Designs, Codes and Cryptography最新文献

We consider access structures over a set of n participants, defined by a parameter k with (1 le k le n) in the following way: a subset is authorized if it contains at least k consecutive participants. Depending on whether we consider the participants placed in a line (that is, participant 1 is not next to participant n) or in a circle, we obtain two different families, that we call (k, n)-line-consecutive and (k, n)-circle-consecutive access structures, respectively. Such access structures can appear in real-life situations involving distributed cryptography, which makes it more interesting to look for the best secret sharing schemes that can realize them. For both families, we characterize which are the configurations (k, n) that admit ideal secret sharing schemes. For the non-ideal (k, n)-consecutive access structures, we give both upper and lower bounds on the information ratio of the best secret sharing schemes that can realize them. Some of these bounds are obtained after proving relations between the information ratios of access structures in the two considered families.

In this paper, we analyze the algebraic invariants for two classes of multivariate quadratic systems: systems made by oil and vinegar quadratic polynomials and systems made by both oil and vinegar polynomials and fully-quadratic ones. For such systems, we explicitly compute the Hilbert series in the homogeneous case, and we also give bounds on the degree of regularity, solving degree and first fall degree. Such degrees can be relevant to compute the complexity of solving those systems and to estimate their cryptographic security.

We consider a subclass of p-ary self-reversible generalized (L, G) codes with a locator set (L={ frac{2x-alpha }{x^2-alpha x +1},alpha in mathbb {F}_q setminus {0}, q=p^m } cup {frac{1}{x+1}}), where p is a prime number. The numerator (2x-alpha ) of a rational function is the formal derivative of the denominator (x^2-alpha x +1). The Goppa polynomial (G(x) in mathbb {F}_q[x]) of degree 2t, t being odd, is either an irreducible self-reversible polynomial of degree 2t, or a non-irreducible self-reversible polynomial of degree 2t of the form (G_1^{-1}(0)cdot G_1(x)cdot x^tcdot G_1(x^{-1})), where (G_1(x)in mathbb {F}_q[x]) is any irreducible non self-reversible polynomial of degree t. Estimates for minimum distance and redundancy are obtained for codes from this subclass. It is shown that among these codes, there are codes lying on the Gilbert–Varshamov bound. As a special case, binary codes from this subclass that contains codes lying also on Gilbert–Varshamov bound are considered.

Let G be a primitive rank 3 permutation group acting on a set of size v. Binary codes of length v globally invariant under G are well-known to hold PBIBDs in their (A_w) codewords of weight w. The parameters of these designs are (bigg (A_w,v,w,frac{wA_w}{v},lambda _1,lambda _2bigg ).) When (lambda _1=lambda _2=lambda ,) the PBIBD becomes a 2-((v,w,lambda )) design. We obtain computationally 111 such designs when G ranges over (textrm{L}_2(8){:}3, textrm{U}_{4}(2), textrm{U}_{3}(3){:}2, textrm{A}_8, textrm{S}_6(2),) (textrm{S}_{4}(4), textrm{U}_{5}(2), textrm{M}_{11}, textrm{M}_{22}, textrm{HS}, textrm{G}_2(4), textrm{S}_{8}(2),textrm{O}^{+}_{10}(2),) and (textrm{O}^{-}_{10}(2)) in the notation of the Atlas. Included in the counting are 2-designs which are held by nonzero weight codewords of the binary adjacency codes of the triangular and square lattice graphs, respectively. The 2-designs in this paper can be obtained neither from Assmus–Mattson theorem, nor by the classical 2-tra nsitivity (or 2-homogeneity) argument of the automorphism group of the code. Further, the extensions of the codes that hold 2-designs sometimes hold 3-designs. We thus obtain nine self-complementary 3-designs on 16 (4), (28,, 36) (2), (,56,, 176) points respectively. The design on 176 points is invariant under the Higman–Sims group.

In this paper, we present a framework for generic decoding of convolutional codes, which allows us to do cryptanalysis of code-based systems that use convolutional codes as public keys. We then apply this framework to information set decoding, study success probabilities and give tools to choose variables. Finally, we use this to attack two cryptosystems based on convolutional codes. In the case of Bolkema et al. (Variations of the McEliece cryptosystem. In: Algebraic geometry for coding theory and cryptography: IPAM, Los Angeles, CA, Feb 2016. Springer, Cham, pp 129-150, 2017. https://doi.org/10.1007/978-3-319-63931-4_5), our code recovered about 74% of errors in less than 10 h each, and in the case of Almeida et al. (Smaller keys for code-based cryptography: McEliece cryptosystems with convolutional encoders. CoRR abs/2104.06809, 2021. arXiv: https://arxiv.org/abs/2104.06809v1), we give experimental evidence that 80% of the errors can be recovered in times corresponding to about 70 bits of operational security, with some instances being significantly lower.

In this paper, we focus on constructing unique-decodable and list-decodable codes for the recently studied (t, e)-composite-asymmetric error-correcting codes ((t, e)-CAECCs). Let (mathcal {X}) be an (m times n) binary matrix in which each row has Hamming weight w. If at most t rows of (mathcal {X}) contain errors, and in each erroneous row, there are at most e occurrences of (1 rightarrow 0) errors, we say that a (t, e)-composite-asymmetric error occurs in (mathcal {X}). For general values of m, n, w, t, and e, we propose new constructions of (t, e)-CAECCs with redundancy at most ((t-1)log (m) + O(1)), where O(1) is independent of the code length m. In particular, this yields a class of (2, e)-CAECCs that are optimal in terms of redundancy. When m is a prime power, the redundancy can be further reduced to ((t-1)log (m) - O(log (m))). To further increase the code size, we introduce a combinatorial object called a weak (B_e)-set. When (e = w), we present an efficient encoding and decoding method for our codes. Finally, we explore potential improvements by relaxing the requirement of unique decoding to list-decoding. We show that when the list size is t! or an exponential function of t, there exist list-decodable (t, e)-CAECCs with constant redundancy. When the list size is two, we construct list-decodable (3, 2)-CAECCs with redundancy (log (m) + O(1)).

Bit Flipping Key Encapsulation (BIKE) is a code-based cryptosystem that was considered in Round 4 of the NIST Post-Quantum Cryptography Standardization process. It is based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes paired with an iterative decoder. While (low-density) parity-check codes have been shown to perform well in practice, their capabilities are governed by the code’s graphical representation and the choice of decoder rather than the traditional code parameters, making it difficult to determine the decoder failure rate (DFR). Moreover, decoding failures have been demonstrated to lead to attacks that recover the BIKE private key. In this paper, we demonstrate a strong correlation between weak keys and 4-cycles in their associated Tanner graphs. We give concrete ways to enumerate the number of 4-cycles in a BIKE key and use these results to present a filtering algorithm that will filter BIKE keys with large numbers of 4-cycles. These results also apply to more general parity check codes.

Datta and Johnsen (Des Codes Cryptogr 91:747–761, 2023) introduced a new family of evaluation codes in an affine space of dimension (ge 2) over a finite field ({mathbb {F}}_q) where linear combinations of elementary symmetric polynomials are evaluated on the set of all points with pairwise distinct coordinates. In this paper, we propose a generalization by taking low dimensional linear systems of symmetric polynomials. Computation for small values of (q=7,9) shows that carefully chosen generalized Datta–Johnsen codes (left[ frac{1}{2}q(q-1),3,dright] ) have minimum distance d equal to the optimal value minus 1.

We continue the study of blockcipher-based (tweakable) correlation robust hash functions, which are central building blocks of circuit garbling and oblivious-transfer extension schemes. Motivated by Roy (CRYPTO 2022), we first enhance the multi-user tweakable correlation robust notion of Guo et al. (CRYPTO 2020) with a key leaking oracle that tells the adversary whether a certain user key satisfies adversarially-chosen predicates. We then investigate the state-of-the-art hash construction of Guo et al. with respect to our new security definition, providing security proof as well as attacks in relevant settings. As an application, we exhibit an OT extension protocol with non-trivial multi-user security.