A Note on Cyclic Codes from APN Functions

Cyclic codes, as linear block error-correcting codes in coding theory, play a vital role and have wide applications. Ding in \cite{D} constructed a number of classes of cyclic codes from almost perfect nonlinear (APN) functions and planar functions over finite fields and presented ten open problems on cyclic codes from highly nonlinear functions. In this paper, we consider two open problems involving the inverse APN functions $f(x)=x^{q^m-2}$ and the Dobbertin APN function $f(x)=x^{2^{4i}+2^{3i}+2^{2i}+2^{i}-1}$. From the calculation of linear spans and the minimal polynomials of two sequences generated by these two classes of APN functions, the dimensions of the corresponding cyclic codes are determined and lower bounds on the minimum weight of these cyclic codes are presented. Actually, we present a framework for the minimal polynomial and linear span of the sequence $s^{\infty}$ defined by $s_t=Tr((1+\alpha^t)^e)$, where $\alpha$ is a primitive element in $GF(q)$. These techniques can also be applied into other open problems in \cite{D}

The Weight Distributions of Cyclic Codes and Elliptic Curves

Cyclic codes with two zeros and their dual codes as a practically and theoretically interesting class of linear codes, have been studied for many years. However, the weight distributions of cyclic codes are difficult to determine. From elliptic curves, this paper determines the weight distributions of dual codes of cyclic codes with two zeros for a few more cases

A New Lever Function with Adequate Indeterminacy

The key transform of the REESSE1+ asymmetrical cryptosystem is Ci = (Ai * W ^ l(i)) ^ d (% M) with l(i) in Omega = {5, 7, ..., 2n + 3} for i = 1, ..., n, where l(i) is called a lever function. In this paper, the authors give a simplified key transform Ci = Ai * W ^ l(i) (% M) with a new lever function l(i) from {1, ..., n} to Omega = {+/-5, +/-6, ..., +/-(n + 4)}, where "+/-" means the selection of the "+" or "-" sign. Discuss the necessity of the new l(i), namely that a simplified private key is insecure if the new l(i) is a constant but not one-to-one function. Further, expound the sufficiency of the new l(i) from four aspects: (1) indeterminacy of the new l(i), (2) insufficient conditions for neutralizing the powers of W and W ^-1 even if Omega = {5, 6, ..., n + 4}, (3) verification by examples, and (4) running times of continued fraction attack and W-parameter intersection attack which are the two most efficient algorithms of the probabilistic polytime attacks so far. Last, the authors detail the relation between a lever function and a random oracle.Comment: 13 page

An Efficient Adaptive Attack Against FESTA

At EUROCRYPT’23, Castryck and Decru, Maino et al., and Robert present efficient attacks against supersingular isogeny Diffie-Hellman key exchange protocol (SIDH). Drawing inspiration from these attacks, Andrea Basso, Luciano Maino, and Giacomo Pope introduce FESTA, an isogeny-based trapdoor function, along with a corresponding IND-CCA secure public key encryption (PKE) protocol at ASIACRYPT’23. FESTA incorporates either a diagonal or circulant matrix into the secret key to mask torsion points. In this paper, we employ a side-channel attack to construct an auxiliary verification oracle. By querying this oracle, we propose an adaptive attack strategy to recover the secret key in FESTA when the secret matrix is circulant. Compared with existing attacks, our strategy is more efficient and formal. Leveraging these findings, we implement our attack algorithms to recover the circulant matrix in secret key. Finally, we demonstrate that if the secret matrix is circulant, then the adversary can successfully recover FESTA’s secret key with a polynomial number of decryption machine queries. Consequently, our paper illustrates that FESTA PKE protocol with secret circulant matrix does not achieve IND-CCA security

New Quadratic Bent Functions in Polynomial Forms with Coefficients in Extension Fields

In this paper, we first discuss the bentness of a large class of quadratic Boolean functions in polynomial form $f(x)=\sum_{i=1}^{\frac{n}{2}-1}Tr^n_1(c_ix^{1+2^i})+ Tr_1^{n/2}(c_{n/2}x^{1+2^{n/2}})$, where $c_i\in GF(2^n)$ for $1\leq i \leq \frac{n}{2}-1$ and $c_{n/2}\in GF(2^{n/2})$. The bentness of these functions can be connected with linearized permutation polynomials. Hence, methods for constructing quadratic bent functions are given. Further, we consider a subclass of quadratic Boolean functions of the form $f(x)=\sum_{i=1}^{\frac{m}{2}-1}Tr^n_1(c_ix^{1+2^{ei}})+ Tr_1^{n/2}(c_{m/2}x^{1+2^{n/2}})$ , where $c_i\in GF(2^e)$, $n=em$ and $m$ is even. The bentness of these functions are characterized and some methods for constructing new quadratic bent functions are given. Finally, for a special case: $m=2^{v_0}p^r$ and $gcd(e,p-1)=1$, we present the enumeration of quadratic bent functions

Implementing 4-Dimensional GLV Method on GLS Elliptic Curves with j-Invariant 0

The Gallant-Lambert-Vanstone (GLV) method is a very efficient technique for accelerating point multiplication on elliptic curves with efficiently computable endomorphisms. Galbraith, Lin and Scott (J. Cryptol. 24(3), 446-469 (2011)) showed that point multiplication exploiting the 2-dimensional GLV method on a large class of curves over GF(p^2) was faster than the standard method on general elliptic curves over GF(p), and left as an open problem to study the case of 4-dimensional GLV on special curves (e.g., j(E) = 0) over GF(p^2). We study the above problem in this paper. We show how to get the 4-dimensional GLV decomposition with proper decomposed coefficients, and thus reduce the number of doublings for point multiplication on these curves to only a quarter. The resulting implementation shows that the 4-dimensional GLV method on a GLS curve runs in about 0.78 the time of the 2-dimensional GLV method on the same curve and in between 0.78-0.87 the time of the 2-dimensional GLV method using the standard method over GF(p). In particular, our implementation reduces by up to 27% the time of the previously fastest implementation of point multiplication on x86-64 processors due to Longa and Gebotys (CHES2010)

A Public Key Cryptoscheme Using Bit-pair Shadows

This paper gives the definition and property of a bit-pair shadow, and devises the three algorithms of a public key cryptoscheme called JUOAN that is based on a multivariate permutation problem and an anomalous subset product problem to which no subexponential time solutions are found so far, and regards a bit-pair as a manipulation unit. The authors demonstrate that the decryption algorithm is correct, deduce the probability that a plaintext solution is nonunique is nearly zero, analyze the security of the new cryptoscheme against extracting a private key from a public key and recovering a plaintext from a ciphertext on the assumption that an integer factorization problem, a discrete logarithm problem, and a low-density subset sum problem can be solved efficiently, and prove that the new cryptoscheme using random padding and random permutation is semantically secure. The analysis shows that the bit-pair method increases the density D of a related knapsack to a number more than 1, and decreases the modulus length lgM of the new cryptoscheme to 464, 544, or 640