A new class of codes for Boolean masking of cryptographic computations

We introduce a new class of rate one-half binary codes: {\bf complementary information set codes.} A binary linear code of length $2n$ and dimension $n$ is called a complementary information set code (CIS code for short) if it has two disjoint information sets. This class of codes contains self-dual codes as a subclass. It is connected to graph correlation immune Boolean functions of use in the security of hardware implementations of cryptographic primitives. Such codes permit to improve the cost of masking cryptographic algorithms against side channel attacks. In this paper we investigate this new class of codes: we give optimal or best known CIS codes of length $<132.$ We derive general constructions based on cyclic codes and on double circulant codes. We derive a Varshamov-Gilbert bound for long CIS codes, and show that they can all be classified in small lengths $\le 12$ by the building up construction. Some nonlinear permutations are constructed by using $\Z_4$-codes, based on the notion of dual distance of an unrestricted code.Comment: 19 pages. IEEE Trans. on Information Theory, to appea

Self-Dual Codes

Self-dual codes are important because many of the best codes known are of this type and they have a rich mathematical theory. Topics covered in this survey include codes over F_2, F_3, F_4, F_q, Z_4, Z_m, shadow codes, weight enumerators, Gleason-Pierce theorem, invariant theory, Gleason theorems, bounds, mass formulae, enumeration, extremal codes, open problems. There is a comprehensive bibliography.Comment: 136 page

A linear construction for certain Kerdock and Preparata codes

The Nordstrom-Robinson, Kerdock, and (slightly modified) Pre\- parata codes are shown to be linear over \ZZ_4, the integers $\bmod~4$. The Kerdock and Preparata codes are duals over \ZZ_4, and the Nordstrom-Robinson code is self-dual. All these codes are just extended cyclic codes over \ZZ_4. This provides a simple definition for these codes and explains why their Hamming weight distributions are dual to each other. First- and second-order Reed-Muller codes are also linear codes over \ZZ_4, but Hamming codes in general are not, nor is the Golay code.Comment: 5 page

Quantum Goethals-Preparata Codes

We present a family of non-additive quantum codes based on Goethals and Preparata codes with parameters ((2^m,2^{2^m-5m+1},8)). The dimension of these codes is eight times higher than the dimension of the best known additive quantum codes of equal length and minimum distance.Comment: Submitted to the 2008 IEEE International Symposium on Information Theor