14 research outputs found

    On the minimum distance of elliptic curve codes

    Full text link
    Computing the minimum distance of a linear code is one of the fundamental problems in algorithmic coding theory. Vardy [14] showed that it is an \np-hard problem for general linear codes. In practice, one often uses codes with additional mathematical structure, such as AG codes. For AG codes of genus 00 (generalized Reed-Solomon codes), the minimum distance has a simple explicit formula. An interesting result of Cheng [3] says that the minimum distance problem is already \np-hard (under \rp-reduction) for general elliptic curve codes (ECAG codes, or AG codes of genus 11). In this paper, we show that the minimum distance of ECAG codes also has a simple explicit formula if the evaluation set is suitably large (at least 2/32/3 of the group order). Our method is purely combinatorial and based on a new sieving technique from the first two authors [8]. This method also proves a significantly stronger version of the MDS (maximum distance separable) conjecture for ECAG codes.Comment: 13 page

    On Generalized First Fall Degree Assumptions

    Get PDF
    The first fall degree assumption provides a complexity approximation of Gröbner basis algorithms when the degree of regularity of a polynomial system cannot be precisely evaluated. Most importantly, this assumption was recently used by Petit and Quisquater\u27s to conjecture that the elliptic curve discrete logarithm problem can be solved in subexponential time for binary fields (binary ECDLP). The validity of the assumption may however depend on the systems in play. In this paper, we theoretically and experimentally study the first fall degree assumption for a class of polynomial systems including those considered in Petit and Quisquater\u27s analysis. In some cases, we show that the first fall degree assumption seems to hold and we deduce complexity improvements on previous binary ECDLP algorithms. On the other hand, we also show that the assumption is unlikely to hold in other cases where it would have very unexpected consequences. Our results shed light on a Gröbner basis assumption with major consequences on several cryptanalysis problems, including binary ECDLP

    Stopping Sets of Algebraic Geometry Codes

    Get PDF
    Abstract — Stopping sets and stopping set distribution of a linear code play an important role in the performance analysis of iterative decoding for this linear code. Let C be an [n, k] linear code over Fq with parity-check matrix H, wheretherowsof H may be dependent. Let [n] ={1, 2,...,n} denote the set of column indices of H. Astopping set S of C with parity-check matrix H is a subset of [n] such that the restriction of H to S does not contain a row of weight 1. The stopping set distribution {Ti (H)} n i=0 enumerates the number of stopping sets with size i of C with parity-check matrix H. Denote H ∗ , the paritycheck matrix, consisting of all the nonzero codewords in the dual code C ⊄. In this paper, we study stopping sets and stopping set distributions of some residue algebraic geometry (AG) codes with parity-check matrix H ∗. First, we give two descriptions of stopping sets of residue AG codes. For the simplest AG codes, i.e., the generalized Reed–Solomon codes, it is easy to determine all the stopping sets. Then, we consider the AG codes from elliptic curves. We use the group structure of rational points of elliptic curves to present a complete characterization of stopping sets. Then, the stopping sets, the stopping set distribution, and the stopping distance of the AG code from an elliptic curve are reduced to the search, counting, and decision versions of the subset sum problem in the group of rational points of the elliptic curve, respectively. Finally, for some special cases, we determine the stopping set distributions of the AG codes from elliptic curves. Index Terms — Algebraic geometry codes, elliptic curves, stopping distance, stopping sets, stopping set distribution, subset sum problem. I

    Computation of Trusted Short Weierstrass Elliptic Curves for Cryptography

    Full text link
    Short Weierstrass's elliptic curves with underlying hard Elliptic Curve Discrete Logarithm Problems was widely used in Cryptographic applications. This paper introduces a new security notation 'trusted security' for computation methods of elliptic curves for cryptography. Three additional "trusted security acceptance criteria" is proposed to be met by the elliptic curves aimed for cryptography. Further, two cryptographically secure elliptic curves over 256 bit and 384 bit prime fields are demonstrated which are secure from ECDLP, ECC as well as trust perspectives. The proposed elliptic curves are successfully subjected to thorough security analysis and performance evaluation with respect to key generation and signing/verification and hence, proven for their cryptographic suitability and great feasibility for acceptance by the community.Comment: CYBERNETICS AND INFORMATION TECHNOLOGIES, Volume 21, No

    Improved Lower Bounds for Approximating Parameterized Nearest Codeword and Related Problems under ETH

    Full text link
    In this paper we present a new gap-creating randomized self-reduction for parameterized Maximum Likelihood Decoding problem over Fp\mathbb{F}_p (kk-MLDp_p). The reduction takes a kk-MLDp_p instance with k⋅nk\cdot n vectors as input, runs in time f(k)nO(1)f(k)n^{O(1)} for some computable function ff, outputs a (3/2−Δ)(3/2-\varepsilon)-Gap-kâ€Čk'-MLDp_p instance for any Δ>0\varepsilon>0, where kâ€Č=O(k2log⁥k)k'=O(k^2\log k). Using this reduction, we show that assuming the randomized Exponential Time Hypothesis (ETH), no algorithms can approximate kk-MLDp_p (and therefore its dual problem kk-NCPp_p) within factor (3/2−Δ)(3/2-\varepsilon) in f(k)⋅no(k/log⁥k)f(k)\cdot n^{o(\sqrt{k/\log k})} time for any Δ>0\varepsilon>0. We then use reduction by Bhattacharyya, Ghoshal, Karthik and Manurangsi (ICALP 2018) to amplify the (3/2−Δ)(3/2-\varepsilon)-gap to any constant. As a result, we show that assuming ETH, no algorithms can approximate kk-NCPp_p and kk-MDPp_p within Îł\gamma-factor in f(k)no(kΔγ)f(k)n^{o(k^{\varepsilon_\gamma})} time for some constant Δγ>0\varepsilon_\gamma>0. Combining with the gap-preserving reduction by Bennett, Cheraghchi, Guruswami and Ribeiro (STOC 2023), we also obtain similar lower bounds for kk-MDPp_p, kk-CVPp_p and kk-SVPp_p. These results improve upon the previous f(k)nΩ(polylog⁥k)f(k)n^{\Omega(\mathsf{poly} \log k)} lower bounds for these problems under ETH using reductions by Bhattacharyya et al. (J.ACM 2021) and Bennett et al. (STOC 2023).Comment: 32 pages, 3 figure

    A Post-Quantum Digital Signature Scheme from QC-LDPC Codes

    Get PDF
    We propose a novel post-quantum code-based digital signature algorithm whose security is based on the difficulty of decoding Quasi-Cyclic codes in systematic form, and whose trapdoor relies on the knowledge of a hidden Quasi-Cyclic Low-Density-Parity-Check (QC-LDPC) code. The utilization of Quasi-Cyclic (QC) codes allows us to balance between security and key size, while the LDPC property lighten the encoding complexity, thus the signing algorithm complexity, significantly

    Les codes algébriques principaux et leur décodage

    Get PDF
    National audienceLe premier exposĂ© reprend les algorithmes classiques de dĂ©codage des codes gĂ©omĂ©triques, basĂ©s sur l'algorithme de Berlekamp-Massey et ses gĂ©nĂ©ralisations multivariĂ©es (Berlekamp-Massey-Sakata). Toutefois, avant de prĂ©senter ces algorithmes, je rappelerai les bases de la thĂ©orie des codes : codes linĂ©aires, borne de Singleton, codes de Reed-Solomon, borne de Hamming. Ensuite, j'introduirai de maniĂšre motivĂ©e la famille des codes gĂ©omĂ©triques, comme gĂ©nĂ©ralisation des codes gĂ©omĂ©triques, aprĂšs un bref rappel de la thĂ©orie des courbes algĂ©briques sur les corps finis. La cadre sera alors en place pour introduire le dĂ©codage par syndrĂŽmes, qui est le dĂ©codage classique des codes gĂ©omĂ©triques. Le deuxiĂšme exposĂ© est consacrĂ© aux progrĂšs rĂ©cents dans le domaine du codage algĂ©brique, qui reposent sur le dĂ©codage par interpolation. Ces progrĂšs sont dus Ă  Guruswami-Sudan, et reposent sur une vision duale des codes de Reed-Solomon et des codes gĂ©omĂ©triques. Je prĂ©senterai dans l'ordre les algorithmes de Berlekamp-Welsh, Sudan et Guruswami-Sudan, dans le contexte des codes de Reed-Solomon et dans le contexte des codes gĂ©omĂ©triques. On verra finalement comment l'algorithme de Berlekamp-Massey-Sakata peut ĂȘtre recyclĂ© dans ce contexte
    corecore