Hull Attacks on the Lattice Isomorphism Problem

The lattice isomorphism problem (LIP) asks one to find an isometry between two lattices. It has recently been proposed as a foundation for cryptography in two independent works [Ducas & van Woerden, EUROCRYPT 2022, Bennett et al. preprint 2021]. This problem is the lattice variant of the code equivalence problem, on which the notion of the hull of a code can lead to devastating attacks. In this work we study the cryptanalytic role of an adaptation of the hull to the lattice setting, namely, the $s$-hull. We first show that the $s$-hull is not helpful for creating an arithmetic distinguisher. More specifically, the genus of the $s$-hull can be efficiently predicted from $s$ and the original genus and therefore carries no extra information. However, we also show that the hull can be helpful for geometric attacks: for certain lattices the minimal distance of the hull is relatively smaller than that of the original lattice, and this can be exploited. The attack cost remains exponential, but the constant in the exponent is halved. This second result gives a counterexample to the general hardness conjecture of LIP proposed by Ducas & van Woerden. Our results suggests that one should be very considerate about the geometry of hulls when instantiating LIP for cryptography. They also point to unimodular lattices as attractive options, as they are equal to their dual and their hulls, leaving only the original lattice to an attacker. Remarkably, this is already the case in proposed instantiations, namely the trivial lattice $\mathbb{Z}^n$ and the Barnes-Wall lattices

Enumerating topological (nk)(n_k)-configurations

An $(n_k)$-configuration is a set of $n$ points and $n$ lines in the projective plane such that their point-line incidence graph is $k$-regular. The configuration is geometric, topological, or combinatorial depending on whether lines are considered to be straight lines, pseudolines, or just combinatorial lines. We provide an algorithm for generating, for given $n$ and $k$, all topological $(n_k)$-configurations up to combinatorial isomorphism, without enumerating first all combinatorial $(n_k)$-configurations. We apply this algorithm to confirm efficiently a former result on topological $(18_4)$-configurations, from which we obtain a new geometric $(18_4)$-configuration. Preliminary results on $(19_4)$-configurations are also briefly reported.Comment: 18 pages, 11 figure

Synchronizing permutation groups and graph endomorphisms

The current thesis is focused on synchronizing permutation groups and on graph endo- morphisms. Applying the implicit classification of rank 3 groups, we provide a bound on synchronizing ranks of rank 3 groups, at first. Then, we determine the singular graph endomorphisms of the Hamming graph and related graphs, count Latin hypercuboids of class r, establish their relation to mixed MDS codes, investigate G-decompositions of (non)-synchronizing semigroups, and analyse the kernel graph construction used in the theorem of Cameron and Kazanidis which identifies non-synchronizing transformations with graph endomorphisms [20]. The contribution lies in the following points: 1. A bound on synchronizing ranks of groups of permutation rank 3 is given, and a complete list of small non-synchronizing groups of permutation rank 3 is provided (see Chapter 3). 2. The singular endomorphisms of the Hamming graph and some related graphs are characterised (see Chapter 5). 3. A theorem on the extension of partial Latin hypercuboids is given, Latin hyper- cuboids for small values are counted, and their correspondence to mixed MDS codes is unveiled (see Chapter 6). 4. The research on normalizing groups from [3] is extended to semigroups of the form , and decomposition properties of non-synchronizing semigroups are described which are then applied to semigroups induced by combinatorial tiling problems (see Chapter 7). 5. At last, it is shown that all rank 3 graphs admitting singular endomorphisms are hulls and it is conjectured that a hull on n vertices has minimal generating set of at most n generators (see Chapter 8)

Enumerating topological (nk)(n_k)-configurations

International audienceAn $(n_k)$-configuration is a set of $n$ points and $n$ lines in the projective plane such that their point-line incidence graph is $k$-regular. The configuration is geometric, topological, or combinatorial depending on whether lines are considered to be straight lines, pseudolines, or just combinatorial lines. We provide an algorithm for generating, for given $n$ and $k$, all topological $(n_k)$-configurations up to combinatorial isomorphism, without enumerating first all combinatorial $(n_k)$-configurations. We apply this algorithm to confirm efficiently a former result on topological $(18_4)$-configurations, from which we obtain a new geometric $(18_4)$-configuration. Preliminary results on $(19_4)$-configurations are also briefly reported

The Hardness of Code Equivalence over Fq\mathbf{F}_q and its Application to Code-based Cryptography

International audienceThe code equivalence problem is to decide whether two linear codes over F_q are equivalent, that is identical up to a linear isometry of the Hamming space. In this paper, we review the hardness of code equivalence over F_q due to some recent negative results and argue on the possible implications in code-based cryptography. In particular, we present an improved version of the three-pass identification scheme of Girault and discuss on a connection between code equivalence and the hidden subgroup problem

LESS is More: Code-Based Signatures without Syndromes

Devising efficient and secure signature schemes based on coding theory is still considered a challenge by the cryptographic community. In this paper, we construct a signature scheme by exploring a new approach to the area. To do this, we design a zero-knowledge identification scheme, which we then render static via standard means (e.g. Fiat-Shamir). We show that practical instances of our protocol have the potential to outperform the state of the art on code-based signatures, achieving small data sizes with a low computational complexity

Pitfalls and Shortcomings for Decompositions and Alignment (Full Version)

In this paper we, for the first time, study the question under which circumstances decomposing a round function of a Substitution-Permutation Network is possible uniquely. More precisely, we provide necessary and sufficient criteria for the non-linear layer on when a decomposition is unique. Our results in particular imply that, when cryptographically strong S-boxes are used, the decomposition is indeed unique. We then apply our findings to the notion of alignment, pointing out that the previous definition allows for primitives that are both aligned and unaligned simultaneously. As a second result, we present experimental data that shows that alignment might only have limited impact. For this, we compare aligned and unaligned versions of the cipher PRESENT

Permutation Code Equivalence is Not Harder Than Graph Isomorphism When Hulls Are Trivial

International audienceThe paper deals with the problem of deciding if two finite-dimensional linear subspaces over an arbitrary field are identical up to a permutation of the coordinates. This problem is referred to as the permutation code equivalence. We show that given access to a subroutine that decides if two weighted undirected graphs are isomorphic, one may deterministically decide the permutation code equivalence provided that the underlying vector spaces intersect trivially with their orthogonal complement with respect to an arbitrary inner product. Such a class of vector spaces is usually called linear codes with trivial hulls. The reduction is efficient because it essentially boils down to computing the inverse of a square matrix of order the length of the involved codes. Experimental results obtained with randomly drawn binary codes having trivial hulls show that permutation code equivalence can be decided in a few minutes for lengths up to 50, 000

Unifying a Geometric Framework of Evolutionary Algorithms and Elementary Landscapes Theory

Evolutionary algorithms (EAs) are randomised general-purpose strategies, inspired by natural evolution, often used for finding (near) optimal solutions to problems in combinatorial optimisation. Over the last 50 years, many theoretical approaches in evolutionary computation have been developed to analyse the performance of EAs, design EAs or measure problem difficulty via fitness landscape analysis. An open challenge is to formally explain why a general class of EAs perform better, or worse, than others on a class of combinatorial problems across representations. However, the lack of a general unified theory of EAs and fitness landscapes, across problems and representations, makes it harder to characterise pairs of general classes of EAs and combinatorial problems where good performance can be guaranteed provably. This thesis explores a unification between a geometric framework of EAs and elementary landscapes theory, not tied to a specific representation nor problem, with complementary strengths in the analysis of population-based EAs and combinatorial landscapes. This unification organises around three essential aspects: search space structure induced by crossovers, search behaviour of population-based EAs and structure of fitness landscapes. First, this thesis builds a crossover classification to systematically compare crossovers in the geometric framework and elementary landscapes theory, revealing a shared general subclass of crossovers: geometric recombination P-structures, which covers well-known crossovers. The crossover classification is then extended to a general framework for axiomatically analysing the population behaviour induced by crossover classes on associated EAs. This shows the shared general class of all EAs using geometric recombination P-structures, but no mutation, always do the same abstract form of convex evolutionary search. Finally, this thesis characterises a class of globally convex combinatorial landscapes shared by the geometric framework and elementary landscapes theory: abstract convex elementary landscapes. It is formally explained why geometric recombination P-structure EAs expectedly can outperform random search on abstract convex elementary landscapes related to low-order graph Laplacian eigenvalues. Altogether, this thesis paves a way towards a general unified theory of EAs and combinatorial fitness landscapes