364 research outputs found
A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes
Bogdanov and Lee suggested a homomorphic public-key encryption scheme based
on error correcting codes. The underlying public code is a modified
Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde
generating matrix defining it. The columns that define this submatrix are kept
secret and form a set . We give here a distinguisher that detects if one or
several columns belong to or not. This distinguisher is obtained by
considering the code generated by component-wise products of codewords of the
public code (the so called "square code"). This operation is applied to
punctured versions of this square code obtained by picking a subset
of the whole set of columns. It turns out that the dimension of the
punctured square code is directly related to the cardinality of the
intersection of with . This allows an attack which recovers the full set
and which can then decrypt any ciphertext.Comment: 11 page
New Identities Relating Wild Goppa Codes
For a given support and a polynomial with no roots in , we prove equality
between the -ary Goppa codes where
denotes the norm of , that is In
particular, for , that is, for a quadratic extension, we get
. If has roots in
, then we do not necessarily have equality and we prove that
the difference of the dimensions of the two codes is bounded above by the
number of distinct roots of in . These identities provide
numerous code equivalences and improved designed parameters for some families
of classical Goppa codes.Comment: 14 page
A Distinguisher-Based Attack on a Variant of McEliece's Cryptosystem Based on Reed-Solomon Codes
Baldi et \textit{al.} proposed a variant of McEliece's cryptosystem. The main
idea is to replace its permutation matrix by adding to it a rank 1 matrix. The
motivation for this change is twofold: it would allow the use of codes that
were shown to be insecure in the original McEliece's cryptosystem, and it would
reduce the key size while keeping the same security against generic decoding
attacks. The authors suggest to use generalized Reed-Solomon codes instead of
Goppa codes. The public code built with this method is not anymore a
generalized Reed-Solomon code. On the other hand, it contains a very large
secret generalized Reed-Solomon code. In this paper we present an attack that
is built upon a distinguisher which is able to identify elements of this secret
code. The distinguisher is constructed by considering the code generated by
component-wise products of codewords of the public code (the so-called "square
code"). By using square-code dimension considerations, the initial generalized
Reed-Solomon code can be recovered which permits to decode any ciphertext. A
similar technique has already been successful for mounting an attack against a
homomorphic encryption scheme suggested by Bogdanoc et \textit{al.}. This work
can be viewed as another illustration of how a distinguisher of Reed-Solomon
codes can be used to devise an attack on cryptosystems based on them.Comment: arXiv admin note: substantial text overlap with arXiv:1203.668
Co-Registration of Optically Sensed Images and Correlation (COSI-Corr): an Operational Methodology for Ground Deformation Measurements
Recent methodological progress, Co-Registration of
Optically Sensed Images and Correlation, outlined here, makes it
possible to measure horizontal ground deformation from optical
images on an operational basis, using the COSI-Corr software
package. In particular, its sub-pixel capabilities allow for accurate
mapping of surface ruptures and measurement of co-seismic
offsets. We retrieved the fault rupture of the 2005 Mw 7.6
Kashmir earthquake from ASTER images, and we also present
a dense mapping of the 1992 Mw 7.3 Landers earthquake of
California, from the mosaicking of 30 pairs of aerial images
Algebraic Properties of Polar Codes From a New Polynomial Formalism
Polar codes form a very powerful family of codes with a low complexity
decoding algorithm that attain many information theoretic limits in error
correction and source coding. These codes are closely related to Reed-Muller
codes because both can be described with the same algebraic formalism, namely
they are generated by evaluations of monomials. However, finding the right set
of generating monomials for a polar code which optimises the decoding
performances is a hard task and channel dependent. The purpose of this paper is
to reveal some universal properties of these monomials. We will namely prove
that there is a way to define a nontrivial (partial) order on monomials so that
the monomials generating a polar code devised fo a binary-input symmetric
channel always form a decreasing set.
This property turns out to have rather deep consequences on the structure of
the polar code. Indeed, the permutation group of a decreasing monomial code
contains a large group called lower triangular affine group. Furthermore, the
codewords of minimum weight correspond exactly to the orbits of the minimum
weight codewords that are obtained from (evaluations) of monomials of the
generating set. In particular, it gives an efficient way of counting the number
of minimum weight codewords of a decreasing monomial code and henceforth of a
polar code.Comment: 14 pages * A reference to the work of Bernhard Geiger has been added
(arXiv:1506.05231) * Lemma 3 has been changed a little bit in order to prove
that Proposition 7.1 in arXiv:1506.05231 holds for any binary input symmetric
channe
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
The main practical limitation of the McEliece public-key encryption scheme is
probably the size of its key. A famous trend to overcome this issue is to focus
on subclasses of alternant/Goppa codes with a non trivial automorphism group.
Such codes display then symmetries allowing compact parity-check or generator
matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC)
or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such
symmetric alternant/Goppa codes in cryptography introduces a fundamental
weakness. It is indeed possible to reduce the key-recovery on the original
symmetric public-code to the key-recovery on a (much) smaller code that has not
anymore symmetries. This result is obtained thanks to a new operation on codes
called folding that exploits the knowledge of the automorphism group. This
operation consists in adding the coordinates of codewords which belong to the
same orbit under the action of the automorphism group. The advantage is
twofold: the reduction factor can be as large as the size of the orbits, and it
preserves a fundamental property: folding the dual of an alternant (resp.
Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point
is to show that all the existing constructions of alternant/Goppa codes with
symmetries follow a common principal of taking codes whose support is globally
invariant under the action of affine transformations (by building upon prior
works of T. Berger and A. D{\"{u}}r). This enables not only to present a
unified view but also to generalize the construction of QC, QD and even
quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to
boost up any key-recovery attack on McEliece systems based on symmetric
alternant or Goppa codes, and in particular algebraic attacks.Comment: 19 page
Influence of camera distortions on satellite image registration and change detection applications
Applications such as change detection and digital elevation model extraction from optical images require a rigorous modeling of the acquisition geometry. We show that the unrecorded satellite jitter during image acquisition, and the uncertainties on the CCD arrays geometry are the current major limiting factors for applications requiring high accuracy. These artifacts are identified and quantified on several optical satellites, i.e., SPOT, ASTER, QuickBird, and HiRISE
Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes
We cryptanalyse here two variants of the McEliece cryptosystem based on
quasi-cyclic codes. Both aim at reducing the key size by restricting the public
and secret generator matrices to be in quasi-cyclic form. The first variant
considers subcodes of a primitive BCH code. We prove that this variant is not
secure by finding and solving a linear system satisfied by the entries of the
secret permutation matrix.
The other variant uses quasi-cyclic low density parity-check codes. This
scheme was devised to be immune against general attacks working for McEliece
type cryptosystems based on low density parity-check codes by choosing in the
McEliece scheme more general one-to-one mappings than permutation matrices. We
suggest here a structural attack exploiting the quasi-cyclic structure of the
code and a certain weakness in the choice of the linear transformations that
hide the generator matrix of the code. Our analysis shows that with high
probability a parity-check matrix of a punctured version of the secret code can
be recovered in cubic time complexity in its length. The complete
reconstruction of the secret parity-check matrix of the quasi-cyclic low
density parity-check codes requires the search of codewords of low weight which
can be done with about operations for the specific parameters
proposed.Comment: Major corrections. This version supersedes previuos one
La sécurité des ascenseurs avec des communications Ethernet-Based Real-Time
National audiencel'évolution des systèmes de contrôle industriels tendent vers des infrastructures de plus en plus connectées, ce qui les rendent plus dépendantes de réseaux et de protocoles de communication utilisés. Plusieurs travaux existants se sont focalisés sur la fiabilité de ces systèmes et la robustesse de leurs modèles de contrôle en cas de pannes ou de dysfonctionnement. Ces travaux n'ont pas considéré l'aspect réseau qui est devenu un vecteur d'attaque important étant donné l'utilisation de protocoles de communication pour l'échange des informations entre les équipements. Les conséquences de ces attaques, parfois deviennent extrêmement dévastatrices. En effet, récemment ces réseaux sont devenus la cible de plusieurs attaques en exploitant des vulnérabilités présentes dans les couches logicielles ou protocolaires de leurs équipements. Dans le cadre de la nouvelle génération de commande de l'ascenseur, un cas de transition sera analysé à partir d'un composant électrique/électrotechnique au réseau de composants électroniques communiqués dans le cadre de la sécurité du système de déplacement d'un ascenseur. La proposition repose sur la sécurité des modules IP interconnectés entre eux, qui supportent un protocole temps réel industriel (Powerlink, EtherCat et Sercos). Cette proposition représente un des démonstrateurs du projet collaboratif avec un noyau déterministe sûr de fonctionnement par construction
New lift safety architecture to meet PESSRAL requirements
ISBN : 978-1-4799-8171-7International audienceAs part of new lift control generation, we will analyze a transition case from an electrical/electro-mechanical components to a networked control system. The main element we focus on in the lift system is the safety chain. This paper will describe the analysis of dependability requirements (IEC 61508) for the next electronic lift control
- …