-
MinRank Gabidulin encryption scheme on matrix codes
Authors:
Nicolas Aragon,
Alain Couvreur,
Victor Dyseryn,
Philippe Gaborit,
Adrien Vinçotte
Abstract:
The McEliece scheme is a generic frame which allows to use any error correcting code of which there exists an efficient decoding algorithm to design an encryption scheme by hiding the generator matrix code. Similarly, the Niederreiter frame is the dual version of the McEliece scheme, and achieves smaller ciphertexts. We propose a generalization of the McEliece frame and the Niederreiter frame to m…
▽ More
The McEliece scheme is a generic frame which allows to use any error correcting code of which there exists an efficient decoding algorithm to design an encryption scheme by hiding the generator matrix code. Similarly, the Niederreiter frame is the dual version of the McEliece scheme, and achieves smaller ciphertexts. We propose a generalization of the McEliece frame and the Niederreiter frame to matrix codes and the MinRank problem, that we apply to Gabidulin matrix codes (Gabidulin rank codes considered as matrix codes). The masking we consider consists in starting from a rank code C, to consider a matrix version of C and to concatenate a certain number of rows and columns to the matrix codes version of the rank code C and then apply to an isometry for matric codes. The security of the schemes relies on the MinRank problem to decrypt a ciphertext, and the structural security of the scheme relies on a new problem EGMC-Indistinguishability problem that we introduce and that we study in detail. The main structural attack that we propose consists in trying to recover the masked linearity over the extension field which is lost during the masking process. Overall, starting from Gabidulin codes we obtain a very appealing tradeoff between the size of ciphertext and the size of the public key. For 128b of security we propose parameters ranging from ciphertext of size 65 B (and public keys of size 98 kB) to ciphertext of size 138B (and public key of size 41 kB). Our new approach permits to achieve better trade-off between ciphertexts and public key than the classical McEliece scheme. Our new approach permits to obtain an alternative scheme to the classic McEliece scheme, to obtain very small ciphertexts, with moreover smaller public keys than in the classic McEliece scheme. For 256 bits of security, we can obtain ciphertext as low as 119B, or public key as low as 87kB.
△ Less
Submitted 26 May, 2024;
originally announced May 2024.
-
A new approach based on quadratic forms to attack the McEliece cryptosystem
Authors:
Alain Couvreur,
Rocco Mora,
Jean-Pierre Tillich
Abstract:
We bring in here a novel algebraic approach for attacking the McEliece cryptosystem. It consists in introducing a subspace of matrices representing quadratic forms. Those are associated with quadratic relationships for the component-wise product in the dual of the code used in the cryptosystem. Depending on the characteristic of the code field, this space of matrices consists only of symmetric mat…
▽ More
We bring in here a novel algebraic approach for attacking the McEliece cryptosystem. It consists in introducing a subspace of matrices representing quadratic forms. Those are associated with quadratic relationships for the component-wise product in the dual of the code used in the cryptosystem. Depending on the characteristic of the code field, this space of matrices consists only of symmetric matrices or skew-symmetric matrices. This matrix space is shown to contain unusually low-rank matrices (rank $2$ or $3$ depending on the characteristic) which reveal the secret polynomial structure of the code. Finding such matrices can then be used to recover the secret key of the scheme. We devise a dedicated approach in characteristic $2$ consisting in using a Gröbner basis modeling that a skew-symmetric matrix is of rank $2$. This allows to analyze the complexity of solving the corresponding algebraic system with Gröbner bases techniques. This computation behaves differently when applied to the skew-symmetric matrix space associated with a random code rather than with a Goppa or an alternant code. This gives a distinguisher of the latter code family. We give a bound on its complexity which turns out to interpolate nicely between polynomial and exponential depending on the code parameters. A distinguisher for alternant/Goppa codes was already known [FGO+11]. It is of polynomial complexity but works only in a narrow parameter regime. This new distinguisher is also polynomial for the parameter regime necessary for [FGO+11] but contrarily to the previous one is able to operate for virtually all code parameters relevant to cryptography. Moreover, we use this matrix space to find a polynomial time attack of the McEliece cryptosystem provided that the Goppa code is distinguishable by the method of [FGO+11] and its degree is less than $q-1$, where $q$ is the alphabet size of the code.
△ Less
Submitted 24 August, 2023; v1 submitted 17 June, 2023;
originally announced June 2023.
-
Correlated Pseudorandomness from the Hardness of Quasi-Abelian Decoding
Authors:
Maxime Bombar,
Geoffroy Couteau,
Alain Couvreur,
Clément Ducros
Abstract:
Secure computation often benefits from the use of correlated randomness to achieve fast, non-cryptographic online protocols. A recent paradigm put forth by Boyle $\textit{et al.}$ (CCS 2018, Crypto 2019) showed how pseudorandom correlation generators (PCG) can be used to generate large amounts of useful forms of correlated (pseudo)randomness, using minimal interactions followed solely by local com…
▽ More
Secure computation often benefits from the use of correlated randomness to achieve fast, non-cryptographic online protocols. A recent paradigm put forth by Boyle $\textit{et al.}$ (CCS 2018, Crypto 2019) showed how pseudorandom correlation generators (PCG) can be used to generate large amounts of useful forms of correlated (pseudo)randomness, using minimal interactions followed solely by local computations, yielding silent secure two-party computation protocols (protocols where the preprocessing phase requires almost no communication). An additional property called programmability allows to extend this to build N-party protocols. However, known constructions for programmable PCG's can only produce OLE's over large fields, and use rather new splittable Ring-LPN assumption.
In this work, we overcome both limitations. To this end, we introduce the quasi-abelian syndrome decoding problem (QA-SD), a family of assumptions which generalises the well-established quasi-cyclic syndrome decoding assumption. Building upon QA-SD, we construct new programmable PCG's for OLE's over any field $\mathbb{F}_q$ with $q>2$. Our analysis also sheds light on the security of the ring-LPN assumption used in Boyle $\textit{et al.}$ (Crypto 2020). Using our new PCG's, we obtain the first efficient N-party silent secure computation protocols for computing general arithmetic circuit over $\mathbb{F}_q$ for any $q>2$.
△ Less
Submitted 6 June, 2023;
originally announced June 2023.
-
An extension of Overbeck's attack with an application to cryptanalysis of Twisted Gabidulin-based schemes
Authors:
Alain Couvreur,
Ilaria Zappatore
Abstract:
In this article, we discuss the decoding of Gabidulin and related codes from a cryptographic point of view, and we observe that these codes can be decoded solely from the knowledge of a generator matrix. We then extend and revisit Gibson and Overbeck attacks on the generalized GPT encryption scheme (instantiated with the Gabidulin code) for different ranks of the distortion matrix. We apply our at…
▽ More
In this article, we discuss the decoding of Gabidulin and related codes from a cryptographic point of view, and we observe that these codes can be decoded solely from the knowledge of a generator matrix. We then extend and revisit Gibson and Overbeck attacks on the generalized GPT encryption scheme (instantiated with the Gabidulin code) for different ranks of the distortion matrix. We apply our attack to the case of an instantiation with twisted Gabidulin codes.
△ Less
Submitted 26 June, 2023; v1 submitted 2 May, 2023;
originally announced May 2023.
-
Codes and modular curves
Authors:
Alain Couvreur
Abstract:
These lecture notes have been written for a course at the Algebraic Coding Theory (ACT) summer school 2022 that took place in the university of Zurich. The objective of the course propose an in-depth presentation of the proof of one of the most striking results of coding theory: Tsfasman Vlăduţ Zink Theorem, which asserts that for some prime power $q$, there exist sequences of codes over…
▽ More
These lecture notes have been written for a course at the Algebraic Coding Theory (ACT) summer school 2022 that took place in the university of Zurich. The objective of the course propose an in-depth presentation of the proof of one of the most striking results of coding theory: Tsfasman Vlăduţ Zink Theorem, which asserts that for some prime power $q$, there exist sequences of codes over $\mathbb{F}_q$ whose asymptotic parameters beat random codes.
△ Less
Submitted 9 January, 2023;
originally announced January 2023.
-
Improved decoding of symmetric rank metric errors
Authors:
Alain Couvreur
Abstract:
We consider the decoding of rank metric codes assuming the error matrix is symmetric. We prove two results. First, for rates $<1/2$ there exists a broad family of rank metric codes for which any symmetric error pattern, even of maximal rank can be corrected. Moreover, the corresponding family of decodable codes includes Gabidulin codes of rate $<1/2$. Second, for rates $>1/2$, we propose a decoder…
▽ More
We consider the decoding of rank metric codes assuming the error matrix is symmetric. We prove two results. First, for rates $<1/2$ there exists a broad family of rank metric codes for which any symmetric error pattern, even of maximal rank can be corrected. Moreover, the corresponding family of decodable codes includes Gabidulin codes of rate $<1/2$. Second, for rates $>1/2$, we propose a decoder for Gabidulin codes correcting symmetric errors of rank up to $n-k$. The two mentioned decoders are deterministic and worst case.
△ Less
Submitted 22 March, 2023; v1 submitted 16 December, 2022;
originally announced December 2022.
-
A proof of the Brill-Noether method from scratch
Authors:
Elena Berardini,
Alain Couvreur,
Grégoire Lecerf
Abstract:
In 1874 Brill and Noether designed a seminal geometric method for computing bases of Riemann-Roch spaces. From then, their method has led to several algorithms, some of them being implemented in computer algebra systems. The usual proofs often rely on abstract concepts of algebraic geometry and commutative algebra. In this paper we present a short self-contained and elementary proof that mostly ne…
▽ More
In 1874 Brill and Noether designed a seminal geometric method for computing bases of Riemann-Roch spaces. From then, their method has led to several algorithms, some of them being implemented in computer algebra systems. The usual proofs often rely on abstract concepts of algebraic geometry and commutative algebra. In this paper we present a short self-contained and elementary proof that mostly needs Newton polygons, Hensel lifting, bivariate resultants, and Chinese remaindering.
△ Less
Submitted 26 August, 2022;
originally announced August 2022.
-
On Codes and Learning With Errors over Function Fields
Authors:
Maxime Bombar,
Alain Couvreur,
Thomas Debris-Alazard
Abstract:
It is a long standing open problem to find search to decision reductions for structured versions of the decoding problem of linear codes. Such results in the lattice-based setting have been carried out using number fields: Polynomial-LWE, Ring-LWE, Module-LWE and so on. We propose a function field version of the LWE problem. This new framework leads to another point of view on structured codes, e.…
▽ More
It is a long standing open problem to find search to decision reductions for structured versions of the decoding problem of linear codes. Such results in the lattice-based setting have been carried out using number fields: Polynomial-LWE, Ring-LWE, Module-LWE and so on. We propose a function field version of the LWE problem. This new framework leads to another point of view on structured codes, e.g. quasi-cyclic codes, strengthening the connection between lattice-based and code-based cryptography. In particular, we obtain the first search to decision reduction for structured codes. Following the historical constructions in lattice-based cryptography, we instantiate our construction with function fields analogues of cyclotomic fields, namely Carlitz extensions, leading to search to decision reductions on various versions of Ring-LPN, which have applications to secure multi party computation and to an authentication protocol.
△ Less
Submitted 28 February, 2022;
originally announced February 2022.
-
Right-hand side decoding of Gabidulin code and applications
Authors:
Maxime Bombar,
Alain Couvreur
Abstract:
We discuss the decoding of Gabidulin and interleaved Gabidulin codes. We give the full presentation of a decoding algorithm for Gabidulin codes, which as Loidreau's seminal algorithm consists in localizing errors in the spirit of Berlekamp-Welch algorithm for Reed-Solomon codes. On the other hand, this algorithm consists in acting on codewords on the right while Loidreau's algorithm considers an a…
▽ More
We discuss the decoding of Gabidulin and interleaved Gabidulin codes. We give the full presentation of a decoding algorithm for Gabidulin codes, which as Loidreau's seminal algorithm consists in localizing errors in the spirit of Berlekamp-Welch algorithm for Reed-Solomon codes. On the other hand, this algorithm consists in acting on codewords on the right while Loidreau's algorithm considers an action on the left. This right-hand side decoder was already introduced by the authors in a previous work for cryptanalytic applications. We give here a generalised version which applies to the case of non-full length Gabidulin codes. Finally, we show that this algorithm turns out to provide a very clear and natural approach for the decoding of interleaved Gabidulin codes.
△ Less
Submitted 4 March, 2022; v1 submitted 14 December, 2021;
originally announced December 2021.
-
How arithmetic and geometry make error correcting codes better
Authors:
Alain Couvreur
Abstract:
This note completes a talk given at the conference Curves over Finite Fields: past, present and future celebrating the publication the book {\em Rational Points on Curves over Finite Fields by J.-P. Serre and organised at Centro de ciencias de Benasque in june 2021. It discusses a part of the history of algebraic geometry codes together with some of their recent applications. A particular focus is…
▽ More
This note completes a talk given at the conference Curves over Finite Fields: past, present and future celebrating the publication the book {\em Rational Points on Curves over Finite Fields by J.-P. Serre and organised at Centro de ciencias de Benasque in june 2021. It discusses a part of the history of algebraic geometry codes together with some of their recent applications. A particular focus is done on the "multiplicative" structure of these codes, i.e. their behaviour with respect to the component wise product. Some open questions are raised and discussed.
△ Less
Submitted 1 April, 2022; v1 submitted 21 October, 2021;
originally announced October 2021.
-
Decoding supercodes of Gabidulin codes and applications to cryptanalysis
Authors:
Maxime Bombar,
Alain Couvreur
Abstract:
This article discusses the decoding of Gabidulin codes and shows how to extend the usual decoder to any supercode of a Gabidulin code at the cost of a significant decrease of the decoding radius. Using this decoder, we provide polynomial time attacks on the rank-metric encryption schemes RAMESSES and LIGA.
This article discusses the decoding of Gabidulin codes and shows how to extend the usual decoder to any supercode of a Gabidulin code at the cost of a significant decrease of the decoding radius. Using this decoder, we provide polynomial time attacks on the rank-metric encryption schemes RAMESSES and LIGA.
△ Less
Submitted 19 November, 2021; v1 submitted 3 March, 2021;
originally announced March 2021.
-
Recovering or Testing Extended-Affine Equivalence
Authors:
Anne Canteaut,
Alain Couvreur,
Léo Perrin
Abstract:
Extended Affine (EA) equivalence is the equivalence relation between two vectorial Boolean functions $F$ and $G$ such that there exist two affine permutations $A$, $B$, and an affine function $C$ satisfying $G = A \circ F \circ B + C$. While the problem has a simple formulation, it is very difficult in practice to test whether two functions are EA-equivalent. This problem has two variants: {\em EA…
▽ More
Extended Affine (EA) equivalence is the equivalence relation between two vectorial Boolean functions $F$ and $G$ such that there exist two affine permutations $A$, $B$, and an affine function $C$ satisfying $G = A \circ F \circ B + C$. While the problem has a simple formulation, it is very difficult in practice to test whether two functions are EA-equivalent. This problem has two variants: {\em EA-partitioning} deals with partitioning a set of functions into disjoint EA-equivalence classes, and \emph{EA-recovery} is about recovering the tuple $(A,B,C)$ if it exists.
In this paper, we present a new algorithm that efficiently solves the EA-recovery problem for quadratic functions. Although its worst-case complexity occurs when dealing with APN functions, it supersedes, in terms of performance, all previously known algorithms for solving this problem for all quadratic functions and in any dimension, even in the case of APN functions. This approach is based on the Jacobian matrix of the functions, a tool whose study in this context can be of independent interest.
The best approach for EA-partitioning in practice mainly relies on class invariants. We provide an overview of the known invariants along with a new one based on the \emph{ortho-derivative}. This new invariant is applicable to quadratic APN functions, a specific type of functions that is of great interest, and of which tens of thousands need to be sorted into distinct EA-classes. Our ortho-derivative-based invariant is very fast to compute, and it practically always distinguishes between EA-inequivalent quadratic APN functions.
△ Less
Submitted 16 May, 2022; v1 submitted 26 February, 2021;
originally announced March 2021.
-
On the hardness of code equivalence problems in rank metric
Authors:
Alain Couvreur,
Thomas Debris-Alazard,
Philippe Gaborit
Abstract:
In the recent years, the notion of rank metric in the context of coding theory has known many interesting developments in terms of applications such as space time coding, network coding or public key cryptography. These applications raised the interest of the community for theoretical properties of this type of codes, such as the hardness of decoding in rank metric. Among classical problems associ…
▽ More
In the recent years, the notion of rank metric in the context of coding theory has known many interesting developments in terms of applications such as space time coding, network coding or public key cryptography. These applications raised the interest of the community for theoretical properties of this type of codes, such as the hardness of decoding in rank metric. Among classical problems associated to codes for a given metric, the notion of code equivalence (to decide if two codes are isometric) has always been of the greatest interest, for its cryptographic applications or its deep connexions to the graph isomorphism problem.
In this article, we discuss the hardness of the code equivalence problem in rank metric for $\mathbb{F}_{q^m}$-linear and general rank metric codes. In the $\mathbb{F}_{q^m}$-linear case, we reduce the underlying problem to another one called {\em Matrix Codes Right Equivalence Problem}. We prove the latter problem to be either in $\mathcal{P}$ or in $\mathcal{ZPP}$ depending of the ground field size. This is obtained by designing an algorithm whose principal routines are linear algebra and factoring polynomials over finite fields. It turns out that the most difficult instances involve codes with non trivial {\em stabilizer algebras}. The resolution of the latter case will involve tools related to finite dimensional algebras and Wedderburn--Artin theory. It is interesting to note that 30 years ago, an important trend in theoretical computer science consisted to design algorithms making effective major results of this theory. These algorithmic results turn out to be particularly useful in the present article.
Finally, for general matrix codes, we prove that the equivalence problem (both left and right) is at least as hard as the well--studied {\em Monomial Equivalence Problem} for codes endowed with the Hamming metric.
△ Less
Submitted 10 June, 2021; v1 submitted 9 November, 2020;
originally announced November 2020.
-
On the security of subspace subcodes of Reed-Solomon codes for public key encryption
Authors:
Alain Couvreur,
Matthieu Lequesne
Abstract:
This article discusses the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, i.e. subcodes of Reed-Solomon codes over $\mathbb{F}_{q^m}$ whose entries lie in a fixed collection of $\mathbb{F}_q$-subspaces of $\mathbb{F}_{q^m}$. These codes appear to be a natural generalisation of Goppa and alternant codes and provide a broader flexibility in designing code…
▽ More
This article discusses the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, i.e. subcodes of Reed-Solomon codes over $\mathbb{F}_{q^m}$ whose entries lie in a fixed collection of $\mathbb{F}_q$-subspaces of $\mathbb{F}_{q^m}$. These codes appear to be a natural generalisation of Goppa and alternant codes and provide a broader flexibility in designing code based encryption schemes. For the security analysis, we introduce a new operation on codes called the twisted product which yields a polynomial time distinguisher on such subspace subcodes as soon as the chosen $\mathbb{F}_q$-subspaces have dimension larger than $m/2$. From this distinguisher, we build an efficient attack which in particular breaks some parameters of a recent proposal due to Khathuria, Rosenthal and Weger.
△ Less
Submitted 8 October, 2021; v1 submitted 12 September, 2020;
originally announced September 2020.
-
Algebraic geometry codes and some applications
Authors:
Alain Couvreur,
Hugues Randriambololona
Abstract:
This article surveys the development of the theory of algebraic geometry codes since their discovery in the late 70's. We summarize the major results on various problems such as: asymptotic parameters, improved estimates on the minimum distance, and decoding algorithms. In addition, we present various modern applications of these codes such as public-key cryptography, algebraic complexity theory,…
▽ More
This article surveys the development of the theory of algebraic geometry codes since their discovery in the late 70's. We summarize the major results on various problems such as: asymptotic parameters, improved estimates on the minimum distance, and decoding algorithms. In addition, we present various modern applications of these codes such as public-key cryptography, algebraic complexity theory, multiparty computation or distributed storage.
△ Less
Submitted 2 September, 2020;
originally announced September 2020.
-
Rank-metric codes over arbitrary Galois extensions and rank analogues of Reed-Muller codes
Authors:
Daniel Augot,
Alain Couvreur,
Julien Lavauzelle,
Alessandro Neri
Abstract:
This paper extends the study of rank-metric codes in extension fields $\mathbb{L}$ equipped with an arbitrary Galois group $G = \mathrm{Gal}(\mathbb{L}/\mathbb{K})$. We propose a framework for studying these codes as subspaces of the group algebra $\mathbb{L}[G]$, and we relate this point of view with usual notions of rank-metric codes in $\mathbb{L}^N$ or in $\mathbb{K}^{N\times N}$, where…
▽ More
This paper extends the study of rank-metric codes in extension fields $\mathbb{L}$ equipped with an arbitrary Galois group $G = \mathrm{Gal}(\mathbb{L}/\mathbb{K})$. We propose a framework for studying these codes as subspaces of the group algebra $\mathbb{L}[G]$, and we relate this point of view with usual notions of rank-metric codes in $\mathbb{L}^N$ or in $\mathbb{K}^{N\times N}$, where $N = [\mathbb{L} : \mathbb{K}]$. We then adapt the notion of error-correcting pairs to this context, in order to provide a non-trivial decoding algorithm for these codes. We then focus on the case where $G$ is abelian, which leads us to see codewords as elements of a multivariate skew polynomial ring. We prove that we can bound the dimension of the vector space of zeroes of these polynomials, depending of their degree. This result can be seen as an analogue of Alon-Füredi theorem -- and by means, of Schwartz-Zippel lemma -- in the rank metric. Finally, we construct the counterparts of Reed-Muller codes in the rank metric, and we give their parameters. We also show the connection between these codes and classical Reed-Muller codes in the case where $\mathbb{L}$ is a Kummer extension.
△ Less
Submitted 25 June, 2020;
originally announced June 2020.
-
Toward good families of codes from towers of surfaces
Authors:
Alain Couvreur,
Philippe Lebacque,
Marc Perret
Abstract:
We introduce in this article a new method to estimate the minimum distance of codes from algebraic surfaces. This lower bound is generic, i.e. can be applied to any surface, and turns out to be ``liftable'' under finite morphisms, paving the way toward the construction of good codes from towers of surfaces. In the same direction, we establish a criterion for a surface with a fixed finite set of cl…
▽ More
We introduce in this article a new method to estimate the minimum distance of codes from algebraic surfaces. This lower bound is generic, i.e. can be applied to any surface, and turns out to be ``liftable'' under finite morphisms, paving the way toward the construction of good codes from towers of surfaces. In the same direction, we establish a criterion for a surface with a fixed finite set of closed points $\mathcal P$ to have an infinite tower of $\ell$--étale covers in which $\mathcal P$ splits totally. We conclude by stating several open problems. In particular, we relate the existence of asymptotically good codes from general type surfaces with a very ample canonical class to the behaviour of their number of rational points with respect to their $K^2$ and coherent Euler characteristic.
△ Less
Submitted 8 June, 2020; v1 submitted 6 February, 2020;
originally announced February 2020.
-
Power Error Locating Pairs
Authors:
Alain Couvreur,
Isabella Panaccione
Abstract:
We present a new decoding algorithm based on error locating pairs and correcting an amount of errors exceeding half the minimum distance. When applied to Reed--Solomon or algebraic geometry codes, the algorithm is a reformulation of the so--called {\em power decoding} algorithm. Asymptotically, it corrects errors up to Sudan's radius. In addition, this new framework applies to any code benefiting…
▽ More
We present a new decoding algorithm based on error locating pairs and correcting an amount of errors exceeding half the minimum distance. When applied to Reed--Solomon or algebraic geometry codes, the algorithm is a reformulation of the so--called {\em power decoding} algorithm. Asymptotically, it corrects errors up to Sudan's radius. In addition, this new framework applies to any code benefiting from an error locating pair. Similarly to Pellikaan's and Kötter's approach for unique algebraic decoding, our algorithm provides a unified point of view for decoding codes with an algebraic structure beyond the half minimum distance. It permits to get an abstract description of decoding using only codes and linear algebra and without involving the arithmetic of polynomial and rational function algebras used for the definition of the codes themselves. Such algorithms can be valuable for instance for cryptanalysis to construct a decoding algorithm of a code without having access to the hidden algebraic structure of the code.
△ Less
Submitted 9 July, 2020; v1 submitted 26 July, 2019;
originally announced July 2019.
-
Practical Algebraic Attack on DAGS
Authors:
Magali Bardet,
Manon Bertin,
Alain Couvreur,
Ayoub Otmani
Abstract:
DAGS scheme is a key encapsulation mechanism (KEM) based on quasi-dyadic alternant codes that was submitted to NIST standardization process for a quantum resistant public key algorithm. Recently an algebraic attack was devised by Barelli and Couvreur (Asiacrypt 2018) that efficiently recovers the private key. It shows that DAGS can be totally cryptanalysed by solving a system of bilinear polynomia…
▽ More
DAGS scheme is a key encapsulation mechanism (KEM) based on quasi-dyadic alternant codes that was submitted to NIST standardization process for a quantum resistant public key algorithm. Recently an algebraic attack was devised by Barelli and Couvreur (Asiacrypt 2018) that efficiently recovers the private key. It shows that DAGS can be totally cryptanalysed by solving a system of bilinear polynomial equations. However, some sets of DAGS parameters were not broken in practice. In this paper we improve the algebraic attack by showing that the original approach was not optimal in terms of the ratio of the number of equations to the number of variables. Contrary to the common belief that reducing at any cost the number of variables in a polynomial system is always beneficial, we actually observed that, provided that the ratio is increased and up to a threshold, the solving can be heavily improved by adding variables to the polynomial system. This enables us to recover the private keys in a few seconds. Furthermore, our experimentations also show that the maximum degree reached during the computation of the Gröbner basis is an important parameter that explains the efficiency of the attack. Finally, the authors of DAGS updated the parameters to take into account the algebraic cryptanalysis of Barelli and Couvreur. In the present article, we propose a hybrid approach that performs an exhaustive search on some variables and computes a Gröbner basis on the polynomial system involving the remaining variables. We then show that the updated set of parameters corresponding to 128-bit security can be broken with 2^83 operations.
△ Less
Submitted 9 May, 2019;
originally announced May 2019.
-
Anticanonical codes from del Pezzo surfaces with Picard rank one
Authors:
Régis Blache,
Alain Couvreur,
Emmanuel Hallouin,
David Madore,
Jade Nardi,
Matthieu Rambaud,
Hugues Randriam
Abstract:
We construct algebraic geometric codes from del Pezzo surfaces and focus on the ones having Picard rank one and the codes associated to the anticanonical class. We give explicit constructions of del Pezzo surfaces of degree 4, 5 and 6, compute the parameters of the associated anticanonical codes and study their isomorphisms arising from the automorphisms of the surface. We obtain codes with excell…
▽ More
We construct algebraic geometric codes from del Pezzo surfaces and focus on the ones having Picard rank one and the codes associated to the anticanonical class. We give explicit constructions of del Pezzo surfaces of degree 4, 5 and 6, compute the parameters of the associated anticanonical codes and study their isomorphisms arising from the automorphisms of the surface. We obtain codes with excellent parameters and some of them turn out to beat the best known codes listed on the database codetable.
△ Less
Submitted 22 March, 2019;
originally announced March 2019.
-
On the security of a Loidreau's rank metric code based encryption scheme
Authors:
Daniel Coggia,
Alain Couvreur
Abstract:
We present a polynomial time attack of a rank metric code based encryption scheme due to Loidreau for some parameters.
We present a polynomial time attack of a rank metric code based encryption scheme due to Loidreau for some parameters.
△ Less
Submitted 9 July, 2020; v1 submitted 7 March, 2019;
originally announced March 2019.
-
Recovering short secret keys of RLCE in polynomial time
Authors:
Alain Couvreur,
Matthieu Lequesne,
Jean-Pierre Tillich
Abstract:
We present a key recovery attack against Y. Wang's Random Linear Code Encryption (RLCE) scheme recently submitted to the NIST call for post-quantum cryptography. This attack recovers the secret key for all the short key parameters proposed by the author.
We present a key recovery attack against Y. Wang's Random Linear Code Encryption (RLCE) scheme recently submitted to the NIST call for post-quantum cryptography. This attack recovers the secret key for all the short key parameters proposed by the author.
△ Less
Submitted 29 May, 2018;
originally announced May 2018.
-
An efficient structural attack on NIST submission DAGS
Authors:
Elise Barelli,
Alain Couvreur
Abstract:
We present an efficient key recovery attack on code based encryption schemes using some quasi-dyadic alternant codes with extension degree 2. This attack permits to break the proposal DAGS recently submitted to NIST.
We present an efficient key recovery attack on code based encryption schemes using some quasi-dyadic alternant codes with extension degree 2. This attack permits to break the proposal DAGS recently submitted to NIST.
△ Less
Submitted 20 September, 2018; v1 submitted 14 May, 2018;
originally announced May 2018.
-
On tensor products of CSS Codes
Authors:
Benjamin Audoux,
Alain Couvreur
Abstract:
CSS codes are in one-to-one correspondance with length 3 chain complexes. The latter are naturally endowed with a tensor product $\otimes$ which induces a similar operation on the former. We investigate this operation, and in particular its behavior with regard to minimum distances. Given a CSS code $\mathcal{C}$, we give a criterion which provides a lower bound on the minimum distance of…
▽ More
CSS codes are in one-to-one correspondance with length 3 chain complexes. The latter are naturally endowed with a tensor product $\otimes$ which induces a similar operation on the former. We investigate this operation, and in particular its behavior with regard to minimum distances. Given a CSS code $\mathcal{C}$, we give a criterion which provides a lower bound on the minimum distance of $\mathcal{C} \otimes \mathcal{D}$ for every CSS code $\mathcal D$. We apply this result to study the behaviour of iterated tensor powers of codes. Such sequences of codes are logarithmically LDPC and we prove in particular that their minimum distances tend generically to infinity. Different known results are reinterpretated in terms of tensor products. Three new families of CSS codes are defined, and their iterated tensor powers produce LDPC sequences of codes with length $n$, row weight in $O(\log n)$ and minimum distances larger than $n^{\fracα{2}}$ for any $α<1$. One family produces sequences with dimensions larger than $n^β$ for any $β<1$.
△ Less
Submitted 25 September, 2018; v1 submitted 22 December, 2015;
originally announced December 2015.
-
A Polynomial-Time Attack on the BBCRS Scheme
Authors:
Alain Couvreur,
Ayoub Otmani,
Jean-Pierre Tillich,
Valérie Gauthier-Umana
Abstract:
The BBCRS scheme is a variant of the McEliece public-key encryption scheme where the hiding phase is performed by taking the inverse of a matrix which is of the form $\mathbf{T} +\mathbf{R}$ where $\mathbf{T}$ is a sparse matrix with average row/column weight equal to a very small quantity $m$, usually $m < 2$, and $\mathbf{R}$ is a matrix of small rank $z\geqslant 1$. The rationale of this new tr…
▽ More
The BBCRS scheme is a variant of the McEliece public-key encryption scheme where the hiding phase is performed by taking the inverse of a matrix which is of the form $\mathbf{T} +\mathbf{R}$ where $\mathbf{T}$ is a sparse matrix with average row/column weight equal to a very small quantity $m$, usually $m < 2$, and $\mathbf{R}$ is a matrix of small rank $z\geqslant 1$. The rationale of this new transformation is the reintroduction of families of codes, like generalized Reed-Solomon codes, that are famously known for representing insecure choices. We present a key-recovery attack when $z = 1$ and $m$ is chosen between $1$ and $1 + R + O( \frac{1}{\sqrt{n}} )$ where $R$ denotes the code rate. This attack has complexity $O(n^6)$ and breaks all the parameters suggested in the literature.
△ Less
Submitted 15 January, 2015;
originally announced January 2015.
-
Cryptanalysis of public-key cryptosystems that use subcodes of algebraic geometry codes
Authors:
Alain Couvreur,
Irene Márquez-Corbella,
Ruud Pellikaan
Abstract:
We give a polynomial time attack on the McEliece public key cryptosystem based on subcodes of algebraic geometry (AG) codes. The proposed attack reposes on the distinguishability of such codes from random codes using the Schur product. Wieschebrink treated the genus zero case a few years ago but his approach cannot be extent straightforwardly to other genera. We address this problem by introducing…
▽ More
We give a polynomial time attack on the McEliece public key cryptosystem based on subcodes of algebraic geometry (AG) codes. The proposed attack reposes on the distinguishability of such codes from random codes using the Schur product. Wieschebrink treated the genus zero case a few years ago but his approach cannot be extent straightforwardly to other genera. We address this problem by introducing and using a new notion, which we call the t-closure of a code.
△ Less
Submitted 29 September, 2014;
originally announced September 2014.
-
Polynomial Time Attack on Wild McEliece Over Quadratic Extensions
Authors:
Alain Couvreur,
Ayoub Otmani,
Jean-Pierre Tillich
Abstract:
We present a polynomial time structural attack against the McEliece system based on Wild Goppa codes from a quadratic finite field extension. This attack uses the fact that such codes can be distinguished from random codes to compute some filtration, that is to say a family of nested subcodes which will reveal their secret algebraic description.
We present a polynomial time structural attack against the McEliece system based on Wild Goppa codes from a quadratic finite field extension. This attack uses the fact that such codes can be distinguished from random codes to compute some filtration, that is to say a family of nested subcodes which will reveal their secret algebraic description.
△ Less
Submitted 24 July, 2015; v1 submitted 13 February, 2014;
originally announced February 2014.
-
Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes
Authors:
Alain Couvreur,
Irene Márquez-Corbella,
Ruud Pellikaan
Abstract:
We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that…
▽ More
We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that corrects up to $\frac{d^*-1-g}{2}$ errors, where $d^*$ denotes the designed distance and $g$ denotes the genus of the corresponding curve, while with an ECA the decoding algorithm corrects up to $\frac{d^*-1}{2}$ errors. Roughly speaking, for a public code of length $n$ over $\mathbb F_q$, these attacks run in $O(n^4\log (n))$ operations in $\mathbb F_q$ for the reconstruction of an ECP and $O(n^5)$ operations for the reconstruction of an ECA. A probabilistic shortcut allows to reduce the complexities respectively to $O(n^{3+\varepsilon} \log (n))$ and $O(n^{4+\varepsilon})$. Compared to the previous known attack due to Faure and Minder, our attack is efficient on codes from curves of arbitrary genus. Furthermore, we investigate how far these methods apply to subcodes of AG codes.
△ Less
Submitted 3 June, 2017; v1 submitted 23 January, 2014;
originally announced January 2014.
-
New Identities Relating Wild Goppa Codes
Authors:
Alain Couvreur,
Ayoub Otmani,
Jean-Pierre Tillich
Abstract:
For a given support $L \in \mathbb{F}_{q^m}^n$ and a polynomial $g\in \mathbb{F}_{q^m}[x]$ with no roots in $\mathbb{F}_{q^m}$, we prove equality between the $q$-ary Goppa codes $Γ_q(L,N(g)) = Γ_q(L,N(g)/g)$ where $N(g)$ denotes the norm of $g$, that is $g^{q^{m-1}+\cdots +q+1}.$ In particular, for $m=2$, that is, for a quadratic extension, we get $Γ_q(L,g^q) = Γ_q(L,g^{q+1})$. If $g$ has roots in…
▽ More
For a given support $L \in \mathbb{F}_{q^m}^n$ and a polynomial $g\in \mathbb{F}_{q^m}[x]$ with no roots in $\mathbb{F}_{q^m}$, we prove equality between the $q$-ary Goppa codes $Γ_q(L,N(g)) = Γ_q(L,N(g)/g)$ where $N(g)$ denotes the norm of $g$, that is $g^{q^{m-1}+\cdots +q+1}.$ In particular, for $m=2$, that is, for a quadratic extension, we get $Γ_q(L,g^q) = Γ_q(L,g^{q+1})$. If $g$ has roots in $\mathbb{F}_{q^m}$, then we do not necessarily have equality and we prove that the difference of the dimensions of the two codes is bounded above by the number of distinct roots of $g$ in $\mathbb{F}_{q^m}$. These identities provide numerous code equivalences and improved designed parameters for some families of classical Goppa codes.
△ Less
Submitted 7 November, 2013; v1 submitted 11 October, 2013;
originally announced October 2013.
-
Distinguisher-Based Attacks on Public-Key Cryptosystems Using Reed-Solomon Codes
Authors:
Alain Couvreur,
Philippe Gaborit,
Valérie Gauthier-Umaña,
Ayoub Otmani,
Jean-Pierre Tillich
Abstract:
Because of their interesting algebraic properties, several authors promote the use of generalized Reed-Solomon codes in cryptography. Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure. Wieschebrink proposed a variant of the McEliece cryptosystem which consists in concatenating a few random columns t…
▽ More
Because of their interesting algebraic properties, several authors promote the use of generalized Reed-Solomon codes in cryptography. Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure. Wieschebrink proposed a variant of the McEliece cryptosystem which consists in concatenating a few random columns to a generator matrix of a secretly chosen generalized Reed-Solomon code. More recently, new schemes appeared which are the homomorphic encryption scheme proposed by Bogdanov and Lee, and a variation of the McEliece cryptosystem proposed by Baldi et \textit{al.} which hides the generalized Reed-Solomon code by means of matrices of very low rank.
In this work, we show how to mount key-recovery attacks against these public-key encryption schemes. We use the concept of distinguisher which aims at detecting a behavior different from the one that one would expect from a random code. All the distinguishers we have built are based on the notion of component-wise product of codes. It results in a powerful tool that is able to recover the secret structure of codes when they are derived from generalized Reed-Solomon codes. Lastly, we give an alternative to Sidelnikov and Shestakov attack by building a filtration which enables to completely recover the support and the non-zero scalars defining the secret generalized Reed-Solomon code.
△ Less
Submitted 28 March, 2014; v1 submitted 24 July, 2013;
originally announced July 2013.
-
Codes and the Cartier Operator
Authors:
Alain Couvreur
Abstract:
In this article, we present a new construction of codes from algebraic curves. Given a curve over a non-prime finite field, the obtained codes are defined over a subfield. We call them Cartier Codes since their construction involves the Cartier operator. This new class of codes can be regarded as a natural geometric generalisation of classical Goppa codes. In particular, we prove that a well-known…
▽ More
In this article, we present a new construction of codes from algebraic curves. Given a curve over a non-prime finite field, the obtained codes are defined over a subfield. We call them Cartier Codes since their construction involves the Cartier operator. This new class of codes can be regarded as a natural geometric generalisation of classical Goppa codes. In particular, we prove that a well-known property satisfied by classical Goppa codes extends naturally to Cartier codes. We prove general lower bounds for the dimension and the minimum distance of these codes and compare our construction with a classical one: the subfield subcodes of Algebraic Geometry codes. We prove that every Cartier code is contained in a subfield subcode of an Algebraic Geometry code and that the two constructions have similar asymptotic performances.
We also show that some known results on subfield subcodes of Algebraic Geometry codes can be proved nicely by using properties of the Cartier operator and that some known bounds on the dimension of subfield subcodes of Algebraic Geometry codes can be improved thanks to Cartier codes and the Cartier operator.
△ Less
Submitted 10 September, 2012; v1 submitted 20 June, 2012;
originally announced June 2012.
-
A Construction of Quantum LDPC Codes from Cayley Graphs
Authors:
Alain Couvreur,
Nicolas Delfosse,
Gilles Zémor
Abstract:
We study a construction of Quantum LDPC codes proposed by MacKay, Mitchison and Shokrollahi. It is based on the Cayley graph of Fn together with a set of generators regarded as the columns of the parity-check matrix of a classical code. We give a general lower bound on the minimum distance of the Quantum code in $\mathcal{O}(dn^2)$ where d is the minimum distance of the classical code. When the cl…
▽ More
We study a construction of Quantum LDPC codes proposed by MacKay, Mitchison and Shokrollahi. It is based on the Cayley graph of Fn together with a set of generators regarded as the columns of the parity-check matrix of a classical code. We give a general lower bound on the minimum distance of the Quantum code in $\mathcal{O}(dn^2)$ where d is the minimum distance of the classical code. When the classical code is the $[n, 1, n]$ repetition code, we are able to compute the exact parameters of the associated Quantum code which are $[[2^n, 2^{\frac{n+1}{2}}, 2^{\frac{n-1}{2}}]]$.
△ Less
Submitted 17 December, 2013; v1 submitted 12 June, 2012;
originally announced June 2012.
-
Evaluation Codes from smooth Quadric Surfaces and Twisted Segre Varieties
Authors:
Alain Couvreur,
Iwan Duursma
Abstract:
We give the parameters of any evaluation code on a smooth quadric surface. For hyperbolic quadrics the approach uses elementary results on product codes and the parameters of codes on elliptic quadrics are obtained by detecting a BCH structure of these codes and using the BCH bound. The elliptic quadric is a twist of the surface P^1 x P^1 and we detect a similar BCH structure on twists of the Segr…
▽ More
We give the parameters of any evaluation code on a smooth quadric surface. For hyperbolic quadrics the approach uses elementary results on product codes and the parameters of codes on elliptic quadrics are obtained by detecting a BCH structure of these codes and using the BCH bound. The elliptic quadric is a twist of the surface P^1 x P^1 and we detect a similar BCH structure on twists of the Segre embedding of a product of any d copies of the projective line.
△ Less
Submitted 12 June, 2012; v1 submitted 24 January, 2011;
originally announced January 2011.
-
List-decoding of binary Goppa codes up to the binary Johnson bound
Authors:
Daniel Augot,
Morgan Barbier,
Alain Couvreur
Abstract:
We study the list-decoding problem of alternant codes, with the notable case of classical Goppa codes. The major consideration here is to take into account the size of the alphabet, which shows great influence on the list-decoding radius. This amounts to compare the \emph{generic} Johnson bound to the \emph{$q$-ary} Johnson bound. This difference is important when $q$ is very small. Essentially, t…
▽ More
We study the list-decoding problem of alternant codes, with the notable case of classical Goppa codes. The major consideration here is to take into account the size of the alphabet, which shows great influence on the list-decoding radius. This amounts to compare the \emph{generic} Johnson bound to the \emph{$q$-ary} Johnson bound. This difference is important when $q$ is very small. Essentially, the most favourable case is $q=2$, for which the decoding radius is greatly improved, notably when the relative minimum distance gets close to 1/2. Even though the announced result, which is the list-decoding radius of binary Goppa codes, is new, it can be rather easily made up from previous sources (V. Guruswami, R. M. Roth and I. Tal, R .M. Roth), which may be a little bit unknown, and in which the case of binary Goppa codes has apparently not been thought at. Only D. J. Bernstein treats the case of binary Goppa codes in a preprint. References are given in the introduction. We propose an autonomous treatment and also a complexity analysis of the studied algorithm, which is quadratic in the blocklength $n$, when decoding at some distance of the relative maximum decoding radius, and in $O(n^7)$ when reaching the maximum radius.
△ Less
Submitted 15 December, 2010;
originally announced December 2010.
-
Construction of Rational Surfaces Yielding Good Codes
Authors:
Alain Couvreur
Abstract:
In the present article, we consider Algebraic Geometry codes on some rational surfaces. The estimate of the minimum distance is translated into a point counting problem on plane curves. This problem is solved by applying the upper bound "à la Weil" of Aubry and Perret together with the bound of Homma and Kim for plane curves. The parameters of several codes from rational surfaces are computed. Amo…
▽ More
In the present article, we consider Algebraic Geometry codes on some rational surfaces. The estimate of the minimum distance is translated into a point counting problem on plane curves. This problem is solved by applying the upper bound "à la Weil" of Aubry and Perret together with the bound of Homma and Kim for plane curves. The parameters of several codes from rational surfaces are computed. Among them, the codes defined by the evaluation of forms of degree 3 on an elliptic quadric are studied. As far as we know, such codes have never been treated before. Two other rational surfaces are studied and very good codes are found on them. In particular, a [57,12,34] code over $\mathbf{F}_7$ and a [91,18,53] code over $\mathbf{F}_9$ are discovered, these codes beat the best known codes up to now.
△ Less
Submitted 16 December, 2010; v1 submitted 13 August, 2010;
originally announced August 2010.
-
Incidence structures from the blown-up plane and LDPC codes
Authors:
Alain Couvreur
Abstract:
In this article, new regular incidence structures are presented. They arise from sets of conics in the affine plane blown-up at its rational points. The LDPC codes given by these incidence matrices are studied. These sparse incidence matrices turn out to be redundant, which means that their number of rows exceeds their rank. Such a feature is absent from random LDPC codes and is in general interes…
▽ More
In this article, new regular incidence structures are presented. They arise from sets of conics in the affine plane blown-up at its rational points. The LDPC codes given by these incidence matrices are studied. These sparse incidence matrices turn out to be redundant, which means that their number of rows exceeds their rank. Such a feature is absent from random LDPC codes and is in general interesting for the efficiency of iterative decoding. The performance of some codes under iterative decoding is tested. Some of them turn out to perform better than regular Gallager codes having similar rate and row weight.
△ Less
Submitted 24 January, 2011; v1 submitted 21 April, 2010;
originally announced April 2010.
-
The dual minimum distance of arbitrary dimensional algebraic--geometric codes
Authors:
A. Couvreur
Abstract:
In this article, the minimum distance of the dual $C^{\bot}$ of a functional code $C$ on an arbitrary dimensional variety $X$ over a finite field $\F_q$ is studied. The approach consists in finding minimal configurations of points on $X$ which are not in "general position". If $X$ is a curve, the result improves in some situations the well-known Goppa designed distance.
In this article, the minimum distance of the dual $C^{\bot}$ of a functional code $C$ on an arbitrary dimensional variety $X$ over a finite field $\F_q$ is studied. The approach consists in finding minimal configurations of points on $X$ which are not in "general position". If $X$ is a curve, the result improves in some situations the well-known Goppa designed distance.
△ Less
Submitted 10 November, 2011; v1 submitted 14 May, 2009;
originally announced May 2009.
-
Differential approach for the study of duals of algebraic-geometric codes on surfaces
Authors:
A. Couvreur
Abstract:
The purpose of the present article is the study of duals of functional codes on algebraic surfaces. We give a direct geometrical description of them, using differentials. Even if this geometrical description is less trivial, it can be regarded as a natural extension to surfaces of the result asserting that the dual of a functional code on a curve is a differential code. We study the parameters of…
▽ More
The purpose of the present article is the study of duals of functional codes on algebraic surfaces. We give a direct geometrical description of them, using differentials. Even if this geometrical description is less trivial, it can be regarded as a natural extension to surfaces of the result asserting that the dual of a functional code on a curve is a differential code. We study the parameters of such codes and state a lower bound for their minimum distance. Using this bound, one can study some examples of codes on surfaces, and in particular surfaces with Picard number 1 like elliptic quadrics or some particular cubic surfaces. The parameters of some of the studied codes reach those of the best known codes up to now.
△ Less
Submitted 1 December, 2010; v1 submitted 14 May, 2009;
originally announced May 2009.
-
Residus de 2-formes differentielles sur les surfaces algebriques et applications aux codes correcteurs d'erreurs
Authors:
A. Couvreur
Abstract:
The theory of algebraic-geometric codes has been developed in the beginning of the 80's after a paper of V.D. Goppa. Given a smooth projective algebraic curve X over a finite field, there are two different constructions of error-correcting codes. The first one, called "functional", uses some rational functions on X and the second one, called "differential", involves some rational 1-forms on this…
▽ More
The theory of algebraic-geometric codes has been developed in the beginning of the 80's after a paper of V.D. Goppa. Given a smooth projective algebraic curve X over a finite field, there are two different constructions of error-correcting codes. The first one, called "functional", uses some rational functions on X and the second one, called "differential", involves some rational 1-forms on this curve. Hundreds of papers are devoted to the study of such codes.
In addition, a generalization of the functional construction for algebraic varieties of arbitrary dimension is given by Y. Manin in an article of 1984. A few papers about such codes has been published, but nothing has been done concerning a generalization of the differential construction to the higher-dimensional case.
In this thesis, we propose a differential construction of codes on algebraic surfaces. Afterwards, we study the properties of these codes and particularly their relations with functional codes. A pretty surprising fact is that a main difference with the case of curves appears. Indeed, if in the case of curves, a differential code is always the orthogonal of a functional one, this assertion generally fails for surfaces. Last observation motivates the study of codes which are the orthogonal of some functional code on a surface. Therefore, we prove that, under some condition on the surface, these codes can be realized as sums of differential codes. Moreover, we show that some answers to some open problems "a la Bertini" could give very interesting informations on the parameters of these codes.
△ Less
Submitted 14 May, 2009;
originally announced May 2009.
-
Sums of residues on algebraic surfaces and application to coding theory
Authors:
Alain Couvreur
Abstract:
In this paper, we study residues of differential 2-forms on a smooth algebraic surface over an arbitrary field and give several statements about sums of residues. Afterwards, using these results we construct algebraic-geometric codes which are an extension to surfaces of the well-known differential codes on curves. We also study some properties of these codes and extend to them some known proper…
▽ More
In this paper, we study residues of differential 2-forms on a smooth algebraic surface over an arbitrary field and give several statements about sums of residues. Afterwards, using these results we construct algebraic-geometric codes which are an extension to surfaces of the well-known differential codes on curves. We also study some properties of these codes and extend to them some known properties for codes on curves.
△ Less
Submitted 22 October, 2008;
originally announced October 2008.