14 research outputs found
On the minimum distance of elliptic curve codes
Computing the minimum distance of a linear code is one of the fundamental
problems in algorithmic coding theory. Vardy [14] showed that it is an \np-hard
problem for general linear codes. In practice, one often uses codes with
additional mathematical structure, such as AG codes. For AG codes of genus
(generalized Reed-Solomon codes), the minimum distance has a simple explicit
formula. An interesting result of Cheng [3] says that the minimum distance
problem is already \np-hard (under \rp-reduction) for general elliptic curve
codes (ECAG codes, or AG codes of genus ). In this paper, we show that the
minimum distance of ECAG codes also has a simple explicit formula if the
evaluation set is suitably large (at least of the group order). Our
method is purely combinatorial and based on a new sieving technique from the
first two authors [8]. This method also proves a significantly stronger version
of the MDS (maximum distance separable) conjecture for ECAG codes.Comment: 13 page
On Generalized First Fall Degree Assumptions
The first fall degree assumption provides a complexity approximation of Gröbner basis algorithms when the degree of regularity of a polynomial system cannot be precisely evaluated. Most importantly, this assumption was recently used by Petit and Quisquater\u27s to conjecture that the elliptic curve discrete logarithm problem can be solved in subexponential time for binary fields (binary ECDLP). The validity of the assumption may however depend on the systems in play.
In this paper, we theoretically and experimentally study the first fall degree assumption for a class of polynomial systems including those considered in Petit and Quisquater\u27s analysis. In some cases, we show that the first fall degree assumption seems to hold and we deduce complexity improvements on previous binary ECDLP algorithms. On the other hand, we also show that the assumption is unlikely to hold in other cases where it would have very unexpected consequences.
Our results shed light on a Gröbner basis assumption with major consequences on several cryptanalysis problems, including binary ECDLP
Stopping Sets of Algebraic Geometry Codes
Abstract â Stopping sets and stopping set distribution of a linear code play an important role in the performance analysis of iterative decoding for this linear code. Let C be an [n, k] linear code over Fq with parity-check matrix H, wheretherowsof H may be dependent. Let [n] ={1, 2,...,n} denote the set of column indices of H. Astopping set S of C with parity-check matrix H is a subset of [n] such that the restriction of H to S does not contain a row of weight 1. The stopping set distribution {Ti (H)} n i=0 enumerates the number of stopping sets with size i of C with parity-check matrix H. Denote H â , the paritycheck matrix, consisting of all the nonzero codewords in the dual code C â„. In this paper, we study stopping sets and stopping set distributions of some residue algebraic geometry (AG) codes with parity-check matrix H â. First, we give two descriptions of stopping sets of residue AG codes. For the simplest AG codes, i.e., the generalized ReedâSolomon codes, it is easy to determine all the stopping sets. Then, we consider the AG codes from elliptic curves. We use the group structure of rational points of elliptic curves to present a complete characterization of stopping sets. Then, the stopping sets, the stopping set distribution, and the stopping distance of the AG code from an elliptic curve are reduced to the search, counting, and decision versions of the subset sum problem in the group of rational points of the elliptic curve, respectively. Finally, for some special cases, we determine the stopping set distributions of the AG codes from elliptic curves. Index Terms â Algebraic geometry codes, elliptic curves, stopping distance, stopping sets, stopping set distribution, subset sum problem. I
Computation of Trusted Short Weierstrass Elliptic Curves for Cryptography
Short Weierstrass's elliptic curves with underlying hard Elliptic Curve
Discrete Logarithm Problems was widely used in Cryptographic applications. This
paper introduces a new security notation 'trusted security' for computation
methods of elliptic curves for cryptography. Three additional "trusted security
acceptance criteria" is proposed to be met by the elliptic curves aimed for
cryptography. Further, two cryptographically secure elliptic curves over 256
bit and 384 bit prime fields are demonstrated which are secure from ECDLP, ECC
as well as trust perspectives. The proposed elliptic curves are successfully
subjected to thorough security analysis and performance evaluation with respect
to key generation and signing/verification and hence, proven for their
cryptographic suitability and great feasibility for acceptance by the
community.Comment: CYBERNETICS AND INFORMATION TECHNOLOGIES, Volume 21, No
Improved Lower Bounds for Approximating Parameterized Nearest Codeword and Related Problems under ETH
In this paper we present a new gap-creating randomized self-reduction for
parameterized Maximum Likelihood Decoding problem over
(-MLD). The reduction takes a -MLD instance with
vectors as input, runs in time for some computable function ,
outputs a -Gap--MLD instance for any
, where . Using this reduction, we show that
assuming the randomized Exponential Time Hypothesis (ETH), no algorithms can
approximate -MLD (and therefore its dual problem -NCP) within
factor in time for any
.
We then use reduction by Bhattacharyya, Ghoshal, Karthik and Manurangsi
(ICALP 2018) to amplify the -gap to any constant. As a
result, we show that assuming ETH, no algorithms can approximate -NCP
and -MDP within -factor in
time for some constant . Combining with the
gap-preserving reduction by Bennett, Cheraghchi, Guruswami and Ribeiro (STOC
2023), we also obtain similar lower bounds for -MDP, -CVP and
-SVP.
These results improve upon the previous lower bounds for these problems under ETH using reductions by
Bhattacharyya et al. (J.ACM 2021) and Bennett et al. (STOC 2023).Comment: 32 pages, 3 figure
A Post-Quantum Digital Signature Scheme from QC-LDPC Codes
We propose a novel post-quantum code-based digital signature algorithm whose security is based on the difficulty of decoding Quasi-Cyclic codes in systematic form, and whose trapdoor relies on the knowledge of a hidden Quasi-Cyclic Low-Density-Parity-Check (QC-LDPC) code. The utilization of Quasi-Cyclic (QC) codes allows us to balance between security and key size, while the LDPC property lighten the encoding complexity, thus the signing algorithm complexity, significantly
Les codes algébriques principaux et leur décodage
National audienceLe premier exposĂ© reprend les algorithmes classiques de dĂ©codage des codes gĂ©omĂ©triques, basĂ©s sur l'algorithme de Berlekamp-Massey et ses gĂ©nĂ©ralisations multivariĂ©es (Berlekamp-Massey-Sakata). Toutefois, avant de prĂ©senter ces algorithmes, je rappelerai les bases de la thĂ©orie des codes : codes linĂ©aires, borne de Singleton, codes de Reed-Solomon, borne de Hamming. Ensuite, j'introduirai de maniĂšre motivĂ©e la famille des codes gĂ©omĂ©triques, comme gĂ©nĂ©ralisation des codes gĂ©omĂ©triques, aprĂšs un bref rappel de la thĂ©orie des courbes algĂ©briques sur les corps finis. La cadre sera alors en place pour introduire le dĂ©codage par syndrĂŽmes, qui est le dĂ©codage classique des codes gĂ©omĂ©triques. Le deuxiĂšme exposĂ© est consacrĂ© aux progrĂšs rĂ©cents dans le domaine du codage algĂ©brique, qui reposent sur le dĂ©codage par interpolation. Ces progrĂšs sont dus Ă Guruswami-Sudan, et reposent sur une vision duale des codes de Reed-Solomon et des codes gĂ©omĂ©triques. Je prĂ©senterai dans l'ordre les algorithmes de Berlekamp-Welsh, Sudan et Guruswami-Sudan, dans le contexte des codes de Reed-Solomon et dans le contexte des codes gĂ©omĂ©triques. On verra finalement comment l'algorithme de Berlekamp-Massey-Sakata peut ĂȘtre recyclĂ© dans ce contexte