From Skew-Cyclic Codes to Asymmetric Quantum Codes

We introduce an additive but not $\mathbb{F}_4$-linear map $S$ from $\mathbb{F}_4^{n}$ to $\mathbb{F}_4^{2n}$ and exhibit some of its interesting structural properties. If $C$ is a linear $[n,k,d]_4$-code, then $S(C)$ is an additive $(2n,2^{2k},2d)_4$-code. If $C$ is an additive cyclic code then $S(C)$ is an additive quasi-cyclic code of index $2$. Moreover, if $C$ is a module $\theta$-cyclic code, a recently introduced type of code which will be explained below, then $S(C)$ is equivalent to an additive cyclic code if $n$ is odd and to an additive quasi-cyclic code of index $2$ if $n$ is even. Given any $(n,M,d)_4$-code $C$, the code $S(C)$ is self-orthogonal under the trace Hermitian inner product. Since the mapping $S$ preserves nestedness, it can be used as a tool in constructing additive asymmetric quantum codes.Comment: 16 pages, 3 tables, submitted to Advances in Mathematics of Communication

An IND-CCA-Secure Code-Based EncryptionScheme Using Rank Metric

The use of rank instead of Hamming metric has been proposed to address the main drawback of code-based cryptography: large key sizes. There exist several Key Encapsulation Mechanisms (KEM) and Public Key Encryption (PKE) schemes using rank metric including some submissions to the NIST call for standardization of Post-Quantum Cryptography. In this work, we present an IND-CCA PKE scheme based on the McEliece adaptation to rank metric proposed by Loidreau at PQC 2017. This IND-CCA PKE scheme based on rank metric does not use a hybrid construction KEM + symmetric encryption. Instead, we take advantage of the bigger message space obtained by the different parameters chosen in rank metric, being able to exchange multiple keys in one ciphertext. Our proposal is designed considering some specific properties of the random error generated during the encryption. We prove our proposal IND-CCA-secure in the QROM by using a security notion called disjoint simulatability introduced by Saito et al. in Eurocrypt 2018. Moreover, we provide security bounds by using the semi-oracles introduced by Ambainis et al

Good Random Matrices over Finite Fields

The random matrix uniformly distributed over the set of all m-by-n matrices over a finite field plays an important role in many branches of information theory. In this paper a generalization of this random matrix, called k-good random matrices, is studied. It is shown that a k-good random m-by-n matrix with a distribution of minimum support size is uniformly distributed over a maximum-rank-distance (MRD) code of minimum rank distance min{m,n}-k+1, and vice versa. Further examples of k-good random matrices are derived from homogeneous weights on matrix modules. Several applications of k-good random matrices are given, establishing links with some well-known combinatorial problems. Finally, the related combinatorial concept of a k-dense set of m-by-n matrices is studied, identifying such sets as blocking sets with respect to (m-k)-dimensional flats in a certain m-by-n matrix geometry and determining their minimum size in special cases.Comment: 25 pages, publishe

Two attacks on rank metric code-based schemes: RankSign and an IBE scheme

International audienceRankSign [29] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [5] and, moreover , is a fundamental building block of a new Identity-Based-Encryption (IBE) [25]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [5] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [25] IBE scheme by the Hamming metric, then a devastating attack can be found

An Algebraic Approach for Decoding Spread Codes

In this paper we study spread codes: a family of constant-dimension codes for random linear network coding. In other words, the codewords are full-rank matrices of size (k x n) with entries in a finite field F_q. Spread codes are a family of optimal codes with maximal minimum distance. We give a minimum-distance decoding algorithm which requires O((n-k)k^3) operations over an extension field F_{q^k}. Our algorithm is more efficient than the previous ones in the literature, when the dimension k of the codewords is small with respect to n. The decoding algorithm takes advantage of the algebraic structure of the code, and it uses original results on minors of a matrix and on the factorization of polynomials over finite fields

Rank codes over Gaussian integers and space time block codes

Maximum rank distance (MRD) codes have been used for the construction of space time block code (STBC) using a matrix method. Like orthogonal STBC’s in most popular cases, MRDSTBC’s can also achieve full diversity. Though an OSTBC is known to yield the best BER performance, a unique case is described where MRDSTBC performs better than Alamouti code (OSTBC). Moreover, the viability of Gabidulin’s decoding algorithm has been established by decoding complex symbols generated from MRD-STBC’s. Under this decoding scheme, MRDSTBC’s have been shown to be preferred candidate for higher antenna configuration as the decoding complexity of Gabidulin’s algorithm is far less than that of maximum likelihood (ML) decoding algorithm

A new family of optimal codes correcting term rank errors

We consider messages represented as matrices. The term rank norm of a matrix is defined as minimal number of lines (rows and columns) which cover all the non zero entries of a matrix. We propose a family of codes correcting term rank errors. These codes are optimal since they reach the Singleton-type bound