Using Reed-Solomon codes in the (U | U + V ) construction and an application to cryptography
International audience—In this paper we present a modification of Reed-Solomon codes that beats the Guruswami-Sudan 1 − √ R decoding radius of Reed-Solomon codes at low rates R. The idea is to choose Reed-Solomon codes U and V with appropriate rates in a (U | U + V) construction and to decode them with the Koetter-Vardy soft information decoder. We suggest to use a slightly more general version of these codes (but which has the same decoding performance as the (U | U + V)-construction) for being used in code-based cryptography , namely to build a McEliece scheme. The point is here that these codes not only perform nearly as well (or even better in the low rate regime) as Reed-Solomon codes, but also that their structure seems to avoid the Sidelnikov-Shestakov attack which broke a previous McEliece proposal based on generalized Reed-Solomon codes
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
International audienceThe main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism group. Such codes display then \textit{symmetries} allowing compact parity-check or generator matrices. For instance, a key-reduction is obtained by taking {\it quasi-cyclic} (\QC{}) or {\it quasi-dyadic} (\QD{}) alternant/Goppa codes. We show that the use of such \textit{symmetric} alternant/Goppa codes in cryptography introduces a fundamental weakness. It is indeed possible to reduce the key-recovery on the original symmetric public-code to the key-recovery on a (much) smaller code that has not anymore symmetries. This result is obtained thanks to a new operation on codes called \textit{folding} that exploits the knowledge of the automorphism group. This operation consists in adding the coordinates of codewords which belong to the same orbit under the action of the automorphism group. The advantage is twofold: the reduction factor can be as large as the size of the orbits, and it preserves a fundamental property: folding the dual of an alternant (\textit{resp}. Goppa) code provides the dual of an alternant (\textit{resp}. Goppa) code. A key point is to show that all the existing constructions of alternant/Goppa codes with symmetries follow a common principal of taking codes whose support is globally invariant under the action of affine transformations (by building upon prior works of T. Berger and A. D{\"{u}}r). This enables not only to present a unified view but also to generalize the construction of \QC{}, \QD{} and even \textit{quasi-monoidic} (\QM{}) Goppa codes. All in all, our results can be harnessed to boost up any key-recovery attack on McEliece systems based on symmetric alternant or Goppa codes, and in particular algebraic attacks
Criptografía post-cuántica: Análisis de McEliece y una nueva versión con MPC
La seguridad empleada en prácticamente todas comunicaciones realizadas actualmente
utiliza una criptografía de clave pública o híbrida mediante el uso de sistemas
criptográficos como el RSA, Gamal o de curva elíptica entre otros. Dichos sistemas
aunque son actualmente seguros, en cuanto seamos capaces de construir un ordenador
cuántico, se conoce un algoritmo que permite romperlos en tiempo polinómico.
Por ello, actualmente se están estudiando distintos criptosistemas que sean resistentes
a ataques realizados por un ordenador cuántico.
El presente documento se centra en el criptosistema de McEliece, el cual es uno
de los criptosistemas resistente frente a estos ataques. En adicción se muestran los
códigos Reed-Solomon, Goppa y de producto de matrices, que se pueden emplear,
entre otros, para construir el criptosistema. Después vemos un posible ataque contra
el criptosistema construido a partir de un código Reed-Solomon.
También, mostramos el método empleado por Gaborit para intentar eliminar la
principal desventaja del criptosistema de McEliece preservando la seguridad, el gran
tamaño de las claves. Por último se muestra un método innovador que nos permite
reducir notablemente el tamaño de las claves del criptosistema mediante el empleo de
códigos de producto de matrices.The security used in almost all communications currently performed a public key
cryptography or hybrid through the use of cryptographic systems such as RSA, Gamal
or elliptical curve among others. These systems although they are currently safe,
as soon as we are able to build a quantum computer, it is known an algorithm that
can break them in polynomial time. For this reason, different cryptosystems that are
resistant to attacks carried out by a quantum computer are currently being studied.
This paper focuses on the McEliece cryptosystem, which is one of the cryptosystems
resistant to these attacks. In addition, Reed-Solomon, Goppa and matrix product
codes are shown, which can be used to build the cryptosystem. Afterwards, a possible
attack against the cryptosystem built from a Reed-Solomon code is shown.
Also, it is shown the method used by Gaborit to try to eliminate the main disadvantage
of the McEliece cryptosystem while preserving security,the large size of the
keys. Finally, it shows an innovative method that allows us to significantly reduce the
size of the cryptosystem keys by using matrix product codes.Grado en Matemática
Criptografía Post-cuántica: Implementación de McEliece y una nueva versión
La seguridad empleada en prácticamente todas comunicaciones realizadas actualmente utiliza una criptografía de clave pública o híbrida mediante el uso de sistemas criptográficos como el RSA, Gamal o de curva elíptica entre otros. Dichos sistemas aunque son actualmente seguros, en cuanto seamos capaces de construir un ordenador cuántico, se conoce un algoritmo que permite romperlos en tiempo polinómico. Por ello, actualmente se están estudiando distintos criptosistemas que sean resistentes a ataques realizados por un ordenador cuántico.
El presente documento se centra en el criptosistema de McEliece, el cual es uno de los criptosistemas resistente frente a estos ataques. En adicción se muestran los códigos Reed-Solomon, Goppa y de producto de matrices, que se pueden emplear, entre otros, para construir el criptosistema. Después vemos un posible ataque contrael criptosistema construido a partir de un código Reed-Solomon. Por último se muestra un método innovador que nos permite reducir notablemente el tamaño de las claves del criptosistema mediante el empleo de códigos de producto de matrices.Grado en Ingeniería Informática de Servicios y Aplicacione
IEEE Transactions On Information Theory: Vol. 62, No. 1, January 2016
1. Zero-error Capacity of Binary Channels with Memory / G. Cohen, E. Fachini, J. Korner
2. The Feedback Capacity of the Binary Erasure Channel With a No-Consecutive-Ones Input Constraint / O. Sabag, H. H. Peruter N. Kashyap
3. On the Renyi Divergence, Joint Range of Relative Entropies and a Channel Coding Theorem / I. Sason
4. Dissipation of Information in Channels with Input Constraint / Y. Polynskiy, Y. Wu
5. A United Graphical Approach to Random Coding for Single-Hop Networks / S. Rini, A. Goldsmith
6. Short Message Noisy Network Coding With a Decode-Forward Option / J. Hou, G. Kramer
7. Non-Random Coding Error Bounds for Lattices / Y. Domb, M. Feder
8. The Random Coding Bound Is Tight for the Average Linear Code for Lattice / Y. Domb, R. Zamir, M. Feder
9. Pearcon Codes / J. H. Weber K. A. S. Immink, S. R. Blackburn
10. Snake-in-the-Box Codes for Rank Modulation Under Kendall\u27s Metric / Y. Zhang, G. Ge
11. A Construction of Permutation Codes From Rational Functional Fields and Improvement to the Gilbert-Varshamov Bound / L. Jin
12. Searching for Binary and Nonbinary Block and Convolutional LDPC Codes / I. E. Bocharova, B. D. Kudrasyov, R. Johannesson
13. Folding Alternant and Goppa Codes With Non-Trivial Automorphism Groups / J. -C. Faugere, A. Otmani, L. Perret, F. de Portzamparc, J. -P. Tillich
14. On Determining Deep Holes of Generalized Reed-Solomon Codes / J. Zhuang, Q. Cheng, J. L