-
Information Set Decoding for Lee-Metric Codes using Restricted Balls
Authors:
Jessica Bariffi,
Karan Khathuria,
Violetta Weger
Abstract:
The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have been proposed. The observation that such decoders come with a larger cost than their Hamming metric counterparts make the Lee metric a promising alternative for classical code-based cryptography. Unlike in the Hamming metric, an error vector that is chosen uniform at random of a given Lee weight is exp…
▽ More
The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have been proposed. The observation that such decoders come with a larger cost than their Hamming metric counterparts make the Lee metric a promising alternative for classical code-based cryptography. Unlike in the Hamming metric, an error vector that is chosen uniform at random of a given Lee weight is expected to have only few entries with large Lee weight. Using this expected distribution of entries, we are able to drastically decrease the cost of generic decoders in the Lee metric, by reducing the original problem to a smaller instance, whose solution lives in restricted balls.
△ Less
Submitted 25 May, 2022;
originally announced May 2022.
-
On some batch code properties of the simplex code
Authors:
Henk D. L. Hollmann,
Karan Khathuria,
Ago-Erik Riet,
Vitaly Skachek
Abstract:
The binary $k$-dimensional simplex code is known to be a $2^{k-1}$-batch code and is conjectured to be a $2^{k-1}$-functional batch code. Here, we offer a simple, constructive proof of a result that is "in between" these two properties. Our approach is to relate these properties to certain (old and new) additive problems in finite abelian groups. We also formulate a conjecture for finite abelian g…
▽ More
The binary $k$-dimensional simplex code is known to be a $2^{k-1}$-batch code and is conjectured to be a $2^{k-1}$-functional batch code. Here, we offer a simple, constructive proof of a result that is "in between" these two properties. Our approach is to relate these properties to certain (old and new) additive problems in finite abelian groups. We also formulate a conjecture for finite abelian groups that generalizes the above-mentioned conjecture.
△ Less
Submitted 22 January, 2023; v1 submitted 14 October, 2021;
originally announced October 2021.
-
On Cyclic Matroids and their Applications
Authors:
Gianira N. Alfarano,
Karan Khathuria,
Simran Tinani
Abstract:
A matroid is a combinatorial structure that captures and generalizes the algebraic concept of linear independence under a broader and more abstract framework. Matroids are closely related with many other topics in discrete mathematics, such as graphs, matrices, codes and projective geometries. In this work, we define cyclic matroids as matroids over a ground set of size $n$ whose automorphism grou…
▽ More
A matroid is a combinatorial structure that captures and generalizes the algebraic concept of linear independence under a broader and more abstract framework. Matroids are closely related with many other topics in discrete mathematics, such as graphs, matrices, codes and projective geometries. In this work, we define cyclic matroids as matroids over a ground set of size $n$ whose automorphism group contains an $n$-cycle. We study the properties of such matroids, with special focus on the minimum size of their basis sets. For this, we broadly employ two different approaches: the multiple basis exchange property, and an orbit-stabilizer method, developed by analyzing the action of the cyclic group of order $n$ on the set of bases. We further present some applications of our theory to algebra and geometry, presenting connections to cyclic projective planes, cyclic codes and $k$-normal elements.
△ Less
Submitted 15 March, 2022; v1 submitted 29 July, 2021;
originally announced July 2021.
-
Density of Free Modules over Finite Chain Rings
Authors:
Eimear Byrne,
Anna-Lena Horlemann,
Karan Khathuria,
Violetta Weger
Abstract:
In this paper we focus on modules over a finite chain ring $\mathcal{R}$ of size $q^s$. We compute the density of free modules of $\mathcal{R}^n$, where we separately treat the asymptotics in $n,q$ and $s$. In particular, we focus on two cases: one where we fix the length of the module and one where we fix the rank of the module. In both cases, the density results can be bounded by the Andrews-Gor…
▽ More
In this paper we focus on modules over a finite chain ring $\mathcal{R}$ of size $q^s$. We compute the density of free modules of $\mathcal{R}^n$, where we separately treat the asymptotics in $n,q$ and $s$. In particular, we focus on two cases: one where we fix the length of the module and one where we fix the rank of the module. In both cases, the density results can be bounded by the Andrews-Gordon identities. We also study the asymptotic behaviour of modules generated by random matrices over $\mathcal{R}$. Since linear codes over $\mathcal{R}$ are submodules of $\mathcal{R}^n$ we get direct implications for coding theory. For example, we show that random codes achieve the Gilbert-Varshamov bound with high probability.
△ Less
Submitted 8 February, 2022; v1 submitted 17 June, 2021;
originally announced June 2021.
-
Cryptanalysis of a code-based full-time signature
Authors:
Nicolas Aragon,
Marco Baldi,
Jean-Christophe Deneuville,
Karan Khathuria,
Edoardo Persichetti,
Paolo Santini
Abstract:
We present an attack against a code-based signature scheme based on the Lyubashevsky protocol that was recently proposed by Song, Huang, Mu, Wu and Wang (SHMWW). The private key in the SHMWW scheme contains columns coming in part from an identity matrix and in part from a random matrix. The existence of two types of columns leads to a strong bias in the distribution of set bits in produced signatu…
▽ More
We present an attack against a code-based signature scheme based on the Lyubashevsky protocol that was recently proposed by Song, Huang, Mu, Wu and Wang (SHMWW). The private key in the SHMWW scheme contains columns coming in part from an identity matrix and in part from a random matrix. The existence of two types of columns leads to a strong bias in the distribution of set bits in produced signatures. Our attack exploits such a bias to recover the private key from a bunch of collected signatures. We provide a theoretical analysis of the attack along with experimental evaluations, and we show that as few as 10 signatures are enough to be collected for successfully recovering the private key. As for previous attempts of adapting Lyubashevsky's protocol to the case of code-based cryptography, the SHMWW scheme is thus proved unable to provide acceptable security. This confirms that devising secure code-based signature schemes with efficiency comparable to that of other post-quantum solutions (e.g., based on lattices) is still a challenging task.
△ Less
Submitted 6 July, 2021; v1 submitted 16 November, 2020;
originally announced November 2020.
-
Galois ring isomorphism problem
Authors:
Karan Khathuria
Abstract:
Recently, Doröz et al. (2017) proposed a new hard problem, called the finite field isomorphism problem, and constructed a fully homomorphic encryption scheme based on this problem. In this paper, we generalize the problem to the case of Galois rings, resulting in the Galois ring isomorphism problem. The generalization is achieved by lifting the isomorphism between the corresponding residue fields.…
▽ More
Recently, Doröz et al. (2017) proposed a new hard problem, called the finite field isomorphism problem, and constructed a fully homomorphic encryption scheme based on this problem. In this paper, we generalize the problem to the case of Galois rings, resulting in the Galois ring isomorphism problem. The generalization is achieved by lifting the isomorphism between the corresponding residue fields. As a result, this generalization allows us to construct cryptographic primitives over the ring of integers modulo a prime power, instead of a large prime number.
△ Less
Submitted 27 August, 2020;
originally announced August 2020.
-
On single server private information retrieval in a coding theory perspective
Authors:
Gianira N. Alfarano,
Karan Khathuria,
Violetta Weger
Abstract:
In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. Further,…
▽ More
In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. Further, we describe some known PIR schemes with respect to this code-based framework, and present the weaknesses of the broken PIR schemes in a generic point of view.
△ Less
Submitted 14 August, 2020;
originally announced August 2020.
-
On the Hardness of the Lee Syndrome Decoding Problem
Authors:
Violetta Weger,
Karan Khathuria,
Anna-Lena Horlemann,
Massimo Battaglioni,
Paolo Santini,
Edoardo Persichetti
Abstract:
In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the $3$-dimensional matching problem. Then, we study the complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric o…
▽ More
In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the $3$-dimensional matching problem. Then, we study the complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric over finite rings, as well as proposing some novel solutions. For the analyzed algorithms, we assess the computational complexity in the asymptotic regime and compare it to the corresponding algorithms in the Hamming metric.
△ Less
Submitted 1 April, 2022; v1 submitted 27 February, 2020;
originally announced February 2020.
-
Encryption Scheme Based on Expanded Reed-Solomon Codes
Authors:
Karan Khathuria,
Joachim Rosenthal,
Violetta Weger
Abstract:
We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an extension field as secret codes and disguise it by considering its shortened expanded code over the base field. Considering shortened expanded codes provides a safeguard against distinguisher attacks based on the Schur product. Moreover, without using a cyclic or a quasi-cyclic structure we obtain a key siz…
▽ More
We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an extension field as secret codes and disguise it by considering its shortened expanded code over the base field. Considering shortened expanded codes provides a safeguard against distinguisher attacks based on the Schur product. Moreover, without using a cyclic or a quasi-cyclic structure we obtain a key size reduction of nearly $45 \%$ compared to the classic McEliece cryptosystem proposed by Bernstein et al.
△ Less
Submitted 26 November, 2019; v1 submitted 3 June, 2019;
originally announced June 2019.
-
Generalization of the Ball-Collision Algorithm
Authors:
Carmelo Interlando,
Karan Khathuria,
Nicole Rohrer,
Joachim Rosenthal,
Violetta Weger
Abstract:
In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
△ Less
Submitted 28 December, 2018;
originally announced December 2018.
-
On the algebraic structure of $E_p^{(m)}$ and applications to cryptography
Authors:
Karan Khathuria,
Giacomo Micheli,
Violetta Weger
Abstract:
In this paper we show that the $\mathbb Z/p^{m}\mathbb Z$-module structure of the ring $E_p^{(m)}$ is isomorphic to a $\mathbb Z/p^{m}\mathbb Z$-submodule of the matrix ring over $\mathbb Z/p^{m}\mathbb Z$. Using this intrinsic structure of $E_p^{(m)}$, solving a linear system over $E_p^{(m)}$ becomes computationally equivalent to solving a linear system over $\mathbb Z/p^{m}\mathbb Z$. As an appl…
▽ More
In this paper we show that the $\mathbb Z/p^{m}\mathbb Z$-module structure of the ring $E_p^{(m)}$ is isomorphic to a $\mathbb Z/p^{m}\mathbb Z$-submodule of the matrix ring over $\mathbb Z/p^{m}\mathbb Z$. Using this intrinsic structure of $E_p^{(m)}$, solving a linear system over $E_p^{(m)}$ becomes computationally equivalent to solving a linear system over $\mathbb Z/p^{m}\mathbb Z$. As an application we break the protocol based on the Diffie-Hellman Decomposition problem and ElGamal Decomposition problem over $E_p^{(m)}$. Our algorithm terminates in a provable running time of $O(m^{6})$ $\mathbb Z/p^{m}\mathbb Z$-operations.
△ Less
Submitted 14 December, 2019; v1 submitted 6 October, 2018;
originally announced October 2018.