Designs, Codes and Cryptography最新文献

We consider a subclass of p-ary self-reversible generalized (L, G) codes with a locator set (L={ frac{2x-alpha }{x^2-alpha x +1},alpha in mathbb {F}_q setminus {0}, q=p^m } cup {frac{1}{x+1}}), where p is a prime number. The numerator (2x-alpha ) of a rational function is the formal derivative of the denominator (x^2-alpha x +1). The Goppa polynomial (G(x) in mathbb {F}_q[x]) of degree 2t, t being odd, is either an irreducible self-reversible polynomial of degree 2t, or a non-irreducible self-reversible polynomial of degree 2t of the form (G_1^{-1}(0)cdot G_1(x)cdot x^tcdot G_1(x^{-1})), where (G_1(x)in mathbb {F}_q[x]) is any irreducible non self-reversible polynomial of degree t. Estimates for minimum distance and redundancy are obtained for codes from this subclass. It is shown that among these codes, there are codes lying on the Gilbert–Varshamov bound. As a special case, binary codes from this subclass that contains codes lying also on Gilbert–Varshamov bound are considered.

Let G be a primitive rank 3 permutation group acting on a set of size v. Binary codes of length v globally invariant under G are well-known to hold PBIBDs in their (A_w) codewords of weight w. The parameters of these designs are (bigg (A_w,v,w,frac{wA_w}{v},lambda _1,lambda _2bigg ).) When (lambda _1=lambda _2=lambda ,) the PBIBD becomes a 2-((v,w,lambda )) design. We obtain computationally 111 such designs when G ranges over (textrm{L}_2(8){:}3, textrm{U}_{4}(2), textrm{U}_{3}(3){:}2, textrm{A}_8, textrm{S}_6(2),) (textrm{S}_{4}(4), textrm{U}_{5}(2), textrm{M}_{11}, textrm{M}_{22}, textrm{HS}, textrm{G}_2(4), textrm{S}_{8}(2),textrm{O}^{+}_{10}(2),) and (textrm{O}^{-}_{10}(2)) in the notation of the Atlas. Included in the counting are 2-designs which are held by nonzero weight codewords of the binary adjacency codes of the triangular and square lattice graphs, respectively. The 2-designs in this paper can be obtained neither from Assmus–Mattson theorem, nor by the classical 2-tra nsitivity (or 2-homogeneity) argument of the automorphism group of the code. Further, the extensions of the codes that hold 2-designs sometimes hold 3-designs. We thus obtain nine self-complementary 3-designs on 16 (4), (28,, 36) (2), (,56,, 176) points respectively. The design on 176 points is invariant under the Higman–Sims group.

In this paper, we present a framework for generic decoding of convolutional codes, which allows us to do cryptanalysis of code-based systems that use convolutional codes as public keys. We then apply this framework to information set decoding, study success probabilities and give tools to choose variables. Finally, we use this to attack two cryptosystems based on convolutional codes. In the case of Bolkema et al. (Variations of the McEliece cryptosystem. In: Algebraic geometry for coding theory and cryptography: IPAM, Los Angeles, CA, Feb 2016. Springer, Cham, pp 129-150, 2017. https://doi.org/10.1007/978-3-319-63931-4_5), our code recovered about 74% of errors in less than 10 h each, and in the case of Almeida et al. (Smaller keys for code-based cryptography: McEliece cryptosystems with convolutional encoders. CoRR abs/2104.06809, 2021. arXiv: https://arxiv.org/abs/2104.06809v1), we give experimental evidence that 80% of the errors can be recovered in times corresponding to about 70 bits of operational security, with some instances being significantly lower.

In this paper, we focus on constructing unique-decodable and list-decodable codes for the recently studied (t, e)-composite-asymmetric error-correcting codes ((t, e)-CAECCs). Let (mathcal {X}) be an (m times n) binary matrix in which each row has Hamming weight w. If at most t rows of (mathcal {X}) contain errors, and in each erroneous row, there are at most e occurrences of (1 rightarrow 0) errors, we say that a (t, e)-composite-asymmetric error occurs in (mathcal {X}). For general values of m, n, w, t, and e, we propose new constructions of (t, e)-CAECCs with redundancy at most ((t-1)log (m) + O(1)), where O(1) is independent of the code length m. In particular, this yields a class of (2, e)-CAECCs that are optimal in terms of redundancy. When m is a prime power, the redundancy can be further reduced to ((t-1)log (m) - O(log (m))). To further increase the code size, we introduce a combinatorial object called a weak (B_e)-set. When (e = w), we present an efficient encoding and decoding method for our codes. Finally, we explore potential improvements by relaxing the requirement of unique decoding to list-decoding. We show that when the list size is t! or an exponential function of t, there exist list-decodable (t, e)-CAECCs with constant redundancy. When the list size is two, we construct list-decodable (3, 2)-CAECCs with redundancy (log (m) + O(1)).

Bit Flipping Key Encapsulation (BIKE) is a code-based cryptosystem that was considered in Round 4 of the NIST Post-Quantum Cryptography Standardization process. It is based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes paired with an iterative decoder. While (low-density) parity-check codes have been shown to perform well in practice, their capabilities are governed by the code’s graphical representation and the choice of decoder rather than the traditional code parameters, making it difficult to determine the decoder failure rate (DFR). Moreover, decoding failures have been demonstrated to lead to attacks that recover the BIKE private key. In this paper, we demonstrate a strong correlation between weak keys and 4-cycles in their associated Tanner graphs. We give concrete ways to enumerate the number of 4-cycles in a BIKE key and use these results to present a filtering algorithm that will filter BIKE keys with large numbers of 4-cycles. These results also apply to more general parity check codes.

Datta and Johnsen (Des Codes Cryptogr 91:747–761, 2023) introduced a new family of evaluation codes in an affine space of dimension (ge 2) over a finite field ({mathbb {F}}_q) where linear combinations of elementary symmetric polynomials are evaluated on the set of all points with pairwise distinct coordinates. In this paper, we propose a generalization by taking low dimensional linear systems of symmetric polynomials. Computation for small values of (q=7,9) shows that carefully chosen generalized Datta–Johnsen codes (left[ frac{1}{2}q(q-1),3,dright] ) have minimum distance d equal to the optimal value minus 1.

We continue the study of blockcipher-based (tweakable) correlation robust hash functions, which are central building blocks of circuit garbling and oblivious-transfer extension schemes. Motivated by Roy (CRYPTO 2022), we first enhance the multi-user tweakable correlation robust notion of Guo et al. (CRYPTO 2020) with a key leaking oracle that tells the adversary whether a certain user key satisfies adversarially-chosen predicates. We then investigate the state-of-the-art hash construction of Guo et al. with respect to our new security definition, providing security proof as well as attacks in relevant settings. As an application, we exhibit an OT extension protocol with non-trivial multi-user security.

In this paper, we study nontrivial symmetric (v, k, 4) designs admitting a flag-transitive and point-primitive affine automorphism group. In conclusion, all symmetric (v, k, 4) designs admitting flag-transitive automorphism groups are known apart from those admitting one-dimensional automorphisms, and hence the classification of flag-transitive symmetric (v, k, 4) designs reduces to the case of one-dimensional affine automorphism groups.

Recently, Baudrin et al. analyzed a special case of Wagner’s commutative diagram cryptanalysis, referred to as commutative cryptanalysis. For a family ((E_k)_k) of permutations on a finite vector space G, commutative cryptanalysis exploits the existence of affine permutations (A,B :G rightarrow G), (I notin {A,B}) such that (E_k circ A (x) = B circ E_k(x)) holds with high probability, taken over inputs x, for a significantly large set of weak keys k. Several attacks against symmetric cryptographic primitives can be formulated within the framework of commutative cryptanalysis, most importantly differential attacks, as well as rotational and rotational-differential attacks. Besides, the notion of c-differentials on S-boxes can be analyzed as a special case within this framework. We discuss the relations between a general notion of commutative cryptanalysis, with A and B being arbitrary functions over a finite Abelian group, and differential cryptanalysis, both from the view of conducting an attack on a symmetric cryptographic primitive, as well as from the view of a theoretical study of cryptographic S-boxes.

We derive the coding capacity for duplication-correcting codes capable of correcting any number of duplications. We do so both for reverse-complement duplications, as well as palindromic (reverse) duplications. We show that except for duplication-length 1, the coding capacity is 0. When the duplication length is 1, the coding capacity depends on the alphabet size, and we construct optimal codes.