Designs, Codes and Cryptography最新文献

This work is devoted to solving some closely related open problems on the average and asymptotic behavior of the 2-adic complexity of binary sequences. First, for fixed N, we prove that the expected value (E^{text {2-adic}}_N) of the 2-adic complexity over all binary sequences of length N is close to (frac{N}{2}) and the deviation from (frac{N}{2}) is at most of order of magnitude (log (N)). More precisely, we show that

We also prove bounds on the expected value of the Nth rational complexity. Our second contribution is to prove for a random binary sequence (mathcal {S}) that the Nth 2-adic complexity satisfies with probability 1

Soft Analytical Side Channel Attacks (SASCA) are a powerful family of Side Channel Attacks (SCA) that allows the recovery of secret values with only a small number of traces. Their effectiveness lies in the Belief Propagation (BP) algorithm, which enables efficient computation of the marginal distributions of intermediate values. Post-quantum schemes such as Kyber, and more recently, Hamming Quasi-Cyclic (HQC), have been targets of SASCA. Previous SASCA on HQC focused on Reed–Solomon (RS) codes and successfully retrieved the shared key with a high success rate for high noise levels using a single trace. In this work, we present new SASCA on HQC, where both the shared key and the secret key are targeted. Our attacks are realized on simulations. Unlike the previous SASCA, we take a closer look at the Reed–Muller (RM) code. The advantage of this choice is that the RM decoder is applied before the RS decoder, enabling attacks targeting both the secret key and shared key. We build a factor graph of the Fast Hadamard Transform (FHT) function from the HQC reference implementation of April 2023. The information recovered from BP allows us to retrieve the shared key with a single trace. In addition to the previous SASCA targeting HQC, we also manage to recover the secret key with two different chosen ciphertext attacks. One of them requires a single trace and is successful until high noise levels.

A code is said to be equidistant if the distance between any two distinct codewords of the code is the same. In this paper, we have studied equidistant single-orbit cyclic and quasi-cyclic subspace codes. The orbit code generated by a subspace U in ({mathbb {F}}_{q^n}) such that the dimension of U over ({mathbb {F}}_q) is t or (n-t), (text{ where }~t=dim _{{mathbb {F}}_q}(text{ Stab }(U)cup {0})), is equidistant and is termed a trivial equidistant orbit code. Using the concept of cyclic difference sets, we have proved that only the trivial equidistant single-orbit cyclic subspace codes exist. Further, we have explored equidistant single-orbit quasi-cyclic subspace codes, focusing specifically on those which are sunflowers.

Flag codes have received a lot of attention due to its application in random network coding. In 2021, Alonso-González et al. constructed optimal ((n,{mathcal {A}})_{q})-Optimum distance flag codes (ODFC) for ({mathcal {A}}subseteq {1,2,ldots ,k,n-k,ldots ,n-1}) with (kin {mathcal {A}}) and (kmid n). In this paper, we introduce a new construction of ((n,{mathcal {A}})_q)-ODFCs by maximum rank-metric codes, and prove that there is an ((n,{mathcal {A}})_{q})-ODFC of size (frac{q^n-q^{k+r}}{q^k-1}+1) for any ({mathcal {A}}subseteq {1,2,ldots ,k,n-k,ldots ,n-1}) with ({mathcal {A}}cap {k,n-k}ne emptyset ), where (requiv npmod k) and (0le r<k). Furthermore, when (k>frac{q^r-1}{q-1}), this ((n,{mathcal {A}})_q)-ODFC is optimal. Specially, when (r=0), Alonso-González et al.’s result is also obtained. We also give a characterization of almost optimum distance flag codes, and construct a family of optimal almost optimum flag distance codes.

A ((v,k,lambda ))-BIBD ((X,mathcal {B})) has a nesting if there is a mapping (phi :mathcal {B}rightarrow X) such that ((X,{Bcup {phi (B)}mid Bin mathcal {B}})) is a ((v,k+1,lambda +1))-packing. If the ((v,k+1,lambda +1))-packing is a ((v,k+1,lambda +1))-BIBD, then this nesting is said to be perfect. We show that given any positive integers k and (lambda ), if (kge 2lambda +2), then for any sufficiently large v, every ((v,k,lambda ))-BIBD can be nested into a ((v,k+1,lambda +1))-packing; and if (k=2lambda +1), then for any sufficiently large v satisfying (v equiv 1 pmod {2k}), there exists a ((v,k,lambda ))-BIBD having a perfect nesting. Banff difference families (BDF), as a special kind of difference families (DF), can be used to generate nested BIBDs. We show that if G is a finite abelian group with a large size whose number of order 2 elements is no more than a given constant, and (kge 2lambda +2), then one can obtain a ((G,k,lambda ))-BDF by taking any ((G,k,lambda ))-DF and then replacing each of its base blocks by a suitable translation. This is a Novák-like theorem. The generalized Novák’s conjecture states that given any positive integers k and (lambda ) with (kge lambda +1), there exists an integer (v_0) such that, for any cyclic ((v,k,lambda ))-BIBD with (vge v_0), it is always possible to choose one block from each block orbit so that the chosen blocks are pairwise disjoint. We confirm this conjecture for every (kge lambda +2). Most of the theorems in this paper are based on a recent result presented by Delcourt and Postle on the asymptotic existence of an A-perfect matching of a bipartite hypergraph.

Recent improvements to garbled circuits are mainly focused on reducing their size. The state-of-the-art construction of Rosulek and Roy (Crypto 2021) requires (1.5kappa ) bits for garbling AND gates in the free-XOR setting. This is below the previously proven lower bound (2kappa ) in the linear garbling model of Zahur, Rosulek, and Evans (Eurocrypt 2015). Whether their construction is optimal in a more inclusive model than the linear garbling model still remains open. This paper begins by providing a comprehensive model for a large class of practical garbling schemes and proves the lower bound for the size of the garbled AND gates in our model. We show that garbled AND gates require at least (1.5kappa ) bits in our new model with the free-XOR setting. It is remarkable to see that the construction by Rosulek and Roy is already optimal despite the fact that our model possibly captures any potential extension of their construction.

This paper focuses on the cryptanalysis of the ASCON family using automatic tools. We analyze two different problems with the goal to obtain new modelings, both simpler and less computationally heavy than previous works (all our models require only a small amount of code and run on regular desktop computers). The first problem is the search for Meet-in-the-middle attacks on reduced-round ASCON–XOF. Starting from the MILP modeling of Qin et al. (Meet-in-the-middle preimage attacks on sponge-based hashing. In: EUROCRYPT (4). Lecture notes in computer science, vol 14007. Springer, pp. 158–188, 2023. https://doi.org/10.1007/978-3-031-30634-1_6), we rephrase the problem in SAT, which accelerates significantly the solving time and removes the need for the “weak diffusion structure” heuristic. This allows us to reduce the memory complexity of Qin et al.’s attacks and to prove some optimality results. The second problem is the search for lower bounds on the probability of differential characteristics for the ASCON permutation. We introduce a lossy MILP encoding of the propagation rules based on the Hamming weight, in order to find quickly lower bounds which are comparable to the state of the art. We find a small improvement over the existing bound on 7 rounds.

Classical strong external difference families (SEDFs) are much-studied combinatorial structures motivated by information security applications; it is conjectured that only one classical abelian SEDF exists with more than two sets. Recently, non-disjoint SEDFs were introduced; it was shown that families of these exist with arbitrarily many sets. We present constructions for both classical and non-disjoint SEDFs, which encompass all known non-cyclotomic examples for either type (plus many new examples) using a sequence-based framework. Moreover, we introduce a range of new external difference structures (allowing set-sizes to vary, and sets to be replaced by multisets) in both the classical and non-disjoint case, and show how these may be applied to various communications applications.

In this paper, a security evaluation framework for ARX ciphers, using modular addition as non-linear component, against rotational-XOR differential cryptanalysis is proposed. We first model all the possible propagations for rotational-XOR difference and rotational-XOR differential probability by some conjunctive normal form clauses. Then, acceleration techniques of automatic search are presented to derive better results and improve the efficiency. Our framework is successfully applied to SPECK, and we have identified rotational-XOR differential characteristics that cover more rounds than those previously reported. In particular, we present 17-round, 17-round and 24-round rotational-XOR differential characteristics for SPECK64/128, SPECK96/144 and SPECK128/256, whereas the previously longest characteristics cover 13, 13 and 13 rounds, respectively. For CHAM64/128, a 16-round characteristic with higher probability is proposed, while 17-round and 18-round rotational-XOR differential characteristics are provided for the first time. Furthermore, we apply rotational-XOR cryptanalysis on SPARX and Ballet for the first time, obtaining a 15-round rotational-XOR characteristic for SPARX64/128 and a 9-round characteristic for Ballet128/256.

Experimental results show that, when the order n is odd, there are de Bruijn sequences such that the corresponding complement sequence and the reverse sequence are the same. In this paper, we propose one efficient method to generate such de Bruijn sequences. This solves an open problem asked by Fredricksen forty years ago for showing the existence of such de Bruijn sequences when the odd order (n >1). Moreover, we refine a characterization of de Bruijn sequences with the same complement and reverse sequences and study the number of these de Bruijn sequences, as well as the distribution of de Bruijn sequences of the maximum linear complexity.