Designs, Codes and Cryptography最新文献

A De Bruijn cycle is a cyclic sequence in which every word of length n over an alphabet (mathcal {A}) appears exactly once. De Bruijn tori are a two-dimensional analogue. Motivated by recent progress on universal partial cycles and words, which shorten De Bruijn cycles using a wildcard character, we introduce universal partial tori and matrices. We find them computationally and construct infinitely many of them using one-dimensional variants of universal cycles, including a new variant called a universal partial family.

Nonlinear feedback shift registers (NFSRs) are used in many recent stream ciphers as their main building blocks. Two NFSRs are said to be isomorphic if their state diagrams are isomorphic, and to be equivalent if their sets of output sequences are equal. So far, numerous work has been done on the equivalence of NFSRs with same bit number, but much less has been done on their isomorphism. Actually, the equivalence problem of NFSRs with same bit number can be transformed to their isomorphism problem. The latter can be solved if the bijection between their states and its inverse can be explicitly expressed, which are quite hard to get in general. This paper studies the isomorphism of NFSRs by building a general framework for bijections. It first gives basic bijections. It then presents a unified formula for bijections, and discloses that any bijection can be expressed as a composite of finite basic bijections, setting up a general framework for bijections. Based on the general framework, the paper discloses in theory how to obtain all Galois NFSRs that are isomorphic to a given NFSR, and then reveals the bijections between the states of the previous types of Galois NFSRs and their own equivalent Fibonacci NFSRs. Finally, it proposes a new type of Galois NFSRs that are isomorphic and further equivalent to Fibonacci NFSRs, covering and improving most previous types of Galois NFSRs known to be equivalent to Fibonacci NFSRs.

In this paper, for an odd prime power q and an integer (mge 2), let (mathcal {C}(q,m)) be a one-weight irreducible cyclic code with parameters ([q^m-1,m,(q-1)q^{m-1}]), we consider the complete weight enumerator and the weight distribution of the square (big (mathcal {C}(q,m)big )^2), whose dual has (lfloor frac{m}{2}rfloor +1) zeros. Using the character sums method and the known result of counting (mtimes m) symmetric matrices over (mathbb {F}_q) with given rank, we explicitly determine the complete weight enumerator of (left( mathcal {C}(q,m)right) ^2) and show that (left( mathcal {C}(q,m)right) ^2) is a ((2lfloor frac{m}{2}rfloor +1))-weight cyclic code with parameters ([q^{m}-1,frac{m(m+1)}{2},(q-1)(q^{m-1}-q^{m-2})]). Moreover, we get the weight distribution of the square of the simplex code by puncturing the last (frac{(q-2)(q^m-1)}{q-1}) coordinates of (left( mathcal {C}(q,m)right) ^2).

The learning parity with noise (LPN) problem underlines several classic cryptographic primitives. Researchers have attempted to show the algorithmic difficulty of this problem by finding a reduction from the decoding problem of linear codes, for which several hardness results exist. Earlier studies used code smoothing as a technical tool to achieve such reductions for codes with vanishing rate. This has left open the question of attaining a reduction with positive-rate codes. Addressing this case, we characterize the efficiency of the reduction in terms of the parameters of the decoding and LPN problems. As a conclusion, we isolate the parameter regimes for which a meaningful reduction is possible and the regimes for which its existence is unlikely.

In this paper, we introduce and study the problem of binary stretch embedding of edge-weighted graphs in both integer and fractional settings. Roughly speaking, the binary stretch embedding problem for a weighted graph G is to find a mapping from the vertex set of G, to the vertices of a hypercube graph such that the distance between every pair of the vertices is not reduced under the mapping, hence the name binary stretch embedding. The minimum dimension of a hypercube for which such a stretch embedding exists is called the binary addressing number of G. We show that the binary addressing number of weighted graphs is the optimum value of an integer program. The optimum value for the corresponding linear relaxation problem is called the fractional binary addressing number of G. This embedding type problem is closely related to the well-known addressing problem of Graham and Pollak and isometric hypercube embedding problem of Firsov. Using tools and techniques such as Hadamard codes and the linear programming theory help us to find upper and lower bounds, approximations, or exact values of the binary addressing number and the fractional variant of graphs. As an application of our results, we derive improved upper bounds or exact values of the maximum size of Lee metric codes of certain parameters.

A (2-(v, k, lambda )) design is additive if, up to isomorphism, the point set is a subset of an abelian group G and every block is zero-sum. This definition was introduced in Caggegi et al. (J Algebr Comb 45:271-294, 2017) and was the starting point of an interesting new theory. Although many additive designs have been constructed and known designs have been shown to be additive, these structures seem quite hard to construct in general, particularly when we look for additive Steiner 2-designs. One might generalize additive Steiner 2-designs in a natural way to graph decompositions as follows: given a simple graph (Gamma ), an additive ((K_v,Gamma ))-design is a decomposition of the graph (K_v) into subgraphs (blocks) (B_1,dots ,B_t) all isomorphic to (Gamma ), such that the vertex set (V(K_v)) is a subset of an abelian group G, and the sets (V(B_1), dots , V(B_t)) are zero-sum in G. In this work we begin the study of additive ((K_v,Gamma ))-designs: we develop different tools instrumental in constructing these structures, and apply them to obtain some infinite classes of designs and many sporadic examples. We will consider decompositions into various graphs (Gamma ), for instance cycles, paths, and k-matchings. Similar ideas will also allow us to present here a sporadic additive 2-(124, 4, 1) design.

Lattices have many significant applications in cryptography. In 2021, the p-adic signature scheme and public-key encryption cryptosystem were introduced. They are based on the Longest Vector Problem (LVP) and the Closest Vector Problem (CVP) in p-adic lattices. These problems are considered to be challenging and there are no known deterministic polynomial time algorithms to solve them. In this paper, we improve the LVP algorithm in local fields. The modified LVP algorithm is a deterministic polynomial time algorithm when the field is totally ramified and p is a polynomial in the rank of the input lattice. We utilize this algorithm to attack the above schemes so that we are able to forge a valid signature of any message and decrypt any ciphertext. Although these schemes are broken, this work does not mean that p-adic lattices are not suitable in constructing cryptographic primitives. We propose some possible modifications to avoid our attack at the end of this paper.

Homomorphic encryption (HE) is one of the mainstream cryptographic tools used to enable secure outsourced computation. A typical task is secure matrix computation, which is a fundamental operation used in various outsourced computing applications such as statistical analysis and machine learning. In this paper, we present a new framework for secure multiplication of two matrices with size (r times s) and (s times t) respectively, which requires only (O(log n)) basic homomorphic operations if (rst le n), where n is dimension of the polynomial ring used in RLWE encryption. Our method was implemented in HElib using the BGV scheme. Experimental results show that the new framework has significant advantage in efficiency when (rst le n). In this case, the new framework is 1.2 to 106.8 times faster than exiting algorithms in experiments.

A function (f: {mathbb {F}}_q rightarrow {mathbb {F}}_q), is called an almost perfect nonlinear (APN) if (f(X+a)-f(X) =b) has at most 2 solutions for every (b,a in {mathbb {F}}_q), with a nonzero. Furthermore, it is called an exceptional APN if it is an APN on infinitely many extensions of ({mathbb {F}}_q). These problems are equivalent to finding rational points on the corresponding variety ({mathcal {X}}_f:=phi _f(X,Y,Z)=0). The Lang–Weil, Deligne, and Ghorpade–Lachaud bounds help solve these problems when (phi _f) contains an absolutely irreducible factor in the defining field. The exceptional monomial APN functions had been classified up to CCZ equivalence by Hernando and McGuire (J Algebra 343:78–92, 2011), proving the conjecture of Janwa, Wilson, and McGuire (JMW) (1993, 1995). The main tools used were the computation and classification of the singularities of ({mathcal {X}}_f) and the algorithm of JMW for the absolute irreducibility testing using Bezout’s Theorem. Aubry et al. (2010) conjectured that the only exceptional APN functions of odd degree up to CCZ equivalence are the Gold ((2^k+1)) and the Kasami-Welch ((2^{2k}-2^k+1)) monomial functions. Here, we settle the first case (Theorem 20). We also prove a part of a conjecture on exceptional crooked functions. One of the main tools in our proofs is our new absolute irreducibility criterion (Theorem 9).

Impossible differential cryptanalysis is a crucial cryptanalytical method for symmetric ciphers. Given an impossible differential, the key recovery attack typically proceeds in two steps: generating pairs of data and then identifying wrong keys using the guess-and-filtering method. At CRYPTO 2023, Boura et al. first proposed a new key recovery technique—the differential meet-in-the-middle attack, which recovers the key in a meet-in-the-middle manner. Inspired by this technique, we incorporate the meet-in-the-middle technique into impossible cryptanalysis and propose a generic impossible differential meet-in-the-middle attack (IDMA) framework. We apply IDMA to block ciphers SKINNY, SKINNYe-v2, and ForkSKINNY and achieve remarkably efficient attacks. We improve the impossible differential attack on SKINNY-n-3n by 2 rounds in the single-tweakey setting and 1 round in the related-tweakey setting. For SKINNYe-v2, the impossible differential attacks now can cover 2 more rounds in the related-tweakey setting and the first 23/24/25-round attacks in the single-tweakey model are given. For ForkSKINNY-n-3n, we improve the attacks by 2 rounds in the limited setting specified by the designers and 1 round in relaxed settings. These results confirm that the meet-in-the-middle technique can result in more efficient key recovery, reaching beyond what traditional methods can achieve on certain ciphers.