An upper bound on the number of rational points of arbitrary projective varieties over finite fields

We give an upper bound on the number of rational points of an arbitrary Zariski closed subset of a projective space over a finite field. This bound depends only on the dimensions and degrees of the irreducible components and holds for very general varieties, even reducible and non equidimensional. As a consequence, we prove a conjecture of Ghorpade and Lachaud on the maximal number of rational points of an equidimensional projective variety

Incidence structures from the blown-up plane and LDPC codes

In this article, new regular incidence structures are presented. They arise from sets of conics in the affine plane blown-up at its rational points. The LDPC codes given by these incidence matrices are studied. These sparse incidence matrices turn out to be redundant, which means that their number of rows exceeds their rank. Such a feature is absent from random LDPC codes and is in general interesting for the efficiency of iterative decoding. The performance of some codes under iterative decoding is tested. Some of them turn out to perform better than regular Gallager codes having similar rate and row weight.Comment: 31 pages, 10 figure

A Construction of Quantum LDPC Codes from Cayley Graphs

We study a construction of Quantum LDPC codes proposed by MacKay, Mitchison and Shokrollahi. It is based on the Cayley graph of Fn together with a set of generators regarded as the columns of the parity-check matrix of a classical code. We give a general lower bound on the minimum distance of the Quantum code in $\mathcal{O}(dn^2)$ where d is the minimum distance of the classical code. When the classical code is the $[n, 1, n]$ repetition code, we are able to compute the exact parameters of the associated Quantum code which are $[[2^n, 2^{\frac{n+1}{2}}, 2^{\frac{n-1}{2}}]]$.Comment: The material in this paper was presented in part at ISIT 2011. This article is published in IEEE Transactions on Information Theory. We point out that the second step of the proof of Proposition VI.2 in the published version (Proposition 25 in the present version and Proposition 18 in the ISIT extended abstract) is not strictly correct. This issue is addressed in the present versio

Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes

We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that corrects up to $\frac{d^*-1-g}{2}$ errors, where $d^*$ denotes the designed distance and $g$ denotes the genus of the corresponding curve, while with an ECA the decoding algorithm corrects up to $\frac{d^*-1}{2}$ errors. Roughly speaking, for a public code of length $n$ over $\mathbb F_q$, these attacks run in $O(n^4\log (n))$ operations in $\mathbb F_q$ for the reconstruction of an ECP and $O(n^5)$ operations for the reconstruction of an ECA. A probabilistic shortcut allows to reduce the complexities respectively to $O(n^{3+\varepsilon} \log (n))$ and $O(n^{4+\varepsilon})$. Compared to the previous known attack due to Faure and Minder, our attack is efficient on codes from curves of arbitrary genus. Furthermore, we investigate how far these methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the conferences ISIT 2014 with title "A polynomial time attack against AG code based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG codes". This long version includes detailed proofs and new results: the proceedings articles only considered the reconstruction of ECP while we discuss here the reconstruction of EC

New Identities Relating Wild Goppa Codes

For a given support $L \in \mathbb{F}_{q^m}^n$ and a polynomial $g\in \mathbb{F}_{q^m}[x]$ with no roots in $\mathbb{F}_{q^m}$, we prove equality between the $q$-ary Goppa codes $\Gamma_q(L,N(g)) = \Gamma_q(L,N(g)/g)$ where $N(g)$ denotes the norm of $g$, that is $g^{q^{m-1}+\cdots +q+1}.$ In particular, for $m=2$, that is, for a quadratic extension, we get $\Gamma_q(L,g^q) = \Gamma_q(L,g^{q+1})$. If $g$ has roots in $\mathbb{F}_{q^m}$, then we do not necessarily have equality and we prove that the difference of the dimensions of the two codes is bounded above by the number of distinct roots of $g$ in $\mathbb{F}_{q^m}$. These identities provide numerous code equivalences and improved designed parameters for some families of classical Goppa codes.Comment: 14 page

Cryptanalysis of public-key cryptosystems that use subcodes of algebraic geometry codes

We give a polynomial time attack on the McEliece public key cryptosystem based on subcodes of algebraic geometry (AG) codes. The proposed attack reposes on the distinguishability of such codes from random codes using the Schur product. Wieschebrink treated the genus zero case a few years ago but his approach cannot be extent straightforwardly to other genera. We address this problem by introducing and using a new notion, which we call the t-closure of a code

An extension of Overbeck's attack with an application to cryptanalysis of Twisted Gabidulin-based schemes

In the present article, we discuss the decoding of Gabidulin and related codes from a cryptographic perspective and we observe that these codes can be decoded with the single knowledge of a generator matrix. Then, we extend and revisit Gibson's and Overbeck's attacks on the generalised GPT encryption scheme (instantiated with Gabidulin codes) for various ranks of the distortion matrix and apply our attack to the case of an instantiation with twisted Gabidulin codes

List-Decoding of Binary Goppa Codes up to the Binary Johnson Bound

International audienceWe study the list-decoding problem of alternant codes (which includes obviously that of classical Goppa codes). The major consideration here is to take into account the (small) size of the alphabet. This amounts to comparing the generic Johnson bound to the q-ary Johnson bound. The most favourable case is q = 2, for which the decoding radius is greatly improved. Even though the announced result, which is the list-decoding radius of binary Goppa codes, is new, we acknowledge that it can be made up from separate previous sources, which may be a little bit unknown, and where the binary Goppa codes has apparently not been thought at. Only D. J. Bernstein has treated the case of binary Goppa codes in a preprint. References are given in the introduction. We propose an autonomous and simplified treatment and also a complexity analysis of the studied algorithm, which is quadratic in the blocklength n, when decoding away of the relative maximum decoding radius

Codes et courbes modulaires

Lecture notes for a course given at the Algebraic Coding Theory (ACT) summer school 2022DoctoralThese lecture notes have been written for a course at the Algebraic Coding Theory (ACT) summer school 2022 that took place in the university of Zurich. The objective of the course propose an in-depth presentation of the proof of one of the most striking results of coding theory: Tsfasman Vl\u{a}du\c{t} Zink Theorem, which asserts that for some prime power $q$, there exist sequences of codes over $\mathbb{F}_q$ whose asymptotic parameters beat random codes