-
An analysis of Coggia-Couvreur attack on Loidreau's rank-metric public key encryption scheme in the general case
Authors:
Pierre Loidreau,
Ba-Duc Pham
Abstract:
In this paper we show that in the case where the public-key can be distinguished from a random code in Loidreau's encryption scheme, then Coggia-Couvreur attack can be extended to recover an equivalent secret key. This attack can be conducted in polynomial-time if the masking vector space has dimension 3, thus recovering the results of Ghatak.
In this paper we show that in the case where the public-key can be distinguished from a random code in Loidreau's encryption scheme, then Coggia-Couvreur attack can be extended to recover an equivalent secret key. This attack can be conducted in polynomial-time if the masking vector space has dimension 3, thus recovering the results of Ghatak.
△ Less
Submitted 23 December, 2021;
originally announced December 2021.
-
Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz,
Sven Puchinger,
Pierre Loidreau,
Antonia Wachter-Zeh
Abstract:
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm.…
▽ More
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.
△ Less
Submitted 10 February, 2020; v1 submitted 29 November, 2019;
originally announced November 2019.
-
RAMESSES, a Rank Metric Encryption Scheme with Short Keys
Authors:
Julien Lavauzelle,
Pierre Loidreau,
Ba-Duc Pham
Abstract:
We present a rank metric code-based encryption scheme with key and ciphertext sizes comparable to that of isogeny-based cryptography for an equivalent security level. The system also benefits from efficient encryption and decryption algorithms, which rely on linear algebra operations over finite fields of moderate sizes. The security only relies on rank metric decoding problems, and does not requi…
▽ More
We present a rank metric code-based encryption scheme with key and ciphertext sizes comparable to that of isogeny-based cryptography for an equivalent security level. The system also benefits from efficient encryption and decryption algorithms, which rely on linear algebra operations over finite fields of moderate sizes. The security only relies on rank metric decoding problems, and does not require to hide the structure of a code. Based on the current knowledge, those problems cannot be efficiently solved by a quantum computer. Finally, the proposed scheme admits a failure probability that can be precisely controlled and made as low as possible.
△ Less
Submitted 29 November, 2019;
originally announced November 2019.
-
Generalized Gabidulin codes over fields of any characteristic
Authors:
Daniel Augot,
Pierre Loidreau,
Gwezheneg Robert
Abstract:
We generalise Gabidulin codes to the case of infinite fields, eventually with characteristic zero. For this purpose, we consider an abstract field extension and any automorphism in the Galois group. We derive some conditions on the automorphism to be able to have a proper notion of rank metric which is in coherence with linearized polynomials. Under these conditions, we generalize Gabidulin codes…
▽ More
We generalise Gabidulin codes to the case of infinite fields, eventually with characteristic zero. For this purpose, we consider an abstract field extension and any automorphism in the Galois group. We derive some conditions on the automorphism to be able to have a proper notion of rank metric which is in coherence with linearized polynomials. Under these conditions, we generalize Gabidulin codes and provide a decoding algorithm which decode both errors and erasures. Then, we focus on codes over integer rings and how to decode them. We are then faced with the problem of the exponential growth of intermediate values, and to circumvent the problem, it is natural to propose to do computations modulo a prime ideal. For this, we study the reduction of generalized Gabidulin codes over number ideals codes modulo a prime ideal, and show they are classical Gabidulin codes. As a consequence, knowing side information on the size of the errors or the message, we can reduce the decoding problem over the integer ring to a decoding problem over a finite field. We also give examples and timings.
△ Less
Submitted 27 March, 2017;
originally announced March 2017.
-
Rank metric and Gabidulin codes in characteristic zero
Authors:
Gwezheneg Robert,
Pierre Loidreau,
Daniel Augot
Abstract:
We transpose the theory of rank metric and Gabidulin codes to the case of fields of characteristic zero. The Frobenius automorphism is then replaced by any element of the Galois group. We derive some conditions on the automorphism to be able to easily transpose the results obtained by Gabidulin as well and a classical polynomial-time decoding algorithm. We also provide various definitions for the…
▽ More
We transpose the theory of rank metric and Gabidulin codes to the case of fields of characteristic zero. The Frobenius automorphism is then replaced by any element of the Galois group. We derive some conditions on the automorphism to be able to easily transpose the results obtained by Gabidulin as well and a classical polynomial-time decoding algorithm. We also provide various definitions for the rank-metric.
△ Less
Submitted 17 May, 2013;
originally announced May 2013.
-
Properties of codes in rank metric
Authors:
P. Loidreau
Abstract:
We study properties of rank metric and codes in rank metric over finite fields. We show that in rank metric perfect codes do not exist. We derive an existence bound that is the equivalent of the Gilbert--Varshamov bound in Hamming metric. We study the asymptotic behavior of the minimum rank distance of codes satisfying GV. We derive the probability distribution of minimum rank distance for rando…
▽ More
We study properties of rank metric and codes in rank metric over finite fields. We show that in rank metric perfect codes do not exist. We derive an existence bound that is the equivalent of the Gilbert--Varshamov bound in Hamming metric. We study the asymptotic behavior of the minimum rank distance of codes satisfying GV. We derive the probability distribution of minimum rank distance for random and random $\F{q}$-linear codes. We give an asymptotic equivalent of their average minimum rank distance and show that random $\F{q}$-linear codes are on GV bound for rank metric.
We show that the covering density of optimum codes whose codewords can be seen as square matrices is lower bounded by a function depending only on the error-correcting capability of the codes. We show that there are quasi-perfect codes in rank metric over fields of characteristic 2.
△ Less
Submitted 11 October, 2006;
originally announced October 2006.
-
Properties of subspace subcodes of optimum codes in rank metric
Authors:
E. M. Gabidulin,
P. Loidreau
Abstract:
Maximum rank distance codes denoted MRD-codes are the equivalent in rank metric of MDS-codes. Given any integer $q$ power of a prime and any integer $n$ there is a family of MRD-codes of length $n$ over $\FF{q^n}$ having polynomial-time decoding algorithms. These codes can be seen as the analogs of Reed-Solomon codes (hereafter denoted RS-codes) for rank metric. In this paper their subspace subc…
▽ More
Maximum rank distance codes denoted MRD-codes are the equivalent in rank metric of MDS-codes. Given any integer $q$ power of a prime and any integer $n$ there is a family of MRD-codes of length $n$ over $\FF{q^n}$ having polynomial-time decoding algorithms. These codes can be seen as the analogs of Reed-Solomon codes (hereafter denoted RS-codes) for rank metric. In this paper their subspace subcodes are characterized. It is shown that hey are equivalent to MRD-codes constructed in the same way but with smaller parameters. A specific polynomial-time decoding algorithm is designed. Moreover, it is shown that the direct sum of subspace subcodes is equivalent to the direct product of MRD-codes with smaller parameters. This implies that the decoding procedure can correct errors of higher rank than the error-correcting capability. Finally it is shown that, for given parameters, subfield subcodes are completely characterized by elements of the general linear group ${GL}_n(\FF{q})$ of non-singular $q$-ary matrices of size $n$.
△ Less
Submitted 25 July, 2006;
originally announced July 2006.
