Skew codes of prescribed distance or rank

International audienceIn this paper we propose two methods to produce block codes of prescribed rank or distance. Following [4, 5] we work with skew polynomial rings of automorphism type and the codes we investigate are ideals in quotients of this ring. There is a strong connection with linear difference operators and with linearized polynomials (or q-polynomials) which is reviewed in the first section

Sur la reconstruction des polynômes linéaires : un nouvel algorithme de décodage des codes de Gabidulin

International audienc

An Algebraic Attack against Augot-Finiasz Cryptosystem

We design an efficient probabilistic attack against the Augot-Finiasz cryptosystem presented at Eurocrypt 2003 enabling an attacker to recover the plaintext of the transmission if one uses the way to reduce the size of the public-key as suggested by the authors. To achieve this we use simple algebraic tools such as the Trace operator. The attacks succeeds in less than 5 minutes on the original parameters

Cryptanalysis of rank-metric schemes based on distorted Gabidulin codes

In this work, we introduce a new attack for the Loidreau scheme [PQCrypto 2017] and its more recent variant LowMS. This attack is based on a constrained linear system for which we provide two solving approaches: - The first one is an enumeration algorithm inspired from combinatorial attacks on the Rank Decoding (RD) Problem. While the attack technique remains very simple, it allows us to obtain the best known structural attack on the parameters of these two schemes. - The second one is to rewrite it as a bilinear system over Fq. Even if Gröbner basis techniques on this second system seem infeasible, we provide a detailed analysis of the first degree fall polynomials which arise when applying such algorithms

On the Factorization of Trinomials over F3

We construct a table giving the parity of the number of factors in the factorization of trinomials over GF(3). The results depend on the value of the degrees of the monomials and their coefficients. We deduce results on the irreducibility of trinomials, on how to diminish the cost of irreducibi- lity testing over GF(3) as well as on the primitivity of trinomials

Direct construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes

A good linear diffusion layer is a prerequisite in the design of block ciphers. Usually it is obtained by combining matrices with optimal diffusion property over the Sbox alphabet. These matrices are constructed either directly using some algebraic properties or by enumerating a search space, testing the optimal diffusion property for every element. For implementation purposes, two types of structures are considered: Structures where all the rows derive from the first row and recursive structures built from powers of companion matrices. In this paper, we propose a direct construction for new recursive-like MDS matrices. We show they are quasi-involutory in the sense that the matrix-vector product with the matrix or with its inverse can be implemented by clocking a same LFSR-like architecture. As a direct construction, performances do not outperform the best constructions found with exhaustive search. However, as a new type of construction, it offers alternatives for MDS matrices design

LowMS: a new rank metric code-based KEM without ideal structure

We propose and analyze LowMS, a new rank-based key encapsulation mechanism (KEM). The acronym stands for Loidreau with Multiple Syndromes, since our work combines the cryptosystem of Loidreau (presented at PQCrypto 2017) together with the multiple syndrome approach, that allows to reduce parameters by sending several syndromes with the same error support in one ciphertext. Our scheme is designed without using ideal structures. Considering cryptosystems without such an ideal structure, like the FrodoKEM cryptosystem, is important since structure allows to compress objects, but gives reductions to specific problems whose security may potentially be weaker than for unstructured problems. For 128 bits of security, we propose parameters with a public key size of 4,6KB and a ciphertext size of 1,1KB. To the best of our knowledge, our scheme is the smallest among all existing unstructured post-quantum lattice or code-based algorithms, when taking into account the sum of the public key size and the ciphertext size. In that sense, our scheme is for instance about 4 times shorter than FrodoKEM. Our system relies on the hardness of the Rank Support Learning problem, a well-known variant of the Rank Syndrome Decoding problem, and on the problem of indistinguishability of distorted Gabidulin codes, i.e. Gabidulin codes multiplied by an homogeneous matrix of given rank. The latter problem was introduced by Loidreau in his paper

Decoding rank errors beyond the error-correcting capability

International audienc

A new rank metric codes based encryption scheme

International audienceWe design a new McEliece-like rank metric based encryption scheme from Gabidulin codes. We explain why it is not affected by the invariant subspace attacks also known as Overbeck's attacks. The idea of the design mixes two existing approaches designing rank metric based en-cryption schemes. For a given security our public-keys are more compact than for the same security in the Hamming metric based settings

Using algebraic structures to improve LDPC code reconstruction over a noisy channel

International audienc