67,953 research outputs found
Approximating the Little Grothendieck Problem over the Orthogonal and Unitary Groups
The little Grothendieck problem consists of maximizing
over binary variables , where C is a
positive semidefinite matrix. In this paper we focus on a natural
generalization of this problem, the little Grothendieck problem over the
orthogonal group. Given C a dn x dn positive semidefinite matrix, the objective
is to maximize restricting to take
values in the group of orthogonal matrices, where denotes the (ij)-th
d x d block of C. We propose an approximation algorithm, which we refer to as
Orthogonal-Cut, to solve this problem and show a constant approximation ratio.
Our method is based on semidefinite programming. For a given , we show
a constant approximation ratio of , where is
the expected average singular value of a d x d matrix with random Gaussian
i.i.d. entries. For d=1 we recover the known
approximation guarantee for the classical little Grothendieck problem. Our
algorithm and analysis naturally extends to the complex valued case also
providing a constant approximation ratio for the analogous problem over the
Unitary Group.
Orthogonal-Cut also serves as an approximation algorithm for several
applications, including the Procrustes problem where it improves over the best
previously known approximation ratio of~. The little
Grothendieck problem falls under the class of problems approximated by a recent
algorithm proposed in the context of the non-commutative Grothendieck
inequality. Nonetheless, our approach is simpler and it provides a more
efficient algorithm with better approximation ratios and matching integrality
gaps.
Finally, we also provide an improved approximation algorithm for the more
general little Grothendieck problem over the orthogonal (or unitary) group with
rank constraints.Comment: Updates in version 2: extension to the complex valued (unitary group)
case, sharper lower bounds on the approximation ratios, matching integrality
gap, and a generalized rank constrained version of the problem. Updates in
version 3: Improvement on the expositio
Universal Gaussian Elimination Hardware for Cryptographic Purposes
In this paper, we investigate the possibility of performing Gaussian elimination for arbitrary binary matrices on hardware. In particular, we presented a generic approach for hardware-based Gaussian elimination, which is able to process both non-singular and singular matrices. Previous works on hardware-based Gaussian elimination can only process non-singular ones. However, a plethora of cryptosystems, for instance, quantum-safe key encapsulation mechanisms based on rank-metric codes, ROLLO and RQC, which are among NIST post-quantum cryptography standardization round-2 candidates, require performing Gaussian elimination for random matrices regardless of the singularity. We accordingly implemented an optimized and parameterized Gaussian eliminator for (singular) matrices over binary fields, making the intense computation of linear algebra feasible and efficient on hardware. To the best of our knowledge, this work solves for the first time eliminating a singular matrix on reconfigurable hardware and also describes the a generic hardware architecture for rank-code based cryptographic schemes. The experimental results suggest hardware-based Gaussian elimination can be done in linear time regardless of the matrix type
A Distinguisher for High Rate McEliece Cryptosystems
International audienceThe Goppa Code Distinguishing (GD) problem consists in distinguishing the matrix of a Goppa code from a random matrix. The hardness of this problem is an assumption to prove the security of code-based cryptographic primitives such as McEliece's cryptosystem. Up to now, it is widely believed that the GD problem is a hard decision problem. We present the first method allowing to distinguish alternant and Goppa codes over any field. Our technique can solve the GD problem in polynomial-time provided that the codes have sufficiently large rates. The key ingredient is an algebraic characterization of the key-recovery problem. The idea is to consider the rank of a linear system which is obtained by linearizing a particular polynomial system describing a key-recovery attack. Experimentally it appears that this dimension depends on the type of code. Explicit formulas derived from extensive experimentations for the rank are provided for "generic" random, alternant, and Goppa codes over any alphabet. Finally, we give theoretical explanations of these formulas in the case of random codes, alternant codes over any field of characteristic two and binary Goppa codes
- …