522 research outputs found
Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes
MDS matrices allow to build optimal linear diffusion layers in block ciphers.
However, MDS matrices cannot be sparse and usually have a large description,
inducing costly software/hardware implementations. Recursive MDS matrices allow
to solve this problem by focusing on MDS matrices that can be computed as a
power of a simple companion matrix, thus having a compact description suitable
even for constrained environ- ments. However, up to now, finding recursive MDS
matrices required to perform an exhaustive search on families of companion
matrices, thus limiting the size of MDS matrices one could look for. In this
article we propose a new direct construction based on shortened BCH codes, al-
lowing to efficiently construct such matrices for whatever parameters.
Unfortunately, not all recursive MDS matrices can be obtained from BCH codes,
and our algorithm is not always guaranteed to find the best matrices for a
given set of parameters.Comment: Best paper award; Carlos Cid and Christian Rechberger. 21st
International Workshop on Fast Software Encryption, FSE 2014, Mar 2014,
London, United Kingdom. springe
Reed-Muller codes for random erasures and errors
This paper studies the parameters for which Reed-Muller (RM) codes over
can correct random erasures and random errors with high probability,
and in particular when can they achieve capacity for these two classical
channels. Necessarily, the paper also studies properties of evaluations of
multi-variate polynomials on random sets of inputs.
For erasures, we prove that RM codes achieve capacity both for very high rate
and very low rate regimes. For errors, we prove that RM codes achieve capacity
for very low rate regimes, and for very high rates, we show that they can
uniquely decode at about square root of the number of errors at capacity.
The proofs of these four results are based on different techniques, which we
find interesting in their own right. In particular, we study the following
questions about , the matrix whose rows are truth tables of all
monomials of degree in variables. What is the most (resp. least)
number of random columns in that define a submatrix having full column
rank (resp. full row rank) with high probability? We obtain tight bounds for
very small (resp. very large) degrees , which we use to show that RM codes
achieve capacity for erasures in these regimes.
Our decoding from random errors follows from the following novel reduction.
For every linear code of sufficiently high rate we construct a new code
, also of very high rate, such that for every subset of coordinates, if
can recover from erasures in , then can recover from errors in .
Specializing this to RM codes and using our results for erasures imply our
result on unique decoding of RM codes at high rate.
Finally, two of our capacity achieving results require tight bounds on the
weight distribution of RM codes. We obtain such bounds extending the recent
\cite{KLP} bounds from constant degree to linear degree polynomials
Hard Properties with (Very) Short PCPPs and Their Applications
We show that there exist properties that are maximally hard for testing, while still admitting PCPPs with a proof size very close to linear. Specifically, for every fixed ?, we construct a property P^(?)? {0,1}^n satisfying the following: Any testing algorithm for P^(?) requires ?(n) many queries, and yet P^(?) has a constant query PCPP whose proof size is O(n?log^(?)n), where log^(?) denotes the ? times iterated log function (e.g., log^(2)n = log log n). The best previously known upper bound on the PCPP proof size for a maximally hard to test property was O(n?polylog(n)).
As an immediate application, we obtain stronger separations between the standard testing model and both the tolerant testing model and the erasure-resilient testing model: for every fixed ?, we construct a property that has a constant-query tester, but requires ?(n/log^(?)(n)) queries for every tolerant or erasure-resilient tester
- …