-
Fast Gao-like Decoding of Horizontally Interleaved Linearized Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
Both horizontal interleaving as well as the sum-rank metric are currently attractive topics in the field of code-based cryptography, as they could mitigate the problem of large key sizes. In contrast to vertical interleaving, where codewords are stacked vertically, each codeword of a horizontally $s$-interleaved code is the horizontal concatenation of $s$ codewords of $s$ component codes. In the c…
▽ More
Both horizontal interleaving as well as the sum-rank metric are currently attractive topics in the field of code-based cryptography, as they could mitigate the problem of large key sizes. In contrast to vertical interleaving, where codewords are stacked vertically, each codeword of a horizontally $s$-interleaved code is the horizontal concatenation of $s$ codewords of $s$ component codes. In the case of horizontally interleaved linearized Reed-Solomon (HILRS) codes, these component codes are chosen to be linearized Reed-Solomon (LRS) codes.
We provide a Gao-like decoder for HILRS codes that is inspired by the respective works for non-interleaved Reed-Solomon and Gabidulin codes. By applying techniques from the theory of minimal approximant bases, we achieve a complexity of $\tilde{\mathcal{O}}(s^{2.373} n^{1.635})$ operations in $\mathbb{F}_{q^m}$, where $\tilde{\mathcal{O}}(\cdot)$ neglects logarithmic factors, $s$ is the interleaving order and $n$ denotes the length of the component codes. For reasonably small interleaving order $s \ll n$, this is subquadratic in the component-code length $n$ and improves over the only known syndrome-based decoder for HILRS codes with quadratic complexity. Moreover, it closes the performance gap to vertically interleaved LRS codes for which a decoder of complexity $\tilde{\mathcal{O}}(s^{2.373} n^{1.635})$ is already known.
We can decode beyond the unique-decoding radius and handle errors of sum-rank weight up to $\frac{s}{s + 1} (n - k)$ for component-code dimension $k$. We also give an upper bound on the failure probability in the zero-derivation setting and validate its tightness via Monte Carlo simulations.
△ Less
Submitted 22 August, 2023;
originally announced August 2023.
-
Distinguishing and Recovering Generalized Linearized Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz,
Anna-Lena Horlemann
Abstract:
We study the distinguishability of linearized Reed-Solomon (LRS) codes by defining and analyzing analogs of the square-code and the Overbeck distinguisher for classical Reed-Solomon and Gabidulin codes, respectively. Our main results show that the square-code distinguisher works for generalized linearized Reed-Solomon (GLRS) codes defined with the trivial automorphism, whereas the Overbeck-type di…
▽ More
We study the distinguishability of linearized Reed-Solomon (LRS) codes by defining and analyzing analogs of the square-code and the Overbeck distinguisher for classical Reed-Solomon and Gabidulin codes, respectively. Our main results show that the square-code distinguisher works for generalized linearized Reed-Solomon (GLRS) codes defined with the trivial automorphism, whereas the Overbeck-type distinguisher can handle LRS codes in the general setting. We further show how to recover defining code parameters from any generator matrix of such codes in the zero-derivation case. For other choices of automorphisms and derivations simulations indicate that these distinguishers and recovery algorithms do not work. The corresponding LRS and GLRS codes might hence be of interest for code-based cryptography.
△ Less
Submitted 2 April, 2023;
originally announced April 2023.
-
On Decoding High-Order Interleaved Sum-Rank-Metric Codes
Authors:
Thomas Jerkovits,
Felicitas Hörmann,
Hannes Bartz
Abstract:
We consider decoding of vertically homogeneous interleaved sum-rank-metric codes with high interleaving order $s$, that are constructed by stacking $s$ codewords of a single constituent code.
We propose a Metzner--Kapturowski-like decoding algorithm that can correct errors of sum-rank weight $t <= d-2$, where $d$ is the minimum distance of the code, if the interleaving order $s > t$ and the erro…
▽ More
We consider decoding of vertically homogeneous interleaved sum-rank-metric codes with high interleaving order $s$, that are constructed by stacking $s$ codewords of a single constituent code.
We propose a Metzner--Kapturowski-like decoding algorithm that can correct errors of sum-rank weight $t <= d-2$, where $d$ is the minimum distance of the code, if the interleaving order $s > t$ and the error matrix fulfills a certain rank condition.
The proposed decoding algorithm generalizes the Metzner--Kapturowski(-like) decoders in the Hamming metric and the rank metric and has a computational complexity of $\tilde{O}(\max(n^3, n^2 s))$ operations in $\mathbb{F}_{q^m}$, where $n$ is the length of the code.
The scheme performs linear-algebraic operations only and thus works for any interleaved linear sum-rank-metric code.
We show how the decoder can be used to decode high-order interleaved codes in the skew metric.
Apart from error control, the proposed decoder allows to determine the security level of code-based cryptosystems based on interleaved sum-rank metric codes.
△ Less
Submitted 30 March, 2023;
originally announced March 2023.
-
Interpolation-Based Decoding of Folded Variants of Linearized and Skew Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
The sum-rank metric is a hybrid between the Hamming metric and the rank metric and suitable for error correction in multishot network coding and distributed storage as well as for the design of quantum-resistant cryptosystems. In this work, we consider the construction and decoding of folded linearized Reed-Solomon (FLRS) codes, which are shown to be maximum sum-rank distance (MSRD) for appropriat…
▽ More
The sum-rank metric is a hybrid between the Hamming metric and the rank metric and suitable for error correction in multishot network coding and distributed storage as well as for the design of quantum-resistant cryptosystems. In this work, we consider the construction and decoding of folded linearized Reed-Solomon (FLRS) codes, which are shown to be maximum sum-rank distance (MSRD) for appropriate parameter choices. We derive an efficient interpolation-based decoding algorithm for FLRS codes that can be used as a list decoder or as a probabilistic unique decoder. The proposed decoding scheme can correct sum-rank errors beyond the unique decoding radius with a computational complexity that is quadratic in the length of the unfolded code. We show how the error-correction capability can be optimized for high-rate codes by an alternative choice of interpolation points. We derive a heuristic upper bound on the decoding failure probability of the probabilistic unique decoder and verify its tightness by Monte Carlo simulations. Further, we study the construction and decoding of folded skew Reed-Solomon codes in the skew metric. Up to our knowledge, FLRS codes are the first MSRD codes with different block sizes that come along with an efficient decoding algorithm.
△ Less
Submitted 27 March, 2023;
originally announced March 2023.
-
Error-Erasure Decoding of Linearized Reed-Solomon Codes in the Sum-Rank Metric
Authors:
Felicitas Hörmann,
Hannes Bartz,
Sven Puchinger
Abstract:
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their ful…
▽ More
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their full potential for multishot network coding. The presented syndrome-based Berlekamp-Massey-like error-erasure decoder can correct $t_F$ full errors, $t_R$ row erasures and $t_C$ column erasures up to $2t_F + t_R + t_C \leq n-k$ in the sum-rank metric requiring at most $\mathcal{O}(n^2)$ operations in $\mathbb{F}_{q^m}$, where $n$ is the code's length and $k$ its dimension. We show how the proposed decoder can be used to correct errors in the sum-subspace metric that occur in (noncoherent) multishot network coding.
△ Less
Submitted 2 September, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
Efficient Decoding of Folded Linearized Reed-Solomon Codes in the Sum-Rank Metric
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
Recently, codes in the sum-rank metric attracted attention due to several applications in e.g. multishot network coding, distributed storage and quantum-resistant cryptography. The sum-rank analogs of Reed-Solomon and Gabidulin codes are linearized Reed-Solomon codes. We show how to construct $h$-folded linearized Reed-Solomon (FLRS) codes and derive an interpolation-based decoding scheme that is…
▽ More
Recently, codes in the sum-rank metric attracted attention due to several applications in e.g. multishot network coding, distributed storage and quantum-resistant cryptography. The sum-rank analogs of Reed-Solomon and Gabidulin codes are linearized Reed-Solomon codes. We show how to construct $h$-folded linearized Reed-Solomon (FLRS) codes and derive an interpolation-based decoding scheme that is capable of correcting sum-rank errors beyond the unique decoding radius. The presented decoder can be used for either list or probabilistic unique decoding and requires at most $\mathcal{O}(sn^2)$ operations in $\mathbb{F}_{q^m}$, where $s \leq h$ is an interpolation parameter and $n$ denotes the length of the unfolded code. We derive a heuristic upper bound on the failure probability of the probabilistic unique decoder and verify the results via Monte Carlo simulations.
△ Less
Submitted 3 September, 2022; v1 submitted 30 September, 2021;
originally announced September 2021.
