313 research outputs found
Linearity Measures for MQ Cryptography
We propose a new general framework for the security of multivariate quadratic (\mathcal{MQ}) schemes with respect to attacks that exploit the existence of linear subspaces. We adopt linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely the nonlinearity measure for vectorial functions introduced by Nyberg at Eurocrypt \u2792, and the --linearity measure introduced recently by Boura and Canteaut at FSE\u2713. We redefine some properties of \mathcal{MQ} cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in \mathcal{MQ} cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of \mathcal{MQ} schemes to these attacks, and also as a necessary tool for prudent design practice in \mathcal{MQ} cryptography
A Rank-Metric Approach to Error Control in Random Network Coding
The problem of error control in random linear network coding is addressed
from a matrix perspective that is closely related to the subspace perspective
of K\"otter and Kschischang. A large class of constant-dimension subspace codes
is investigated. It is shown that codes in this class can be easily constructed
from rank-metric codes, while preserving their distance properties. Moreover,
it is shown that minimum distance decoding of such subspace codes can be
reformulated as a generalized decoding problem for rank-metric codes where
partial information about the error is available. This partial information may
be in the form of erasures (knowledge of an error location but not its value)
and deviations (knowledge of an error value but not its location). Taking
erasures and deviations into account (when they occur) strictly increases the
error correction capability of a code: if erasures and
deviations occur, then errors of rank can always be corrected provided that
, where is the minimum rank distance of the
code. For Gabidulin codes, an important family of maximum rank distance codes,
an efficient decoding algorithm is proposed that can properly exploit erasures
and deviations. In a network coding application where packets of length
over are transmitted, the complexity of the decoding algorithm is given
by operations in an extension field .Comment: Minor corrections; 42 pages, to be published at the IEEE Transactions
on Information Theor
Improvement of stabilizer based entanglement distillation protocols by encoding operators
This paper presents a method for enumerating all encoding operators in the
Clifford group for a given stabilizer. Furthermore, we classify encoding
operators into the equivalence classes such that EDPs (Entanglement
Distillation Protocol) constructed from encoding operators in the same
equivalence class have the same performance. By this classification, for a
given parameter, the number of candidates for good EDPs is significantly
reduced. As a result, we find the best EDP among EDPs constructed from [[4,2]]
stabilizer codes. This EDP has a better performance than previously known EDPs
over wide range of fidelity.Comment: 22 pages, 2 figures, In version 2, we enumerate all encoding
operators in the Clifford group, and fix the wrong classification of encoding
operators in version
Torsion Limits and Riemann-Roch Systems for Function Fields and Applications
The Ihara limit (or -constant) has been a central problem of study in
the asymptotic theory of global function fields (or equivalently, algebraic
curves over finite fields). It addresses global function fields with many
rational points and, so far, most applications of this theory do not require
additional properties. Motivated by recent applications, we require global
function fields with the additional property that their zero class divisor
groups contain at most a small number of -torsion points. We capture this by
the torsion limit, a new asymptotic quantity for global function fields. It
seems that it is even harder to determine values of this new quantity than the
Ihara constant. Nevertheless, some non-trivial lower- and upper bounds are
derived. Apart from this new asymptotic quantity and bounds on it, we also
introduce Riemann-Roch systems of equations. It turns out that this type of
equation system plays an important role in the study of several other problems
in areas such as coding theory, arithmetic secret sharing and multiplication
complexity of finite fields etc. Finally, we show how our new asymptotic
quantity, our bounds on it and Riemann-Roch systems can be used to improve
results in these areas.Comment: Accepted for publication in IEEE Transactions on Information Theory.
This is an extended version of our paper in Proceedings of 31st Annual IACR
CRYPTO, Santa Barbara, Ca., USA, 2011. The results in Sections 5 and 6 did
not appear in that paper. A first version of this paper has been widely
circulated since November 200
The state space for two qutrits has a phase space structure in its core
We investigate the state space of bipartite qutrits. For states which are
locally maximally mixed we obtain an analog of the ``magic'' tetrahedron for
bipartite qubits--a magic simplex W. This is obtained via the Weyl group which
is a kind of ``quantization'' of classical phase space. We analyze how this
simplex W is embedded in the whole state space of two qutrits and discuss
symmetries and equivalences inside the simplex W. Because we are explicitly
able to construct optimal entanglement witnesses we obtain the border between
separable and entangled states. With our method we find also the total area of
bound entangled states of the parameter subspace under intervestigation. Our
considerations can also be applied to higher dimensions.Comment: 3 figure
Lattice-based Blind Signatures
Motivated by the need to have secure blind signatures even in the presence of quantum computers, we present two efficient blind signature schemes based on hard worst-case lattice problems. Both schemes are provably secure in the random oracle model and unconditionally blind. The first scheme is based on preimage samplable functions that were introduced at STOC 2008 by Gentry, Peikert, and Vaikuntanathan. The scheme is stateful and runs in 3 moves. The second scheme builds upon the PKC 2008 identification scheme of Lyubashevsky. It is stateless, has 4 moves, and its security is based on the hardness of worst-case problems in ideal lattices
- …