Designs, Codes and Cryptography最新文献

In 2021, Sterner proposed a commitment scheme based on supersingular isogenies. For this scheme to be binding, one relies on a trusted party to generate a starting supersingular elliptic curve of unknown endomorphism ring. In fact, the knowledge of the endomorphism ring allows one to compute an endomorphism of degree a power of a given small prime. Such an endomorphism can then be split into two to obtain two different messages with the same commitment. This is the reason why one needs a curve of unknown endomorphism ring, and the only known way to generate such supersingular curves is to rely on a trusted party or on some expensive multiparty computation. We observe that if the degree of the endomorphism in play is well chosen, then the knowledge of the endomorphism ring is not sufficient to efficiently compute such an endomorphism and in some particular cases, one can even prove that endomorphism of a certain degree do not exist. Leveraging these observations, we adapt Sterner’s commitment scheme in such a way that the endomorphism ring of the starting curve can be known and public. This allows us to obtain isogeny-based commitment schemes which can be instantiated without trusted setup requirements.

A (delta )-colouring of the point set of a block design is said to be weak if no block is monochromatic. The chromatic number (chi (S)) of a block design S is the smallest integer (delta ) such that S has a weak (delta )-colouring. It has previously been shown that any Steiner triple system has chromatic number at least 3 and that for each (vequiv 1) or (3pmod {6}) there exists a Steiner triple system on v points that has chromatic number 3. Moreover, for each integer (delta geqslant 3) there exist infinitely many Steiner triple systems with chromatic number (delta ). We consider colourings of the subclass of Steiner triple systems which are resolvable. A Kirkman triple system consists of a resolvable Steiner triple system together with a partition of its blocks into parallel classes. We show that for each (vequiv 3pmod {6}) there exists a Kirkman triple system on v points with chromatic number 3. We also show that for each integer (delta geqslant 3), there exist infinitely many Kirkman triple systems with chromatic number (delta ). We close with several open problems.

This paper describes a constant-time lattice encoder for the National Institute of Standards and Technology (NIST) recommended post-quantum encryption algorithm: Kyber. The first main contribution of this paper is to refine the analysis of Kyber decoding noise and prove that Kyber decoding noise can be bounded by a sphere. This result shows that the Kyber encoding problem is essentially a sphere packing in a hypercube. The original Kyber encoder uses the integer lattice for sphere packing purposes, which is far from optimal. Our second main contribution is to construct optimal lattice codes to ensure denser packing and a lower decryption failure rate (DFR). Given the same ciphertext size as the original Kyber, the proposed lattice encoder enjoys a larger decoding radius, and is able to encode much more information bits. This way we achieve a decrease of the communication cost by up to (32.6%), and a reduction of the DFR by a factor of up to (2^{85}). Given the same plaintext size as the original Kyber, e.g., 256 bits, we propose a bit-interleaved coded modulation (BICM) approach, which combines a BCH code and the proposed lattice encoder. The proposed BICM scheme significantly reduces the DFR of Kyber, thus enabling further compression of the ciphertext. Compared with the original Kyber encoder, the communication cost is reduced by (24.49%), while the DFR is decreased by a factor of (2^{39}). The proposed encoding scheme is a constant-time algorithm, thus resistant against the timing side-channel attacks.

Rational transformations play an important role in the construction of irreducible polynomials over finite fields. Usually, the methods involve fixing a rational function Q and deriving conditions on polynomials (Fin mathbb {F}_q[x]) such that the rational transformation of F with Q is irreducible. Here we want to change the perspective and study rational functions with which the rational transformation never yields irreducible polynomials. We show that if the rational function is contained in certain subfields of (mathbb {F}_q(x)) then the rational transformation with it is always reducible. This extends the list of known examples.

We characterize the permutations of (mathbb {F}_q) whose graph minimizes the number of collinear triples and describe the lexicographically-least one, confirming a conjecture of Cooper-Solymosi. This question is connected to Dudeney’s No-3-in-a-Line problem, the Heilbronn triangle problem, and the structure of finite plane Kakeya sets. We discuss a connection with complete sets of mutually orthogonal latin squares and state a few open problems primarily about general finite affine planes.

Twisted generalized Reed–Solomon (TGRS) codes as a generalization of generalized Reed–Solomon (GRS) codes have attracted a lot of attention from many researchers in recent years. In this paper, we investigate the conditions for the equality of two classes of TGRS codes with different parameters. Moreover, we construct the permutation automorphism groups of two classes of TGRS codes and show they are quasi-cyclic codes. Finally, building upon the Berlekamp–Massey algorithm for GRS codes, we show a decoding scheme for a class of MDS TGRS codes.

Distinguishing Goppa codes or alternant codes from generic linear codes (Faugère et al. in Proceedings of the IEEE Information Theory Workshop—ITW 2011, Paraty, Brasil, October 2011, pp. 282–286, 2011) has been shown to be a first step before being able to attack McEliece cryptosystem based on those codes (Bardet et al. in IEEE Trans Inf Theory 70(6):4492–4511, 2024). Whereas the distinguisher of Faugère et al. (2011) is only able to distinguish Goppa codes or alternant codes of rate very close to 1, in Couvreur et al. (in: Guo and Steinfeld (eds) Advances in Cryptology—ASIACRYPT 2023—29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, December 4–8, 2023, Proceedings, Part IV, Volume 14441 of LNCS, pp. 3–38, Springer, 2023) a much more powerful (and more general) distinguisher was proposed. It is based on computing the Hilbert series ({{{,textrm{HF},}}(d),;d in mathbb {N}}) of a Pfaffian modeling. The distinguisher of Faugère et al. (2011) can be interpreted as computing ({{,textrm{HF},}}(1)). Computing ({{,textrm{HF},}}(2)) still gives a polynomial time distinguisher for alternant or Goppa codes and is apparently able to distinguish Goppa or alternant codes in a much broader regime of rates as the one of Faugère et al. (2011). However, the scope of this distinguisher was unclear. We give here a formula for ({{,textrm{HF},}}(2)) corresponding to generic alternant codes when the field size q satisfies (q geqslant r), where r is the degree of the alternant code. We also show that this expression for ({{,textrm{HF},}}(2)) provides a lower bound in general. The value of ({{,textrm{HF},}}(2)) corresponding to random linear codes is known and this yields a precise description of the new regime of rates that can be distinguished by this new method. This shows that the new distinguisher improves significantly upon the one given in Faugère et al. (2011).

Frameproof codes are used to fingerprint digital data. It can prevent copyrighted materials from unauthorized use. To determine the maximum size of the frameproof codes is a crucial problem in this research area. In this paper, we study the upper bounds for frameproof codes under Boneh-Shaw descendant (wide-sense descendant). First, we give new upper bounds for wide-sense 2-frameproof codes to improve the known results. Then we take the alphabet size into consideration and answer an open question in this area. Finally, we improve the general upper bounds for wide-sense t-frameproof codes.

This paper builds a novel bridge between algebraic coding theory and mathematical knot theory, with applications in both directions. We give methods to construct error-correcting codes starting from the colorings of a knot, describing through a series of results how the properties of the knot translate into code parameters. We show that knots can be used to obtain error-correcting codes with prescribed parameters and an efficient decoding algorithm.

The hardness of discrete logarithm problem (DLP) over finite fields forms the security foundation of many cryptographic schemes. When the characteristic is not small, the state-of-the-art algorithms for solving the DLP are the number field sieve (NFS) and its variants. NFS first computes the logarithms of the factor base, which consists of elements of small norms. Then, for a target element, its logarithm is calculated by establishing a relation with the factor base. Although computing the factor-base elements is the most time-consuming part of NFS, it can be performed only once and treated as pre-computation for a fixed finite field when multiple logarithms need to be computed. In this paper, we present a method for accelerating individual logarithm computation by utilizing two subfields. We focus on the case where the extension degree of the finite field is a multiple of 6 within the extended tower number field sieve framework. Our method allows for the construction of an element with a lower degree, while maintaining the same coefficient bound compared to Guillevic’s method, which uses only one subfield. Consequently, the element derived from our approach enjoys a smaller norm, which will improve the efficiency in individual logarithm computation.