Exhaustive Search for Small Dimension Recursive MDS Diffusion Layers for Block Ciphers and Hash Functions

This article presents a new algorithm to find MDS matrices that are well suited for use as a diffusion layer in lightweight block ciphers. Using an recursive construction, it is possible to obtain matrices with a very compact description. Classical field multiplications can also be replaced by simple F2-linear transformations (combinations of XORs and shifts) which are much lighter. Using this algorithm, it was possible to design a 16x16 matrix on a 5-bit alphabet, yielding an efficient 80-bit diffusion layer with maximal branch number.Comment: Published at ISIT 201

Discrete logarithm computations over finite fields using Reed-Solomon codes

Cheng and Wan have related the decoding of Reed-Solomon codes to the computation of discrete logarithms over finite fields, with the aim of proving the hardness of their decoding. In this work, we experiment with solving the discrete logarithm over GF(q^h) using Reed-Solomon decoding. For fixed h and q going to infinity, we introduce an algorithm (RSDL) needing O (h! q^2) operations over GF(q), operating on a q x q matrix with (h+2) q non-zero coefficients. We give faster variants including an incremental version and another one that uses auxiliary finite fields that need not be subfields of GF(q^h); this variant is very practical for moderate values of q and h. We include some numerical results of our first implementations

Problématique des bons codes sur le corps à deux éléments

National audienceWe discuss the problem of list decoding, for the binary case.Dans cette présentation, nous indiquons que la capacité de Shannon peut être dans un cadre déterministe, en utilisant le décodage en liste. Comme dans le cas classique, le cas de l'alphabet s'avère le plus difficile

Les codes algébriques principaux et leur décodage

National audienceLe premier exposé reprend les algorithmes classiques de décodage des codes géométriques, basés sur l'algorithme de Berlekamp-Massey et ses généralisations multivariées (Berlekamp-Massey-Sakata). Toutefois, avant de présenter ces algorithmes, je rappelerai les bases de la théorie des codes : codes linéaires, borne de Singleton, codes de Reed-Solomon, borne de Hamming. Ensuite, j'introduirai de manière motivée la famille des codes géométriques, comme généralisation des codes géométriques, après un bref rappel de la théorie des courbes algébriques sur les corps finis. La cadre sera alors en place pour introduire le décodage par syndrômes, qui est le décodage classique des codes géométriques. Le deuxième exposé est consacré aux progrès récents dans le domaine du codage algébrique, qui reposent sur le décodage par interpolation. Ces progrès sont dus à Guruswami-Sudan, et reposent sur une vision duale des codes de Reed-Solomon et des codes géométriques. Je présenterai dans l'ordre les algorithmes de Berlekamp-Welsh, Sudan et Guruswami-Sudan, dans le contexte des codes de Reed-Solomon et dans le contexte des codes géométriques. On verra finalement comment l'algorithme de Berlekamp-Massey-Sakata peut être recyclé dans ce contexte

Generalization of Gabidulin Codes over Fields of Rational Functions

We transpose the theory of rank metric and Gabidulin codes to the case of fields which are not finite fields. The Frobenius automorphism is replaced by any element of the Galois group of a cyclic algebraic extension of a base field. We use our framework to define Gabidulin codes over the field of rational functions using algebraic function fields with a cyclic Galois group. This gives a linear subspace of matrices whose coefficients are rational function, such that the rank of each of this matrix is lower bounded, where the rank is comprised in term of linear combination with rational functions. We provide two examples based on Kummer and Artin-Schreier extensions.The matrices that we obtain may be interpreted as generating matrices of convolutional codes.Comment: 21st International Symposium on Mathematical Theory of Networks and Systems (MTNS 2014), Jul 2014, Groningen, Netherlands. https://fwn06.housing.rug.nl/mtns2014

On formulas for decoding binary cyclic codes

We adress the problem of the algebraic decoding of any cyclic code up to the true minimum distance. For this, we use the classical formulation of the problem, which is to find the error locator polynomial in terms of the syndroms of the received word. This is usually done with the Berlekamp-Massey algorithm in the case of BCH codes and related codes, but for the general case, there is no generic algorithm to decode cyclic codes. Even in the case of the quadratic residue codes, which are good codes with a very strong algebraic structure, there is no available general decoding algorithm. For this particular case of quadratic residue codes, several authors have worked out, by hand, formulas for the coefficients of the locator polynomial in terms of the syndroms, using the Newton identities. This work has to be done for each particular quadratic residue code, and is more and more difficult as the length is growing. Furthermore, it is error-prone. We propose to automate these computations, using elimination theory and Grbner bases. We prove that, by computing appropriate Grbner bases, one automatically recovers formulas for the coefficients of the locator polynomial, in terms of the syndroms

Information Sets of Multiplicity Codes

We here provide a method for systematic encoding of the Multiplicity codes introduced by Kopparty, Saraf and Yekhanin in 2011. The construction is built on an idea of Kop-party. We properly define information sets for these codes and give detailed proofs of the validity of Kopparty's construction, that use generating functions. We also give a complexity estimate of the associated encoding algorithm.Comment: International Symposium on Information Theory, Jun 2015, Hong-Kong, China. IEE

Newton's identities for minimum codewords of a family of alternant codes

International audienceWe are able to define minimum weight codewords of some alternant codes in terms of solutions to algebraic equations. Particular attention is given to the case of the classical Goppa codes. Grobner bases are used to solve the system of algebraic equation

Algebraic Solutions of Newton's identities for cyclic codes

International audienceThis paper consider the use of Newton's identities for establishing properties of cyclic codes. The main tool is to consider these identities as equations, and to look for the properties of the solutions. First these equations have been considered as necessary conditions for establishing non existence properties of cyclic codes, such as the non existence of codewords of a given weight. The properties of these equations are studied, and the properties of the solution to the algebraic system are given. The main theorem is that codewords in a hamming sphere around a given word can be characterized by algebraic conditions. This theorem enables to describe the minimum codewords of a given cyclic codes, by algebraic conditions. The equations are solved using the Buchberger's algorithm for computing a Groebner basis. Examples are also given with alternant codes, and with a non linear code

List-Decoding of Binary Goppa Codes up to the Binary Johnson Bound

International audienceWe study the list-decoding problem of alternant codes (which includes obviously that of classical Goppa codes). The major consideration here is to take into account the (small) size of the alphabet. This amounts to comparing the generic Johnson bound to the q-ary Johnson bound. The most favourable case is q = 2, for which the decoding radius is greatly improved. Even though the announced result, which is the list-decoding radius of binary Goppa codes, is new, we acknowledge that it can be made up from separate previous sources, which may be a little bit unknown, and where the binary Goppa codes has apparently not been thought at. Only D. J. Bernstein has treated the case of binary Goppa codes in a preprint. References are given in the introduction. We propose an autonomous and simplified treatment and also a complexity analysis of the studied algorithm, which is quadratic in the blocklength n, when decoding away of the relative maximum decoding radius