313 research outputs found

    Linearity Measures for MQ Cryptography

    Get PDF
    We propose a new general framework for the security of multivariate quadratic (\mathcal{MQ}) schemes with respect to attacks that exploit the existence of linear subspaces. We adopt linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely the nonlinearity measure for vectorial functions introduced by Nyberg at Eurocrypt \u2792, and the (s,t)(s, t)--linearity measure introduced recently by Boura and Canteaut at FSE\u2713. We redefine some properties of \mathcal{MQ} cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in \mathcal{MQ} cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of \mathcal{MQ} schemes to these attacks, and also as a necessary tool for prudent design practice in \mathcal{MQ} cryptography

    A Rank-Metric Approach to Error Control in Random Network Coding

    Full text link
    The problem of error control in random linear network coding is addressed from a matrix perspective that is closely related to the subspace perspective of K\"otter and Kschischang. A large class of constant-dimension subspace codes is investigated. It is shown that codes in this class can be easily constructed from rank-metric codes, while preserving their distance properties. Moreover, it is shown that minimum distance decoding of such subspace codes can be reformulated as a generalized decoding problem for rank-metric codes where partial information about the error is available. This partial information may be in the form of erasures (knowledge of an error location but not its value) and deviations (knowledge of an error value but not its location). Taking erasures and deviations into account (when they occur) strictly increases the error correction capability of a code: if μ\mu erasures and δ\delta deviations occur, then errors of rank tt can always be corrected provided that 2t≤d−1+μ+δ2t \leq d - 1 + \mu + \delta, where dd is the minimum rank distance of the code. For Gabidulin codes, an important family of maximum rank distance codes, an efficient decoding algorithm is proposed that can properly exploit erasures and deviations. In a network coding application where nn packets of length MM over FqF_q are transmitted, the complexity of the decoding algorithm is given by O(dM)O(dM) operations in an extension field FqnF_{q^n}.Comment: Minor corrections; 42 pages, to be published at the IEEE Transactions on Information Theor

    Improvement of stabilizer based entanglement distillation protocols by encoding operators

    Full text link
    This paper presents a method for enumerating all encoding operators in the Clifford group for a given stabilizer. Furthermore, we classify encoding operators into the equivalence classes such that EDPs (Entanglement Distillation Protocol) constructed from encoding operators in the same equivalence class have the same performance. By this classification, for a given parameter, the number of candidates for good EDPs is significantly reduced. As a result, we find the best EDP among EDPs constructed from [[4,2]] stabilizer codes. This EDP has a better performance than previously known EDPs over wide range of fidelity.Comment: 22 pages, 2 figures, In version 2, we enumerate all encoding operators in the Clifford group, and fix the wrong classification of encoding operators in version

    Torsion Limits and Riemann-Roch Systems for Function Fields and Applications

    Get PDF
    The Ihara limit (or -constant) A(q)A(q) has been a central problem of study in the asymptotic theory of global function fields (or equivalently, algebraic curves over finite fields). It addresses global function fields with many rational points and, so far, most applications of this theory do not require additional properties. Motivated by recent applications, we require global function fields with the additional property that their zero class divisor groups contain at most a small number of dd-torsion points. We capture this by the torsion limit, a new asymptotic quantity for global function fields. It seems that it is even harder to determine values of this new quantity than the Ihara constant. Nevertheless, some non-trivial lower- and upper bounds are derived. Apart from this new asymptotic quantity and bounds on it, we also introduce Riemann-Roch systems of equations. It turns out that this type of equation system plays an important role in the study of several other problems in areas such as coding theory, arithmetic secret sharing and multiplication complexity of finite fields etc. Finally, we show how our new asymptotic quantity, our bounds on it and Riemann-Roch systems can be used to improve results in these areas.Comment: Accepted for publication in IEEE Transactions on Information Theory. This is an extended version of our paper in Proceedings of 31st Annual IACR CRYPTO, Santa Barbara, Ca., USA, 2011. The results in Sections 5 and 6 did not appear in that paper. A first version of this paper has been widely circulated since November 200

    The state space for two qutrits has a phase space structure in its core

    Full text link
    We investigate the state space of bipartite qutrits. For states which are locally maximally mixed we obtain an analog of the ``magic'' tetrahedron for bipartite qubits--a magic simplex W. This is obtained via the Weyl group which is a kind of ``quantization'' of classical phase space. We analyze how this simplex W is embedded in the whole state space of two qutrits and discuss symmetries and equivalences inside the simplex W. Because we are explicitly able to construct optimal entanglement witnesses we obtain the border between separable and entangled states. With our method we find also the total area of bound entangled states of the parameter subspace under intervestigation. Our considerations can also be applied to higher dimensions.Comment: 3 figure

    Lattice-based Blind Signatures

    Get PDF
    Motivated by the need to have secure blind signatures even in the presence of quantum computers, we present two efficient blind signature schemes based on hard worst-case lattice problems. Both schemes are provably secure in the random oracle model and unconditionally blind. The first scheme is based on preimage samplable functions that were introduced at STOC 2008 by Gentry, Peikert, and Vaikuntanathan. The scheme is stateful and runs in 3 moves. The second scheme builds upon the PKC 2008 identification scheme of Lyubashevsky. It is stateless, has 4 moves, and its security is based on the hardness of worst-case problems in ideal lattices
    • …
    corecore