Designs, Codes and Cryptography最新文献

Cyclic codes, as a special type of constacyclic codes, have been extensively studied due to their favorable theoretical and mathematical properties. Very recently, by using the derivative of the Mattson-Solomon polynomials, Huang and Zhang (IEEE Trans Inf Theor 70(4):2395–2410, 2024) studied the cyclic derivative descendants (DDs) and linear DDs of binary extended cyclic codes and proposed the corresponding derivative decoding methods. One objective of this paper is to generalize these conclusions to q-ary extended cyclic codes with group algebra theory. It demonstrates that the cyclic DDs of a q-ary extended cyclic code are the same codes and its linear DDs are equivalent codes. In addition, we show that the relevant results can be generalized to q-ary constacyclic codes and the linear codes generated by Plotkin construction. Our conclusions reveal that the soft-decision decoding method proposed by Huang and Zhang for binary cyclic codes is also applicable to q-ary cyclic codes, q-ary constacyclic codes and the linear codes generated by Plotkin construction.

Using codes defined over (mathbb {F}_4) and (mathbb {F}_2 times mathbb {F}_2), we simultaneously define the theta series of corresponding lattices for both real and imaginary quadratic fields (mathbb {Q}(sqrt{d})) with (d equiv 1mod 4) a square-free integer. For such a code, we use its weight enumerator to prove which term in the code’s corresponding theta series is the first to depend on the choice of d. For a given choice of real or imaginary quadratic field, we find conditions on the length of the code relative to the choice of quadratic field. When these conditions are satisfied, the generated theta series is unique to the code’s symmetric weight enumerator. We show that whilst these conditions ensure all non-equivalent codes will produce distinct theta series, for other codes that do not satisfy this condition, the length of the code and choice of quadratic field is not always enough to determine if the corresponding theta series will be unique.

A bijection (theta :Grightarrow G) of a finite group G is an orthomorphism of G if the mapping (xmapsto x^{-1}theta (x)) is also a bijection. Two orthomorphisms (theta ) and (phi ) of a finite group G are orthogonal if the mapping (xmapsto theta (x)^{-1}phi (x)) is also bijective. We show that there is a pair of orthogonal orthomorphisms of a finite nilpotent group G if and only if the Sylow 2-subgroup of G is either trivial or noncyclic with the definite exceptions of (Gcong G') where (G'in {D_8,Q_8,{mathbb {Z}}_3,{mathbb {Z}}_9}) and except possibly for (Gcong Q_8times {mathbb {Z}}_9) or (Gcong SD_{2^n}times {mathbb {Z}}_3) for any (ngeqslant 4). This result yields the existence of difference matrices over finite nilpotent groups with four rows.

Brawley and Carlitz introduced diamond products of elements of finite fields and associated composed products of polynomials in 1987. Composed products yield a method to construct irreducible polynomials of large composite degrees from irreducible polynomials of lower degrees. We show that the composed product of two irreducible polynomials of degrees m and n is again irreducible if and only if m and n are coprime and the involved diamond product satisfies a special cancellation property, the so-called conjugate cancellation. This completes the characterization of irreducible composed products, considered in several previous papers. More generally, we give precise criteria when a diamond product satisfies conjugate cancellation. For diamond products defined via bivariate polynomials, we prove simple criteria that characterize when conjugate cancellation holds. We also provide efficient algorithms to check these criteria. We achieve stronger results as well as more efficient algorithms in the case that the polynomials are bilinear. Lastly, we consider possible constructions of normal elements using composed products and the methods we developed.

In this paper we demonstrate the first example of a finite translation plane which does not contain a translation hyperoval, disproving a conjecture of Cherowitzo. The counterexample is a semifield plane, specifically a Generalised Twisted Field plane, of order 64. We also relate this non-existence to the covering radius of two associated rank-metric codes, and the non-existence of scattered subspaces of maximum dimension with respect to the associated spread.

In recent years, it has become a popular trend to propose quantum versions of classical attacks. The rectangle attack as a differential attack is widely used in symmetric cryptanalysis and applied on many block ciphers. To improve its efficiency, we propose a new quantum rectangle attack firstly. In rectangle attack, it counts the number of valid quartets for each guessed subkeys and filters out subkey candidates according to the counter. To speed up this procedure, we propose a quantum key counting algorithm based on parallel amplitude estimation algorithm and amplitude amplification algorithm. Then, we complete with the remaining key bits and search the right full key by nested Grover search. Besides, we give a strategy to find a more suitable distinguisher to make the complexity lower. Finally, to evaluate post-quantum security of the tweakable block cipher Deoxys-BC, we perform automatic search for good distinguishers of Deoxys-BC according to the strategy, and then apply our attack on 9/10-round Deoxys-BC-256 and 12/13/14-round Deoxys-BC-384. The results show that our attack has some improvements than classical attacks and Grover search.

Achieving tight security is a fundamental task in cryptography. While one of the most important purposes of this task is to improve the overall efficiency of a construction (by allowing smaller security parameters), many current lattice-based instantiations do not completely achieve the goal. Particularly, a super-polynomial modulus seems to be necessary in all prior work for (almost) tight schemes that allow the adversary to conduct queries, such as PRF, IBE, and Signatures. As the super-polynomial modulus would affect the noise-to-modulus ratio and thus increase the parameters, this might cancel out the advantages (in efficiency) brought from the tighter analysis. To determine the full power of tight security/analysis in lattices, it is necessary to determine whether the super-polynomial modulus restriction is inherent. In this work, we remove the super-polynomial modulus restriction for many important primitives—PRF, IBE, all-but-many Lossy Trapdoor Functions, and Signatures. The crux relies on an improvement over the framework of Boyen and Li (Asiacrypt 16), and an almost tight reduction from LWE to LWR, which improves prior work by Alwen et al. (Eurocrypt 13), Bogdanov et al. (TCC 16), and Bai et al. (Asiacrypt 15). By combining these two advances, we are able to derive these almost tight schemes under LWE with a polynomial modulus.

The Brakerski–Gentry–Vaikuntanathan (BGV) scheme is a Fully Homomorphic Encryption (FHE) cryptosystem based on the Ring Learning With Error (RLWE) problem. Ciphertexts in this scheme contain an error term that grows with operations and causes decryption failure when it surpasses a certain threshold. Consequently, the parameters of BGV need to be estimated carefully, with a trade-off between security and error margin. The ciphertext space of BGV is the ring (mathcal {R}_q=mathbb {Z}_q[x]/(Phi _m(x))), where usually the degree n of the cyclotomic polynomial (Phi _m(x)) is chosen as a power of two for efficiency reasons. However, the jump between two consecutive powers-of-two polynomials also causes a jump in security, resulting in parameters that are much bigger than what is needed. In this work, we explore the non-power-of-two instantiations of BGV. Although our theoretical research encompasses results applicable to any cyclotomic ring, the focus of our investigation is the case of ({m=2^scdot 3^t}) where (s,tge 1), i.e., cyclotomic polynomials with degree ({n=phi (m)=2^scdot 3^{t-1}}). We provide a thorough analysis of the noise growth in this new setting using the canonical norm and compare our results with the power-of-two case considering practical aspects like NTT algorithms. We find that in many instances, the parameter estimation process yields better results for the non-power-of-two setting.

It is important to study the new construction methods of bent functions. In this paper, we first propose a secondary construction method of ((k+s))-variable bent function g through a family of s-plateaued functions (f_0,f_1,ldots ,f_{2^s-1}) on k variables with disjoint Walsh supports, which can be obtained through any given ((k-s))-variable bent function f by selecting (2^s) disjoint affine subspaces (S_0,S_1,ldots ,S_{2^s-1}) of ({mathbb {F}}_2^k) with dimension (k-s) to specify the Walsh support of these s-plateaued functions respectively, where s is a positive integer and (k-s) is a positive even integer. The dual functions of these newly constructed bent functions are determined. This secondary construction method of bent functions has a great improvement in counting. As a generalization, we find that the one initial ((k-s))-variable bent function f can be replaced by several different ((k-s))-variable bent functions. Compared to the first construction method, the latter one gives much more bent functions. It is worth mentioning that it can give all the 896 bent functions on 4 variables.

Let n be an odd positive integer, p be an odd prime with (pequiv 3pmod 4), (d_{1} = {{p^{n}-1}over {2}} -1 ) and (d_{2} =p^{n}-2). The function defined by (f_u(x)=ux^{d_{1}}+x^{d_{2}}) is called the generalized Ness–Helleseth function over (mathbb {F}_{p^n}), where (uin mathbb {F}_{p^n}). It was initially studied by Ness and Helleseth in the ternary case. In this paper, for (p^n equiv 3 pmod 4) and (p^n ge 7), we provide the necessary and sufficient condition for (f_u(x)) to be an APN function. In addition, for each u satisfying (chi (u+1) = chi (u-1)), the differential spectrum of (f_u(x)) is investigated, and it is expressed in terms of some quadratic character sums of cubic polynomials, where (chi (cdot )) denotes the quadratic character of ({mathbb {F}}_{p^n}).