-
Fast Decoding of Lifted Interleaved Linearized Reed-Solomon Codes for Multishot Network Coding
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
Mart{\'ı}nez-Pe{ñ}as and Kschischang (IEEE Trans.\ Inf.\ Theory, 2019) proposed lifted linearized Reed--Solomon codes as suitable codes for error control in multishot network coding. We show how to construct and decode \ac{LILRS} codes. Compared to the construction by Mart{\'ı}nez-Pe{ñ}as--Kschischang, interleaving allows to increase the decoding region significantly and decreases the overhead due…
▽ More
Mart{\'ı}nez-Pe{ñ}as and Kschischang (IEEE Trans.\ Inf.\ Theory, 2019) proposed lifted linearized Reed--Solomon codes as suitable codes for error control in multishot network coding. We show how to construct and decode \ac{LILRS} codes. Compared to the construction by Mart{\'ı}nez-Pe{ñ}as--Kschischang, interleaving allows to increase the decoding region significantly and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. We propose two decoding schemes for \ac{LILRS} that are both capable of correcting insertions and deletions beyond half the minimum distance of the code by either allowing a list or a small decoding failure probability. We propose a probabilistic unique {\LOlike} decoder for \ac{LILRS} codes and an efficient interpolation-based decoding scheme that can be either used as a list decoder (with exponential worst-case list size) or as a probabilistic unique decoder. We derive upper bounds on the decoding failure probability of the probabilistic-unique decoders which show that the decoding failure probability is very small for most channel realizations up to the maximal decoding radius. The tightness of the bounds is verified by Monte Carlo simulations.
△ Less
Submitted 12 July, 2023;
originally announced July 2023.
-
Bounds on Mixed Codes with Finite Alphabets
Authors:
Yonatan Yehezkeally,
Haider Al Kim,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
Mixed codes, which are error-correcting codes in the Cartesian product of different-sized spaces, model degrading storage systems well. While such codes have previously been studied for their algebraic properties (e.g., existence of perfect codes) or in the case of unbounded alphabet sizes, we focus on the case of finite alphabets, and generalize the Gilbert-Varshamov, sphere-packing, Elias-Bassal…
▽ More
Mixed codes, which are error-correcting codes in the Cartesian product of different-sized spaces, model degrading storage systems well. While such codes have previously been studied for their algebraic properties (e.g., existence of perfect codes) or in the case of unbounded alphabet sizes, we focus on the case of finite alphabets, and generalize the Gilbert-Varshamov, sphere-packing, Elias-Bassalygo, and first linear programming bounds to that setting. In the latter case, our proof is also the first for the non-symmetric mono-alphabetic $q$-ary case using Navon and Samorodnitsky's Fourier-analytic approach.
△ Less
Submitted 19 December, 2022;
originally announced December 2022.
-
Rank-Metric Codes and Their Applications
Authors:
Hannes Bartz,
Lukas Holzbaur,
Hedongliang Liu,
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size.…
▽ More
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size. In distributed data storage, codes in the rank metric have been used repeatedly to construct codes with locality, and in coded caching, they have been employed for the placement of coded symbols. This survey gives a general introduction to rank-metric codes, explains their most important applications, and highlights their relevance to these areas of research.
△ Less
Submitted 23 March, 2022;
originally announced March 2022.
-
Coding and Bounds for Partially Defective Memory Cells
Authors:
Haider Al Kim,
Sven Puchinger,
Ludo Tolhuizen,
Antonia Wachter-Zeh
Abstract:
This paper considers coding for so-called partially stuck (defect) memory cells. Such memory cells can only store partial information as some of their levels cannot be used fully due to, e.g., wearout. First, we present new constructions that are able to mask $u$ partially stuck cells while correcting at the same time $t$ random errors. The process of "masking" determines a word whose entries coin…
▽ More
This paper considers coding for so-called partially stuck (defect) memory cells. Such memory cells can only store partial information as some of their levels cannot be used fully due to, e.g., wearout. First, we present new constructions that are able to mask $u$ partially stuck cells while correcting at the same time $t$ random errors. The process of "masking" determines a word whose entries coincide with writable levels at the (partially) stuck cells. For $u>1$ and alphabet size $q>2$, our new constructions improve upon the required redundancy of known constructions for $t=0$, and require less redundancy for masking partially stuck cells than former works required for masking fully stuck cells (which cannot store any information). Second, we show that treating some of the partially stuck cells as erroneous cells can decrease the required redundancy for some parameters. Lastly, we derive Singleton-like, sphere-packing-like, and Gilbert--Varshamov-like bounds. Numerical comparisons state that our constructions match the Gilbert--Varshamov-like bounds for several code parameters, e.g., BCH codes that contain all-one word by our first construction.
△ Less
Submitted 15 February, 2022;
originally announced February 2022.
-
Error-Erasure Decoding of Linearized Reed-Solomon Codes in the Sum-Rank Metric
Authors:
Felicitas Hörmann,
Hannes Bartz,
Sven Puchinger
Abstract:
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their ful…
▽ More
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their full potential for multishot network coding. The presented syndrome-based Berlekamp-Massey-like error-erasure decoder can correct $t_F$ full errors, $t_R$ row erasures and $t_C$ column erasures up to $2t_F + t_R + t_C \leq n-k$ in the sum-rank metric requiring at most $\mathcal{O}(n^2)$ operations in $\mathbb{F}_{q^m}$, where $n$ is the code's length and $k$ its dimension. We show how the proposed decoder can be used to correct errors in the sum-subspace metric that occur in (noncoherent) multishot network coding.
△ Less
Submitted 2 September, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
List Decoding of 2-Interleaved Binary Alternant Codes
Authors:
Chih-Chiang Huang,
Hedongliang Liu,
Lukas Holzbaur,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
This paper is concerned with list decoding of $2$-interleaved binary alternant codes. The principle of the proposed algorithm is based on a combination of a list decoding algorithm for (interleaved) Reed-Solomon codes and an algorithm for (non-interleaved) alternant codes. A new upper bound on the decoding radius is derived and the list size is shown to scale polynomially in the code parameters. W…
▽ More
This paper is concerned with list decoding of $2$-interleaved binary alternant codes. The principle of the proposed algorithm is based on a combination of a list decoding algorithm for (interleaved) Reed-Solomon codes and an algorithm for (non-interleaved) alternant codes. A new upper bound on the decoding radius is derived and the list size is shown to scale polynomially in the code parameters. While it remains an open problem whether this upper bound is achievable, the provided simulation results show that a decoding radius exceeding the binary Johnson radius can be achieved with a high probability of decoding success by the proposed algorithm.
△ Less
Submitted 11 February, 2022; v1 submitted 27 January, 2022;
originally announced January 2022.
-
Fast Decoding of Interleaved Linearized Reed-Solomon Codes and Variants
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
We construct $s$-interleaved linearized Reed--Solomon (ILRS) codes and variants and propose efficient decoding schemes that can correct errors beyond the unique decoding radius in the sum-rank metric. The proposed interpolation-based scheme for ILRS codes can be used as a list decoder or as a probabilistic unique decoder that corrects errors of sum-rank up to $t\leq\frac{s}{s+1}(n-k)$, where $s$ i…
▽ More
We construct $s$-interleaved linearized Reed--Solomon (ILRS) codes and variants and propose efficient decoding schemes that can correct errors beyond the unique decoding radius in the sum-rank metric. The proposed interpolation-based scheme for ILRS codes can be used as a list decoder or as a probabilistic unique decoder that corrects errors of sum-rank up to $t\leq\frac{s}{s+1}(n-k)$, where $s$ is the interleaving order, $n$ the length and $k$ the dimension of the code. Upper bounds on the list size and the decoding failure probability are given where the latter is based on a novel Loidreau--Overbeck-like decoder for ILRS codes. We show how the proposed decoding schemes can be used to decode errors beyond the unique decoding radius in the skew metric by using an isometry between the sum-rank metric and the skew metric.
We generalize fast minimal approximant basis interpolation techniques to obtain efficient decoding schemes for ILRS codes (and variants) with subquadratic complexity in the code length.
Up to our knowledge, the presented decoding schemes are the first being able to correct errors beyond the unique decoding region in the sum-rank and skew metric. The performance of the proposed decoding schemes and the tightness of the upper bound on the decoding failure probability are validated via Monte Carlo simulations.
△ Less
Submitted 28 April, 2023; v1 submitted 4 January, 2022;
originally announced January 2022.
-
Analysis of Communication Channels Related to Physical Unclonable Functions
Authors:
Georg Maringer,
Marvin Xhemrishi,
Sven Puchinger,
Kathrin Garb,
Hedongliang Liu,
Thomas Jerkovits,
Ludwig Kürzinger,
Matthias Hiller,
Antonia Wachter-Zeh
Abstract:
Cryptographic algorithms rely on the secrecy of their corresponding keys. On embedded systems with standard CMOS chips, where secure permanent memory such as flash is not available as a key storage, the secret key can be derived from Physical Unclonable Functions (PUFs) that make use of minuscule manufacturing variations of, for instance, SRAM cells. Since PUFs are affected by environmental change…
▽ More
Cryptographic algorithms rely on the secrecy of their corresponding keys. On embedded systems with standard CMOS chips, where secure permanent memory such as flash is not available as a key storage, the secret key can be derived from Physical Unclonable Functions (PUFs) that make use of minuscule manufacturing variations of, for instance, SRAM cells. Since PUFs are affected by environmental changes, the reliable reproduction of the PUF key requires error correction. For silicon PUFs with binary output, errors occur in the form of bitflips within the PUFs response. Modelling the channel as a Binary Symmetric Channel (BSC) with fixed crossover probability $p$ is only a first-order approximation of the real behavior of the PUF response. We propose a more realistic channel model, refered to as the Varying Binary Symmetric Channel (VBSC), which takes into account that the reliability of different PUF response bits may not be equal. We investigate its channel capacity for various scenarios which differ in the channel state information (CSI) present at encoder and decoder. We compare the capacity results for the VBSC for the different CSI cases with reference to the distribution of the bitflip probability according a work by Maes et al.
△ Less
Submitted 3 December, 2021;
originally announced December 2021.
-
Quadratic-Curve-Lifted Reed-Solomon Codes
Authors:
Hedongliang Liu,
Lukas Holzbaur,
Nikita Polyanskii,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
Lifted codes are a class of evaluation codes attracting more attention due to good locality and intermediate availability. In this work we introduce and study quadratic-curve-lifted Reed-Solomon (QC-LRS) codes, where the codeword symbols whose coordinates are on a quadratic curve form a codeword of a Reed-Solomon code. We first develop a necessary and sufficient condition on the monomials which fo…
▽ More
Lifted codes are a class of evaluation codes attracting more attention due to good locality and intermediate availability. In this work we introduce and study quadratic-curve-lifted Reed-Solomon (QC-LRS) codes, where the codeword symbols whose coordinates are on a quadratic curve form a codeword of a Reed-Solomon code. We first develop a necessary and sufficient condition on the monomials which form a basis the code. Based on the condition, we give upper and lower bounds on the dimension and show that the asymptotic rate of a QC-LRS code over $\mathbb{F}_q$ with local redundancy $r$ is $1-Θ(q/r)^{-0.2284}$. Moreover, we provide analytical results on the minimum distance of this class of codes and compare QC-LRS codes with lifted Reed-Solomon codes by simulations in terms of the local recovery capability against erasures. For short lengths, QC-LRS codes have better performance in local recovery for erasures than LRS codes of the same dimension.
△ Less
Submitted 18 February, 2022; v1 submitted 29 September, 2021;
originally announced September 2021.
-
Maximum Sum-Rank Distance Codes over Finite Chain Rings
Authors:
Umberto Martínez-Peñas,
Sven Puchinger
Abstract:
In this work, maximum sum-rank distance (MSRD) codes and linearized Reed-Solomon codes are extended to finite chain rings. It is proven that linearized Reed-Solomon codes are MSRD over finite chain rings, extending the known result for finite fields. For the proof, several results on the roots of skew polynomials are extended to finite chain rings. These include the existence and uniqueness of min…
▽ More
In this work, maximum sum-rank distance (MSRD) codes and linearized Reed-Solomon codes are extended to finite chain rings. It is proven that linearized Reed-Solomon codes are MSRD over finite chain rings, extending the known result for finite fields. For the proof, several results on the roots of skew polynomials are extended to finite chain rings. These include the existence and uniqueness of minimum-degree annihilator skew polynomials and Lagrange interpolator skew polynomials. A general cubic-complexity sum-rank Welch-Berlekamp decoder and a quadratic-complexity sum-rank syndrome decoder (under some assumptions) are then provided over finite chain rings. The latter also constitutes the first known syndrome decoder for linearized Reed--Solomon codes over finite fields. Finally, applications in Space-Time Coding with multiple fading blocks and physical-layer multishot Network Coding are discussed.
△ Less
Submitted 12 January, 2024; v1 submitted 20 September, 2021;
originally announced September 2021.
-
Twisted Reed-Solomon Codes
Authors:
Peter Beelen,
Sven Puchinger,
Johan Rosenkilde
Abstract:
In this article, we present a new construction of evaluation codes in the Hamming metric, which we call twisted Reed-Solomon codes. Whereas Reed-Solomon (RS) codes are MDS codes, this need not be the case for twisted RS codes. Nonetheless, we show that our construction yields several families of MDS codes. Further, for a large subclass of (MDS) twisted RS codes, we show that the new codes are not…
▽ More
In this article, we present a new construction of evaluation codes in the Hamming metric, which we call twisted Reed-Solomon codes. Whereas Reed-Solomon (RS) codes are MDS codes, this need not be the case for twisted RS codes. Nonetheless, we show that our construction yields several families of MDS codes. Further, for a large subclass of (MDS) twisted RS codes, we show that the new codes are not generalized RS codes. To achieve this, we use properties of Schur squares of codes as well as an explicit description of the dual of a large subclass of our codes. We conclude the paper with a description of a decoder, that performs very well in practice as shown by extensive simulation results.
△ Less
Submitted 23 January, 2022; v1 submitted 14 July, 2021;
originally announced July 2021.
-
Improved Power Decoding of Algebraic Geometry Codes
Authors:
Sven Puchinger,
Johan Rosenkilde,
Grigory Solomatov
Abstract:
Power decoding is a partial decoding paradigm for arbitrary algebraic geometry codes for decoding beyond half the minimum distance, which usually returns the unique closest codeword, but in rare cases fails to return anything. The original version decodes roughly up to the Sudan radius, while an improved version decodes up to the Johnson radius, but has so far been described only for Reed--Solomon…
▽ More
Power decoding is a partial decoding paradigm for arbitrary algebraic geometry codes for decoding beyond half the minimum distance, which usually returns the unique closest codeword, but in rare cases fails to return anything. The original version decodes roughly up to the Sudan radius, while an improved version decodes up to the Johnson radius, but has so far been described only for Reed--Solomon and one-point Hermitian codes. In this paper we show how the improved version can be applied to any algebraic geometry code.
△ Less
Submitted 17 May, 2021; v1 submitted 1 May, 2021;
originally announced May 2021.
-
Bounds on List Decoding of Linearized Reed-Solomon Codes
Authors:
Sven Puchinger,
Johan Rosenkilde
Abstract:
Linearized Reed-Solomon (LRS) codes are sum-rank metric codes that fulfill the Singleton bound with equality. In the two extreme cases of the sum-rank metric, they coincide with Reed-Solomon codes (Hamming metric) and Gabidulin codes (rank metric). List decoding in these extreme cases is well-studied, and the two code classes behave very differently in terms of list size, but nothing is known for…
▽ More
Linearized Reed-Solomon (LRS) codes are sum-rank metric codes that fulfill the Singleton bound with equality. In the two extreme cases of the sum-rank metric, they coincide with Reed-Solomon codes (Hamming metric) and Gabidulin codes (rank metric). List decoding in these extreme cases is well-studied, and the two code classes behave very differently in terms of list size, but nothing is known for the general case. In this paper, we derive a lower bound on the list size for LRS codes, which is, for a large class of LRS codes, exponential directly above the Johnson radius. Furthermore, we show that some families of linearized Reed-Solomon codes with constant numbers of blocks cannot be list decoded beyond the unique decoding radius.
△ Less
Submitted 5 February, 2021;
originally announced February 2021.
-
Bounds and Genericity of Sum-Rank-Metric Codes
Authors:
Cornelia Ott,
Sven Puchinger,
Martin Bossert
Abstract:
We derive simplified sphere-packing and Gilbert--Varshamov bounds for codes in the sum-rank metric, which can be computed more efficiently than previous ones. They give rise to asymptotic bounds that cover the asymptotic setting that has not yet been considered in the literature: families of sum-rank-metric codes whose block size grows in the code length. We also provide two genericity results: we…
▽ More
We derive simplified sphere-packing and Gilbert--Varshamov bounds for codes in the sum-rank metric, which can be computed more efficiently than previous ones. They give rise to asymptotic bounds that cover the asymptotic setting that has not yet been considered in the literature: families of sum-rank-metric codes whose block size grows in the code length. We also provide two genericity results: we show that random linear codes achieve almost the sum-rank-metric Gilbert--Varshamov bound with high probability. Furthermore, we derive bounds on the probability that a random linear code attains the sum-rank-metric Singleton bound, showing that for large enough extension fields, almost all linear codes achieve it.
△ Less
Submitted 21 March, 2023; v1 submitted 3 February, 2021;
originally announced February 2021.
-
Efficient Decoding of Gabidulin Codes over Galois Rings
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh,
Jens Zumbrägel
Abstract:
This paper presents the first decoding algorithm for Gabidulin codes over Galois rings with provable quadratic complexity. The new method consists of two steps: (1) solving a syndrome-based key equation to obtain the annihilator polynomial of the error and therefore the column space of the error, (2) solving a key equation based on the received word in order to reconstruct the error vector. This t…
▽ More
This paper presents the first decoding algorithm for Gabidulin codes over Galois rings with provable quadratic complexity. The new method consists of two steps: (1) solving a syndrome-based key equation to obtain the annihilator polynomial of the error and therefore the column space of the error, (2) solving a key equation based on the received word in order to reconstruct the error vector. This two-step approach became necessary since standard solutions as the Euclidean algorithm do not properly work over rings.
△ Less
Submitted 3 February, 2021;
originally announced February 2021.
-
Correctable Erasure Patterns in Product Topologies
Authors:
Lukas Holzbaur,
Sven Puchinger,
Eitan Yaakobi,
Antonia Wachter-Zeh
Abstract:
Locality enables storage systems to recover failed nodes from small subsets of surviving nodes. The setting where nodes are partitioned into subsets, each allowing for local recovery, is well understood. In this work we consider a generalization introduced by Gopalan et al., where, viewing the codewords as arrays, constraints are imposed on the columns and rows in addition to some global constrain…
▽ More
Locality enables storage systems to recover failed nodes from small subsets of surviving nodes. The setting where nodes are partitioned into subsets, each allowing for local recovery, is well understood. In this work we consider a generalization introduced by Gopalan et al., where, viewing the codewords as arrays, constraints are imposed on the columns and rows in addition to some global constraints. Specifically, we present a generic method of adding such global parity-checks and derive new results on the set of correctable erasure patterns. Finally, we relate the set of correctable erasure patterns in the considered topology to those correctable in tensor-product codes.
△ Less
Submitted 10 February, 2021; v1 submitted 25 January, 2021;
originally announced January 2021.
-
Decoding of Interleaved Linearized Reed-Solomon Codes with Applications to Network Coding
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
Recently, Martinez-Penas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martinez-Penas-Kschischang, interleaving allows to increase the decoding region significantly…
▽ More
Recently, Martinez-Penas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martinez-Penas-Kschischang, interleaving allows to increase the decoding region significantly (especially w.r.t. the number of insertions) and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. The proposed decoder is a list decoder that can also be interpreted as a probabilistic unique decoder. Although our best upper bound on the list size is exponential, we present a heuristic argument and simulation results that indicate that the list size is in fact one for most channel realizations up to the maximal decoding radius.
△ Less
Submitted 27 May, 2021; v1 submitted 14 January, 2021;
originally announced January 2021.
-
Decoding of Interleaved Alternant Codes
Authors:
Lukas Holzbaur,
Hedongliang Liu,
Alessandro Neri,
Sven Puchinger,
Johan Rosenkilde,
Vladimir Sidorenko,
Antonia Wachter-Zeh
Abstract:
Interleaved Reed-Solomon codes admit efficient decoding algorithms which correct burst errors far beyond half the minimum distance in the random errors regime, e.g., by computing a common solution to the Key Equation for each Reed-Solomon code, as described by Schmidt et al. If this decoder does not succeed, it may either fail to return a codeword or miscorrect to an incorrect codeword, and good u…
▽ More
Interleaved Reed-Solomon codes admit efficient decoding algorithms which correct burst errors far beyond half the minimum distance in the random errors regime, e.g., by computing a common solution to the Key Equation for each Reed-Solomon code, as described by Schmidt et al. If this decoder does not succeed, it may either fail to return a codeword or miscorrect to an incorrect codeword, and good upper bounds on the fraction of error matrices for which these events occur are known. The decoding algorithm immediately applies to interleaved alternant codes as well, i.e., the subfield subcodes of interleaved Reed-Solomon codes, but the fraction of decodable error matrices differs, since the error is now restricted to a subfield. In this paper, we present new general lower and upper bounds on the fraction of error matrices decodable by Schmidt et al.'s decoding algorithm, thereby making it the only decoding algorithm for interleaved alternant codes for which such bounds are known.
△ Less
Submitted 17 September, 2021; v1 submitted 14 October, 2020;
originally announced October 2020.
-
Information- and Coding-Theoretic Analysis of the RLWE Channel
Authors:
Georg Maringer,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
Several cryptosystems based on the \emph{Ring Learning with Errors} (RLWE) problem have been proposed within the NIST post-quantum cryptography standardization process, e.g., NewHope. Furthermore, there are systems like Kyber which are based on the closely related MLWE assumption. Both previously mentioned schemes result in a non-zero decryption failure rate (DFR). The combination of encryption an…
▽ More
Several cryptosystems based on the \emph{Ring Learning with Errors} (RLWE) problem have been proposed within the NIST post-quantum cryptography standardization process, e.g., NewHope. Furthermore, there are systems like Kyber which are based on the closely related MLWE assumption. Both previously mentioned schemes result in a non-zero decryption failure rate (DFR). The combination of encryption and decryption for these kinds of algorithms can be interpreted as data transmission over a noisy channel. To the best of our knowledge this paper is the first work that analyzes the capacity of this channel. We show how to modify the encryption schemes such that the input alphabets of the corresponding channels are increased. In particular, we present lower bounds on their capacities which show that the transmission rate can be significantly increased compared to standard proposals in the literature. Furthermore, under the common assumption of stochastically independent coefficient failures, we give lower bounds on achievable rates based on both the Gilbert-Varshamov bound and concrete code constructions using BCH codes. By means of our constructions, we can either increase the total bitrate (by a factor of $1.84$ for Kyber and by factor of $7$ for NewHope) while guaranteeing the same DFR or for the same bitrate, we can significantly reduce the DFR for all schemes considered in this work (e.g., for NewHope from $2^{-216}$ to $2^{-12769}$).
△ Less
Submitted 25 November, 2022; v1 submitted 18 September, 2020;
originally announced September 2020.
-
Partial MDS Codes with Regeneration
Authors:
Lukas Holzbaur,
Sven Puchinger,
Eitan Yaakobi,
Antonia Wachter-Zeh
Abstract:
Partial MDS (PMDS) and sector-disk (SD) codes are classes of erasure correcting codes that combine locality with strong erasure correction capabilities. We construct PMDS and SD codes with local regeneration where each local code is a bandwidth-optimal regenerating MDS code. In the event of a node failure, these codes reduce both, the number of servers that have to be contacted as well as the amou…
▽ More
Partial MDS (PMDS) and sector-disk (SD) codes are classes of erasure correcting codes that combine locality with strong erasure correction capabilities. We construct PMDS and SD codes with local regeneration where each local code is a bandwidth-optimal regenerating MDS code. In the event of a node failure, these codes reduce both, the number of servers that have to be contacted as well as the amount of network traffic required for the repair process. The constructions require significantly smaller field size than the only other construction known in literature. Further, we present a construction of PMDS codes with global regeneration which allow to efficiently repair patterns of node failures that exceed the local erasure correction capability of the code and thereby invoke repair across different local groups.
△ Less
Submitted 11 June, 2021; v1 submitted 15 September, 2020;
originally announced September 2020.
-
Bounds and Code Constructions for Partially Defect Memory Cells
Authors:
Haider Al Kim,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
This paper considers coding for so-called partially stuck memory cells. Such memory cells can only store partial information as some of their levels cannot be used due to, e.g., wear out. First, we present a new code construction for masking such partially stuck cells while additionally correcting errors. This construction (for cells with $q >2$ levels) is achieved by generalizing an existing mask…
▽ More
This paper considers coding for so-called partially stuck memory cells. Such memory cells can only store partial information as some of their levels cannot be used due to, e.g., wear out. First, we present a new code construction for masking such partially stuck cells while additionally correcting errors. This construction (for cells with $q >2$ levels) is achieved by generalizing an existing masking-only construction in [1] (based on binary codes) to correct errors as well. Compared to previous constructions in [2], our new construction achieves larger rates for many sets of parameters. Second, we derive a sphere-packing (any number of $u$ partially stuck cells) and a Gilbert-Varshamov bound ($u<q$ partially stuck cells) for codes that can mask a certain number of partially stuck cells and correct errors additionally. A numerical comparison between the new bounds and our previous construction of PSMCs for the case $u<q$ in [2] shows that our construction lies above the Gilbert-Varshamov-like bound for several code parameters.
△ Less
Submitted 16 March, 2021; v1 submitted 14 September, 2020;
originally announced September 2020.
-
Low-Rank Parity-Check Codes over Galois Rings
Authors:
Julian Renner,
Alessandro Neri,
Sven Puchinger
Abstract:
Low-rank parity-check (LRPC) are rank-metric codes over finite fields, which have been proposed by Gaborit et al. (2013) for cryptographic applications. Inspired by a recent adaption of Gabidulin codes to certain finite rings by Kamche et al. (2019), we define and study LRPC codes over Galois rings - a wide class of finite commutative rings. We give a decoding algorithm similar to Gaborit et al.'s…
▽ More
Low-rank parity-check (LRPC) are rank-metric codes over finite fields, which have been proposed by Gaborit et al. (2013) for cryptographic applications. Inspired by a recent adaption of Gabidulin codes to certain finite rings by Kamche et al. (2019), we define and study LRPC codes over Galois rings - a wide class of finite commutative rings. We give a decoding algorithm similar to Gaborit et al.'s decoder, based on simple linear-algebraic operations. We derive an upper bound on the failure probability of the decoder, which is significantly more involved than in the case of finite fields. The bound depends only on the rank of an error, i.e., is independent of its free rank. Further, we analyze the complexity of the decoder. We obtain that there is a class of LRPC codes over a Galois ring that can decode roughly the same number of errors as a Gabidulin code with the same code parameters, but faster than the currently best decoder for Gabidulin codes. However, the price that one needs to pay is a small failure probability, which we can bound from above.
△ Less
Submitted 4 December, 2020; v1 submitted 18 June, 2020;
originally announced June 2020.
-
On the Gap between Scalar and Vector Solutions of Generalized Combination Networks
Authors:
Hedongliang Liu,
Hengjia Wei,
Sven Puchinger,
Antonia Wachter-Zeh,
Moshe Schwartz
Abstract:
We study scalar-linear and vector-linear solutions of the generalized combination network. We derive new upper and lower bounds on the maximum number of nodes in the middle layer, depending on the network parameters and the alphabet size. These bounds improve and extend the parameter range of known bounds. Using these new bounds we present a lower bound and an upper bound on the gap in the alphabe…
▽ More
We study scalar-linear and vector-linear solutions of the generalized combination network. We derive new upper and lower bounds on the maximum number of nodes in the middle layer, depending on the network parameters and the alphabet size. These bounds improve and extend the parameter range of known bounds. Using these new bounds we present a lower bound and an upper bound on the gap in the alphabet size between optimal scalar-linear and optimal vector-linear network coding solutions. For a fixed network structure, while varying the number of middle-layer nodes $r$, the asymptotic behavior of the upper and lower bounds shows that the gap is in $Θ(\log(r))$.
△ Less
Submitted 11 March, 2021; v1 submitted 8 June, 2020;
originally announced June 2020.
-
Fast Decoding of Codes in the Rank, Subspace, and Sum-Rank Metric
Authors:
Hannes Bartz,
Thomas Jerkovits,
Sven Puchinger,
Johan Rosenkilde
Abstract:
We speed up existing decoding algorithms for three code classes in different metrics: interleaved Gabidulin codes in the rank metric, lifted interleaved Gabidulin codes in the subspace metric, and linearized Reed-Solomon codes in the sum-rank metric. The speed-ups are achieved by new algorithms that reduce the cores of the underlying computational problems of the decoders to one common tool: compu…
▽ More
We speed up existing decoding algorithms for three code classes in different metrics: interleaved Gabidulin codes in the rank metric, lifted interleaved Gabidulin codes in the subspace metric, and linearized Reed-Solomon codes in the sum-rank metric. The speed-ups are achieved by new algorithms that reduce the cores of the underlying computational problems of the decoders to one common tool: computing left and right approximant bases of matrices over skew polynomial rings. To accomplish this, we describe a skew-analogue of the existing PM-Basis algorithm for matrices over ordinary polynomials. This captures the bulk of the work in multiplication of skew polynomials, and the complexity benefit comes from existing algorithms performing this faster than in classical quadratic complexity. The new algorithms for the various decoding-related computational problems are interesting in their own and have further applications, in particular parts of decoders of several other codes and foundational problems related to the remainder-evaluation of skew polynomials.
△ Less
Submitted 10 March, 2021; v1 submitted 20 May, 2020;
originally announced May 2020.
-
Achievable Rates of Concatenated Codes in DNA Storage under Substitution Errors
Authors:
Andreas Lenz,
Lorenz Welter,
Sven Puchinger
Abstract:
In this paper, we study achievable rates of concatenated coding schemes over a deoxyribonucleic acid (DNA) storage channel. Our channel model incorporates the main features of DNA-based data storage. First, information is stored on many, short DNA strands. Second, the strands are stored in an unordered fashion inside the storage medium and each strand is replicated many times. Third, the data is a…
▽ More
In this paper, we study achievable rates of concatenated coding schemes over a deoxyribonucleic acid (DNA) storage channel. Our channel model incorporates the main features of DNA-based data storage. First, information is stored on many, short DNA strands. Second, the strands are stored in an unordered fashion inside the storage medium and each strand is replicated many times. Third, the data is accessed in an uncontrollable manner, i.e., random strands are drawn from the medium and received, possibly with errors. As one of our results, we show that there is a significant gap between the channel capacity and the achievable rate of a standard concatenated code in which one strand corresponds to an inner block. This is in fact surprising as for other channels, such as $q$-ary symmetric channels, concatenated codes are known to achieve the capacity. We further propose a modified concatenated coding scheme by combining several strands into one inner block, which allows to narrow the gap and achieve rates that are close to the capacity.
△ Less
Submitted 30 April, 2020;
originally announced May 2020.
-
Generic Decoding in the Sum-Rank Metric
Authors:
Sven Puchinger,
Julian Renner,
Johan Rosenkilde
Abstract:
We propose the first non-trivial generic decoding algorithm for codes in the sum-rank metric. The new method combines ideas of well-known generic decoders in the Hamming and rank metric. For the same code parameters and number of errors, the new generic decoder has a larger expected complexity than the known generic decoders for the Hamming metric and smaller than the known rank-metric decoders. F…
▽ More
We propose the first non-trivial generic decoding algorithm for codes in the sum-rank metric. The new method combines ideas of well-known generic decoders in the Hamming and rank metric. For the same code parameters and number of errors, the new generic decoder has a larger expected complexity than the known generic decoders for the Hamming metric and smaller than the known rank-metric decoders. Furthermore, we give a formal hardness reduction, providing evidence that generic sum-rank decoding is computationally hard. As a by-product of the above, we solve some fundamental coding problems in the sum-rank metric: we give an algorithm to compute the exact size of a sphere of a given sum-rank radius, and also give an upper bound as a closed formula; and we study erasure decoding with respect to two different notions of support.
△ Less
Submitted 28 October, 2021; v1 submitted 14 January, 2020;
originally announced January 2020.
-
Low-Rank Parity-Check Codes over the Ring of Integers Modulo a Prime Power
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh,
Camilla Hollanti,
Ragnar Freij-Hollanti
Abstract:
We define and analyze low-rank parity-check (LRPC) codes over extension rings of the finite chain ring $\mathbb{Z}_{p^r}$, where $p$ is a prime and $r$ is a positive integer. LRPC codes have originally been proposed by Gaborit et al.(2013) over finite fields for cryptographic applications. The adaption to finite rings is inspired by a recent paper by Kamche et al. (2019), which constructed Gabidul…
▽ More
We define and analyze low-rank parity-check (LRPC) codes over extension rings of the finite chain ring $\mathbb{Z}_{p^r}$, where $p$ is a prime and $r$ is a positive integer. LRPC codes have originally been proposed by Gaborit et al.(2013) over finite fields for cryptographic applications. The adaption to finite rings is inspired by a recent paper by Kamche et al. (2019), which constructed Gabidulin codes over finite principle ideal rings with applications to space-time codes and network coding. We give a decoding algorithm based on simple linear-algebraic operations. Further, we derive an upper bound on the failure probability of the decoder. The upper bound is valid for errors whose rank is equal to the free rank.
△ Less
Submitted 15 May, 2020; v1 submitted 14 January, 2020;
originally announced January 2020.
-
Partial MDS Codes with Local Regeneration
Authors:
Lukas Holzbaur,
Sven Puchinger,
Eitan Yaakobi,
Antonia Wachter-Zeh
Abstract:
Partial MDS (PMDS) and sector-disk (SD) codes are classes of erasure codes that combine locality with strong erasure correction capabilities. We construct PMDS and SD codes where each local code is a bandwidth-optimal regenerating MDS code. The constructions require significantly smaller field size than the only other construction known in literature.
Partial MDS (PMDS) and sector-disk (SD) codes are classes of erasure codes that combine locality with strong erasure correction capabilities. We construct PMDS and SD codes where each local code is a bandwidth-optimal regenerating MDS code. The constructions require significantly smaller field size than the only other construction known in literature.
△ Less
Submitted 8 May, 2020; v1 submitted 14 January, 2020;
originally announced January 2020.
-
On the Gap between Scalar and Vector Solutions of Generalized Combination Networks
Authors:
Hedongliang Liu,
Hengjia Wei,
Sven Puchinger,
Antonia Wachter-Zeh,
Moshe Schwartz
Abstract:
We study scalar-linear and vector-linear solutions to the generalized combination network. We derive new upper and lower bounds on the maximum number of nodes in the middle layer, depending on the network parameters. These bounds improve and extend the parameter range of known bounds. Using these new bounds we present a general lower bound on the gap in the alphabet size between scalar-linear and…
▽ More
We study scalar-linear and vector-linear solutions to the generalized combination network. We derive new upper and lower bounds on the maximum number of nodes in the middle layer, depending on the network parameters. These bounds improve and extend the parameter range of known bounds. Using these new bounds we present a general lower bound on the gap in the alphabet size between scalar-linear and vector-linear solutions.
△ Less
Submitted 12 May, 2020; v1 submitted 13 January, 2020;
originally announced January 2020.
-
Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz,
Sven Puchinger,
Pierre Loidreau,
Antonia Wachter-Zeh
Abstract:
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm.…
▽ More
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.
△ Less
Submitted 10 February, 2020; v1 submitted 29 November, 2019;
originally announced November 2019.
-
Equivalence and Characterizations of Linear Rank-Metric Codes Based on Invariants
Authors:
Alessandro Neri,
Sven Puchinger,
Anna-Lena Horlemann-Trautmann
Abstract:
We show that the sequence of dimensions of the linear spaces, generated by a given rank-metric code together with itself under several applications of a field automorphism, is an invariant for the whole equivalence class of the code. The same property is proven for the sequence of dimensions of the intersections of itself under several applications of a field automorphism. These invariants give ri…
▽ More
We show that the sequence of dimensions of the linear spaces, generated by a given rank-metric code together with itself under several applications of a field automorphism, is an invariant for the whole equivalence class of the code. The same property is proven for the sequence of dimensions of the intersections of itself under several applications of a field automorphism. These invariants give rise to easily computable criteria to check if two codes are inequivalent. We derive some concrete values and bounds for these dimension sequences for some known families of rank-metric codes, namely Gabidulin and (generalized) twisted Gabidulin codes. We then derive conditions on the length of the codes with respect to the field extension degree, such that codes from different families cannot be equivalent. Furthermore, we derive upper and lower bounds on the number of equivalence classes of Gabidulin codes and twisted Gabidulin codes, improving a result of Schmidt and Zhou for a wider range of parameters. In the end we use the aforementioned sequences to determine a characterization result for Gabidulin codes.
△ Less
Submitted 16 September, 2020; v1 submitted 29 November, 2019;
originally announced November 2019.
-
Error Correction for Partially Stuck Memory Cells
Authors:
Haider Al Kim,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We present code constructions for masking $u$ partially stuck memory cells with $q$ levels and correcting additional random errors. The results are achieved by combining the methods for masking and error correction for stuck cells in [1] with the masking-only results for partially stuck cells in [2]. We present two constructions for masking $u<q$ cells and error correction: one is general and base…
▽ More
We present code constructions for masking $u$ partially stuck memory cells with $q$ levels and correcting additional random errors. The results are achieved by combining the methods for masking and error correction for stuck cells in [1] with the masking-only results for partially stuck cells in [2]. We present two constructions for masking $u<q$ cells and error correction: one is general and based on a generator matrix of a specific form. The second construction uses cyclic codes and allows to efficiently bound the error-correction capability using the BCH bound. Furthermore, we extend the results to masking $u\geq q$ cells. For $u>1$ and $q>2$, all new constructions require less redundancy for masking partially stuck cells than previous work on stuck cells, which in turn can result in higher code rates at the same masking and error correction capability.
△ Less
Submitted 7 November, 2019;
originally announced November 2019.
-
Error Decoding of Locally Repairable and Partial MDS Codes
Authors:
Lukas Holzbaur,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
In this work it is shown that locally repairable codes (LRCs) can be list-decoded efficiently beyond the Johnson radius for a large range of parameters by utilizing the local error-correction capabilities. The corresponding decoding radius is derived and the asymptotic behavior is analyzed. A general list-decoding algorithm for LRCs that achieves this radius is proposed along with an explicit real…
▽ More
In this work it is shown that locally repairable codes (LRCs) can be list-decoded efficiently beyond the Johnson radius for a large range of parameters by utilizing the local error-correction capabilities. The corresponding decoding radius is derived and the asymptotic behavior is analyzed. A general list-decoding algorithm for LRCs that achieves this radius is proposed along with an explicit realization for LRCs that are subcodes of Reed--Solomon codes (such as, e.g., Tamo--Barg LRCs). Further, a probabilistic algorithm of low complexity for unique decoding of LRCs is given and its success probability is analyzed.
The second part of this work considers error decoding of LRCs and partial maximum distance separable (PMDS) codes through interleaved decoding. For a specific class of LRCs the success probability of interleaved decoding is investigated. For PMDS codes, it is shown that there is a wide range of parameters for which interleaved decoding can increase their decoding radius beyond the minimum distance such that the probability of successful decoding approaches $1$ when the code length goes to infinity.
△ Less
Submitted 15 September, 2020; v1 submitted 23 September, 2019;
originally announced September 2019.
-
Invariants and Inequivalence of Linear Rank-Metric Codes
Authors:
Alessandro Neri,
Sven Puchinger,
Anna-Lena Horlemann-Trautmann
Abstract:
We show that the sequence of dimensions of the linear spaces, generated by a given rank-metric code together with itself under several applications of a field automorphism, is an invariant for the whole equivalence class of the code. These invariants give rise to an easily computable criterion to check if two codes are inequivalent. With this criterion we then derive bounds on the number of equiva…
▽ More
We show that the sequence of dimensions of the linear spaces, generated by a given rank-metric code together with itself under several applications of a field automorphism, is an invariant for the whole equivalence class of the code. These invariants give rise to an easily computable criterion to check if two codes are inequivalent. With this criterion we then derive bounds on the number of equivalence classes of classical and twisted Gabidulin codes.
△ Less
Submitted 27 May, 2019;
originally announced May 2019.
-
Decoding High-Order Interleaved Rank-Metric Codes
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
This paper presents an algorithm for decoding homogeneous interleaved codes of high interleaving order in the rank metric. The new decoder is an adaption of the Hamming-metric decoder by Metzner and Kapturowski (1990) and guarantees to correct all rank errors of weight up to $d-2$ whose rank over the large base field of the code equals the number of errors, where $d$ is the minimum rank distance o…
▽ More
This paper presents an algorithm for decoding homogeneous interleaved codes of high interleaving order in the rank metric. The new decoder is an adaption of the Hamming-metric decoder by Metzner and Kapturowski (1990) and guarantees to correct all rank errors of weight up to $d-2$ whose rank over the large base field of the code equals the number of errors, where $d$ is the minimum rank distance of the underlying code. In contrast to previously-known decoding algorithms, the new decoder works for any rank-metric code, not only Gabidulin codes. It is purely based on linear-algebraic computations, and has an explicit and easy-to-handle success condition. Furthermore, a lower bound on the decoding success probability for random errors of a given weight is derived. The relation of the new algorithm to existing interleaved decoders in the special case of Gabidulin codes is given.
△ Less
Submitted 18 April, 2019;
originally announced April 2019.
-
On Error Decoding of Locally Repairable and Partial MDS Codes
Authors:
Lukas Holzbaur,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We consider error decoding of locally repairable codes (LRC) and partial MDS (PMDS) codes through interleaved decoding. For a specific class of LRCs we investigate the success probability of interleaved decoding. For PMDS codes we show that there is a wide range of parameters for which interleaved decoding can increase their decoding radius beyond the minimum distance with the probability of succe…
▽ More
We consider error decoding of locally repairable codes (LRC) and partial MDS (PMDS) codes through interleaved decoding. For a specific class of LRCs we investigate the success probability of interleaved decoding. For PMDS codes we show that there is a wide range of parameters for which interleaved decoding can increase their decoding radius beyond the minimum distance with the probability of successful decoding approaching $1$, when the code length goes to infinity.
△ Less
Submitted 8 July, 2019; v1 submitted 11 April, 2019;
originally announced April 2019.
-
Interleaving Loidreau's Rank-Metric Cryptosystem
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We propose and analyze an interleaved variant of Loidreau's rank-metric cryptosystem based on rank multipliers. We analyze and adapt several attacks on the system, propose design rules, and study weak keys. Finding secure instances requires near-MRD rank-metric codes which are not investigated in the literature. Thus, we propose a random code construction that makes use of the fact that short rand…
▽ More
We propose and analyze an interleaved variant of Loidreau's rank-metric cryptosystem based on rank multipliers. We analyze and adapt several attacks on the system, propose design rules, and study weak keys. Finding secure instances requires near-MRD rank-metric codes which are not investigated in the literature. Thus, we propose a random code construction that makes use of the fact that short random codes over large fields are MRD with high probability. We derive an upper bound on the decryption failure rate and give example parameters for potential key size reduction.
△ Less
Submitted 31 July, 2019; v1 submitted 29 January, 2019;
originally announced January 2019.
-
On Decoding and Applications of Interleaved Goppa Codes
Authors:
Lukas Holzbaur,
Hedongliang Liu,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
Goppa Codes are a well-known class of codes with, among others, applications in code-based cryptography. In this paper, we present a collaborative decoding algorithm for interleaved Goppa codes (IGC). Collaborative decoding increases the decoding radius beyond half of the designed minimum distance. We consider wild Goppa codes and show that we can collaboratively correct more errors for binary Gop…
▽ More
Goppa Codes are a well-known class of codes with, among others, applications in code-based cryptography. In this paper, we present a collaborative decoding algorithm for interleaved Goppa codes (IGC). Collaborative decoding increases the decoding radius beyond half of the designed minimum distance. We consider wild Goppa codes and show that we can collaboratively correct more errors for binary Goppa codes than the Patterson decoder. We propose a modified version of the McEliece cryptosystem using wild IGC based on a recently proposed system by Elleuch et al., analyze attacks on the system and present some parameters with the corresponding key sizes.
△ Less
Submitted 4 September, 2019; v1 submitted 29 January, 2019;
originally announced January 2019.
-
Reed-Solomon Codes over Fields of Characteristic Zero
Authors:
Carmen Sippel,
Cornelia Ott,
Sven Puchinger,
Martin Bossert
Abstract:
We study Reed--Solomon codes over arbitrary fields, inspired by several recent papers dealing with Gabidulin codes over fields of characteristic zero. Over the field of rational numbers, we derive bounds on the coefficient growth during encoding and the bit complexity of decoding, which is polynomial in the code length and in the bit width of error and codeword values. The results can be generaliz…
▽ More
We study Reed--Solomon codes over arbitrary fields, inspired by several recent papers dealing with Gabidulin codes over fields of characteristic zero. Over the field of rational numbers, we derive bounds on the coefficient growth during encoding and the bit complexity of decoding, which is polynomial in the code length and in the bit width of error and codeword values. The results can be generalized to arbitrary number fields.
△ Less
Submitted 28 June, 2019; v1 submitted 21 January, 2019;
originally announced January 2019.
-
LIGA: A Cryptosystem Based on the Hardness of Rank-Metric List and Interleaved Decoding
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation al…
▽ More
We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail---hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.
△ Less
Submitted 18 May, 2020; v1 submitted 12 December, 2018;
originally announced December 2018.
-
Twisted Gabidulin Codes in the GPT Cryptosystem
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
In this paper, we investigate twisted Gabidulin codes in the GPT code-based public-key cryptosystem. We show that Overbeck's attack is not feasible for a subfamily of twisted Gabidulin codes. The resulting key sizes are significantly lower than in the original McEliece system and also slightly smaller than in Loidreau's unbroken GPT variant.
In this paper, we investigate twisted Gabidulin codes in the GPT code-based public-key cryptosystem. We show that Overbeck's attack is not feasible for a subfamily of twisted Gabidulin codes. The resulting key sizes are significantly lower than in the original McEliece system and also slightly smaller than in Loidreau's unbroken GPT variant.
△ Less
Submitted 14 August, 2018; v1 submitted 26 June, 2018;
originally announced June 2018.
-
Improved Power Decoding of Interleaved One-Point Hermitian Codes
Authors:
Sven Puchinger,
Johan Rosenkilde,
Irene Bouw
Abstract:
We propose a new partial decoding algorithm for $h$-interleaved one-point Hermitian codes that can decode-under certain assumptions-an error of relative weight up to $1-(\tfrac{k+g}{n})^{\frac{h}{h+1}}$, where $k$ is the dimension, $n$ the length, and $g$ the genus of the code. Simulation results for various parameters indicate that the new decoder achieves this maximal decoding radius with high p…
▽ More
We propose a new partial decoding algorithm for $h$-interleaved one-point Hermitian codes that can decode-under certain assumptions-an error of relative weight up to $1-(\tfrac{k+g}{n})^{\frac{h}{h+1}}$, where $k$ is the dimension, $n$ the length, and $g$ the genus of the code. Simulation results for various parameters indicate that the new decoder achieves this maximal decoding radius with high probability. The algorithm is based on a recent generalization of Rosenkilde's improved power decoder to interleaved Reed-Solomon codes, does not require an expensive root-finding step, and improves upon the previous best decoding radius by Kampf at all rates. In the special case $h=1$, we obtain an adaption of the improved power decoding algorithm to one-point Hermitian codes, which for all simulated parameters achieves a similar observed failure probability as the Guruswami-Sudan decoder above the latter's guaranteed decoding radius.
△ Less
Submitted 22 January, 2018;
originally announced January 2018.
-
Structural Properties of Twisted Reed-Solomon Codes with Applications to Cryptography
Authors:
Peter Beelen,
Martin Bossert,
Sven Puchinger,
Johan Rosenkilde
Abstract:
We present a generalisation of Twisted Reed-Solomon codes containing a new large class of MDS codes. We prove that the code class contains a large subfamily that is closed under duality. Furthermore, we study the Schur squares of the new codes and show that their dimension is often large. Using these structural properties, we single out a subfamily of the new codes which could be considered for co…
▽ More
We present a generalisation of Twisted Reed-Solomon codes containing a new large class of MDS codes. We prove that the code class contains a large subfamily that is closed under duality. Furthermore, we study the Schur squares of the new codes and show that their dimension is often large. Using these structural properties, we single out a subfamily of the new codes which could be considered for code-based cryptography: These codes resist some existing structural attacks for Reed-Solomon-like codes, i.e. methods for retrieving the code parameters from an obfuscated generator matrix.
△ Less
Submitted 11 May, 2018; v1 submitted 22 January, 2018;
originally announced January 2018.
-
Repairing the Faure-Loidreau Public-Key Cryptosystem
Authors:
Antonia Wachter-Zeh,
Sven Puchinger,
Julian Renner
Abstract:
A repair of the Faure-Loidreau (FL) public-key code-based cryptosystem is proposed. The FL cryptosystem is based on the hardness of list decoding Gabidulin codes which are special rank-metric codes. We prove that the recent structural attack on the system by Gaborit et al. is equivalent to decoding an interleaved Gabidulin code. Since all known polynomial-time decoders for these codes fail for a l…
▽ More
A repair of the Faure-Loidreau (FL) public-key code-based cryptosystem is proposed. The FL cryptosystem is based on the hardness of list decoding Gabidulin codes which are special rank-metric codes. We prove that the recent structural attack on the system by Gaborit et al. is equivalent to decoding an interleaved Gabidulin code. Since all known polynomial-time decoders for these codes fail for a large constructive class of error patterns, we are able to construct public keys that resist the attack. It is also shown that all other known attacks fail for our repair and parameter choices. Compared to other code-based cryptosystems, we obtain significantly smaller key sizes for the same security level.
△ Less
Submitted 7 May, 2018; v1 submitted 11 January, 2018;
originally announced January 2018.
-
On the Success Probability of Decoding (Partial) Unit Memory Codes
Authors:
Sven Puchinger,
Sven Müelich,
Martin Bossert
Abstract:
In this paper, we derive analytic expressions for the success probability of decoding (Partial) Unit Memory codes in memoryless channels. An applications of this result is that these codes outperform individual block codes in certain channels.
In this paper, we derive analytic expressions for the success probability of decoding (Partial) Unit Memory codes in memoryless channels. An applications of this result is that these codes outperform individual block codes in certain channels.
△ Less
Submitted 24 May, 2017;
originally announced May 2017.
-
Using Convolutional Codes for Key Extraction in SRAM Physical Unclonable Functions
Authors:
Sven Müelich,
Sven Puchinger,
Martin Bossert
Abstract:
Physical Unclonable Functions (PUFs) exploit variations in the manufacturing process to derive bit sequences from integrated circuits, which can be used as secure cryptographic keys. Instead of storing the keys in an insecure, non-volatile memory, they can be reproduced when needed. Since the reproduced sequences are not stable due to physical reasons, error correction must be applied. Recently, c…
▽ More
Physical Unclonable Functions (PUFs) exploit variations in the manufacturing process to derive bit sequences from integrated circuits, which can be used as secure cryptographic keys. Instead of storing the keys in an insecure, non-volatile memory, they can be reproduced when needed. Since the reproduced sequences are not stable due to physical reasons, error correction must be applied. Recently, convolutional codes were shown to be suitable for key reproduction in PUFs based on SRAM. This work shows how to further decrease the reconstruction failure probability and PUF implementation size using codes with larger memory length and decoding concepts such as soft-information and list decoding.
△ Less
Submitted 10 January, 2018; v1 submitted 5 April, 2017;
originally announced April 2017.
-
Further Generalisations of Twisted Gabidulin Codes
Authors:
Sven Puchinger,
Johan Rosenkilde né Nielsen,
John Sheekey
Abstract:
We present a new family of maximum rank distance (MRD) codes. The new class contains codes that are neither equivalent to a generalised Gabidulin nor to a twisted Gabidulin code, the only two known general constructions of linear MRD codes.
We present a new family of maximum rank distance (MRD) codes. The new class contains codes that are neither equivalent to a generalised Gabidulin nor to a twisted Gabidulin code, the only two known general constructions of linear MRD codes.
△ Less
Submitted 4 August, 2017; v1 submitted 23 March, 2017;
originally announced March 2017.
-
Improved Power Decoding of One-Point Hermitian Codes
Authors:
Sven Puchinger,
Irene Bouw,
Johan Rosenkilde né Nielsen
Abstract:
We propose a new partial decoding algorithm for one-point Hermitian codes that can decode up to the same number of errors as the Guruswami--Sudan decoder. Simulations suggest that it has a similar failure probability as the latter one. The algorithm is based on a recent generalization of the power decoding algorithm for Reed--Solomon codes and does not require an expensive root-finding step. In ad…
▽ More
We propose a new partial decoding algorithm for one-point Hermitian codes that can decode up to the same number of errors as the Guruswami--Sudan decoder. Simulations suggest that it has a similar failure probability as the latter one. The algorithm is based on a recent generalization of the power decoding algorithm for Reed--Solomon codes and does not require an expensive root-finding step. In addition, it promises improvements for decoding interleaved Hermitian codes.
△ Less
Submitted 23 March, 2017;
originally announced March 2017.
-
Constructing an LDPC Code Containing a Given Vector
Authors:
Sven Müelich,
Sven Puchinger,
Martin Bossert
Abstract:
The coding problem considered in this work is to construct a linear code $\mathcal{C}$ of given length $n$ and dimension $k<n$ such that a given binary vector $\mathbf{r} \in \mathbb{F}^{n}$ is contained in the code. We study a recent solution of this problem by Müelich and Bossert, which is based on LDPC codes. We address two open questions of this construction. First, we show that under certain…
▽ More
The coding problem considered in this work is to construct a linear code $\mathcal{C}$ of given length $n$ and dimension $k<n$ such that a given binary vector $\mathbf{r} \in \mathbb{F}^{n}$ is contained in the code. We study a recent solution of this problem by Müelich and Bossert, which is based on LDPC codes. We address two open questions of this construction. First, we show that under certain assumptions, this code construction is possible with high probability if $\mathbf{r}$ is chosen uniformly at random. Second, we calculate the uncertainty of $\mathbf{r}$ given the constructed code $\mathcal{C}$. We present an application of this problem in the field of Physical Unclonable Functions (PUFs).
△ Less
Submitted 14 August, 2018; v1 submitted 23 March, 2017;
originally announced March 2017.
-
Multi-Block Interleaved Codes for Local and Global Read Access
Authors:
Yuval Cassuto,
Evyatar Hemo,
Sven Puchinger,
Martin Bossert
Abstract:
We define multi-block interleaved codes as codes that allow reading information from either a small sub-block or from a larger full block. The former offers faster access, while the latter provides better reliability. We specify the correction capability of the sub-block code through its gap $t$ from optimal minimum distance, and look to have full-block minimum distance that grows with the paramet…
▽ More
We define multi-block interleaved codes as codes that allow reading information from either a small sub-block or from a larger full block. The former offers faster access, while the latter provides better reliability. We specify the correction capability of the sub-block code through its gap $t$ from optimal minimum distance, and look to have full-block minimum distance that grows with the parameter $t$. We construct two families of such codes when the number of sub-blocks is $3$. The codes match the distance properties of known integrated-interleaving codes, but with the added feature of map** the same number of information symbols to each sub-block. As such, they are the first codes that provide read access in multiple size granularities and correction capabilities.
△ Less
Submitted 25 January, 2017;
originally announced January 2017.