List-Decoding of Binary Goppa Codes up to the Binary Johnson Bound

International audienceWe study the list-decoding problem of alternant codes (which includes obviously that of classical Goppa codes). The major consideration here is to take into account the (small) size of the alphabet. This amounts to comparing the generic Johnson bound to the q-ary Johnson bound. The most favourable case is q = 2, for which the decoding radius is greatly improved. Even though the announced result, which is the list-decoding radius of binary Goppa codes, is new, we acknowledge that it can be made up from separate previous sources, which may be a little bit unknown, and where the binary Goppa codes has apparently not been thought at. Only D. J. Bernstein has treated the case of binary Goppa codes in a preprint. References are given in the introduction. We propose an autonomous and simplified treatment and also a complexity analysis of the studied algorithm, which is quadratic in the blocklength n, when decoding away of the relative maximum decoding radius

On Rational Interpolation-Based List-Decoding and List-Decoding Binary Goppa Codes

We derive the Wu list-decoding algorithm for Generalised Reed-Solomon (GRS) codes by using Gr\"obner bases over modules and the Euclidean algorithm (EA) as the initial algorithm instead of the Berlekamp-Massey algorithm (BMA). We present a novel method for constructing the interpolation polynomial fast. We give a new application of the Wu list decoder by decoding irreducible binary Goppa codes up to the binary Johnson radius. Finally, we point out a connection between the governing equations of the Wu algorithm and the Guruswami-Sudan algorithm (GSA), immediately leading to equality in the decoding range and a duality in the choice of parameters needed for decoding, both in the case of GRS codes and in the case of Goppa codes.Comment: To appear in IEEE Transactions of Information Theor

Key Reduction of McEliece's Cryptosystem Using List Decoding

International audienceDifferent variants of the code-based McEliece cryptosystem were pro- posed to reduce the size of the public key. All these variants use very structured codes, which open the door to new attacks exploiting the underlying structure. In this paper, we show that the dyadic variant can be designed to resist all known attacks. In light of a new study on list decoding algorithms for binary Goppa codes, we explain how to increase the security level for given public keysizes. Using the state-of-the-art list decoding algorithm instead of unique decoding, we exhibit a keysize gain of about 4% for the standard McEliece cryptosystem and up to 21% for the adjusted dyadic variant