-
Exploring Category Structure with Contextual Language Models and Lexical Semantic Networks
Authors:
Joseph Renner,
Pascal Denis,
Rémi Gilleron,
Angèle Brunellière
Abstract:
Recent work on predicting category structure with distributional models, using either static word embeddings (Heyman and Heyman, 2019) or contextualized language models (CLMs) (Misra et al., 2021), report low correlations with human ratings, thus calling into question their plausibility as models of human semantic memory. In this work, we revisit this question testing a wider array of methods for…
▽ More
Recent work on predicting category structure with distributional models, using either static word embeddings (Heyman and Heyman, 2019) or contextualized language models (CLMs) (Misra et al., 2021), report low correlations with human ratings, thus calling into question their plausibility as models of human semantic memory. In this work, we revisit this question testing a wider array of methods for probing CLMs for predicting typicality scores. Our experiments, using BERT (Devlin et al., 2018), show the importance of using the right type of CLM probes, as our best BERT-based typicality prediction methods substantially improve over previous works. Second, our results highlight the importance of polysemy in this task: our best results are obtained when using a disambiguation mechanism. Finally, additional experiments reveal that Information Contentbased WordNet (Miller, 1995), also endowed with disambiguation, match the performance of the best BERT-based method, and in fact capture complementary information, which can be combined with BERT to achieve enhanced typicality predictions.
△ Less
Submitted 14 February, 2023;
originally announced February 2023.
-
Anaphora Resolution in Dialogue: System Description (CODI-CRAC 2022 Shared Task)
Authors:
Tatiana Anikina,
Natalia Skachkova,
Joseph Renner,
Priyansh Trivedi
Abstract:
We describe three models submitted for the CODI-CRAC 2022 shared task. To perform identity anaphora resolution, we test several combinations of the incremental clustering approach based on the Workspace Coreference System (WCS) with other coreference models. The best result is achieved by adding the ''cluster merging'' version of the coref-hoi model, which brings up to 10.33% improvement 1 over va…
▽ More
We describe three models submitted for the CODI-CRAC 2022 shared task. To perform identity anaphora resolution, we test several combinations of the incremental clustering approach based on the Workspace Coreference System (WCS) with other coreference models. The best result is achieved by adding the ''cluster merging'' version of the coref-hoi model, which brings up to 10.33% improvement 1 over vanilla WCS clustering. Discourse deixis resolution is implemented as multi-task learning: we combine the learning objective of corefhoi with anaphor type classification. We adapt the higher-order resolution model introduced in Joshi et al. (2019) for bridging resolution given gold mentions and anaphors.
△ Less
Submitted 5 January, 2023;
originally announced January 2023.
-
Interleaved Prange: A New Generic Decoder for Interleaved Codes
Authors:
Anmoal Porwal,
Lukas Holzbaur,
Hedongliang Liu,
Julian Renner,
Antonia Wachter-Zeh,
Violetta Weger
Abstract:
Due to the recent challenges in post-quantum cryptography, several new approaches for code-based cryptography have been proposed. For example, a variant of the McEliece cryptosystem based on interleaved codes was proposed. In order to deem such new settings secure, we first need to understand and analyze the complexity of the underlying problem, in this case the problem of decoding a random interl…
▽ More
Due to the recent challenges in post-quantum cryptography, several new approaches for code-based cryptography have been proposed. For example, a variant of the McEliece cryptosystem based on interleaved codes was proposed. In order to deem such new settings secure, we first need to understand and analyze the complexity of the underlying problem, in this case the problem of decoding a random interleaved code. A simple approach to decode such codes, would be to randomly choose a vector in the row span of the received matrix and run a classical information set decoding algorithm on this erroneous codeword. In this paper, we propose a new generic decoder for interleaved codes, which is an adaption of the classical idea of information set decoding by Prange and perfectly fits the interleaved setting. We then analyze the cost of the new algorithm and a comparison to the simple approach described above shows the superiority of Interleaved Prange.
△ Less
Submitted 27 May, 2022;
originally announced May 2022.
-
Generic Decoding in the Cover Metric
Authors:
Sebastian Bitzer,
Julian Renner,
Antonia Wachter-Zeh,
Violetta Weger
Abstract:
In this paper, we study the hardness of decoding a random code endowed with the cover metric. As the cover metric lies in between the Hamming and rank metric, it presents itself as a promising candidate for code-based cryptography. We give a polynomial-time reduction from the classical Hamming-metric decoding problem, which proves the NP-hardness of the decoding problem in the cover metric. We the…
▽ More
In this paper, we study the hardness of decoding a random code endowed with the cover metric. As the cover metric lies in between the Hamming and rank metric, it presents itself as a promising candidate for code-based cryptography. We give a polynomial-time reduction from the classical Hamming-metric decoding problem, which proves the NP-hardness of the decoding problem in the cover metric. We then provide a generic decoder, following the information set decoding idea from Prange's algorithm in the Hamming metric. A study of its cost then shows that the complexity is exponential in the number of rows and columns, which is in contrast to the behaviour in the Hamming metric, where the complexity grows exponentially in the number of code symbols.
△ Less
Submitted 25 May, 2022;
originally announced May 2022.
-
Rank-Metric Codes and Their Applications
Authors:
Hannes Bartz,
Lukas Holzbaur,
Hedongliang Liu,
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size.…
▽ More
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size. In distributed data storage, codes in the rank metric have been used repeatedly to construct codes with locality, and in coded caching, they have been employed for the placement of coded symbols. This survey gives a general introduction to rank-metric codes, explains their most important applications, and highlights their relevance to these areas of research.
△ Less
Submitted 23 March, 2022;
originally announced March 2022.
-
OPlaceRAN -- a Placement Orchestrator for Virtualized Next-Generation of Radio Access Network
Authors:
Fernando Zanferrari Morais,
Gustavo Zanatta Bruno,
Julio Renner,
Gabriel Almeida,
Luis M. Contreras,
Rodrigo da Rosa Righi,
Kleber Vieira Cardoso,
Cristiano Bonato Both
Abstract:
The fifth-generation mobile evolution enables transformations on Next-Generation Radio Access Networks (NG-RAN). The RAN protocol stack is split into eight disaggregated options combined in three network units, i.e., Central, Distributed, and Radio. Besides that, further advances allow the RAN functions to be virtualized on top of general-purpose hardware, using the concept of virtualized RAN (vRA…
▽ More
The fifth-generation mobile evolution enables transformations on Next-Generation Radio Access Networks (NG-RAN). The RAN protocol stack is split into eight disaggregated options combined in three network units, i.e., Central, Distributed, and Radio. Besides that, further advances allow the RAN functions to be virtualized on top of general-purpose hardware, using the concept of virtualized RAN (vRAN). The Combination of NG-RAN and vRAN results in vNG-RAN, which enables the management of the disaggregated units and protocols as a set of radio functions. However, the orchestration-based placement of these radio functions is a challenging issue since the best decision can be determined by multiple constraints involving RAN disaggregation, crosshaul networks requirements, availability of computational resources, etc. This article proposes OPlaceRAN, a vNG-RAN deployment orchestrator framed within the NFV reference architecture and aligned with the Open RAN initiative. OPlaceRAN supports the dynamic placement of radio functions focusing on vNG-RAN planning and is designed to be agnostic to the placement optimization model. To validate OPlaceRAN, we developed a prototype based on up-to-date cloud-native tools to deploy RAN using containerized virtualization using the OpenAirInterface emulator and considering two distinct functional splits (options 2 and 6). The evaluation is tested as proofs-of-concept in a real computing infrastructure using two different placement solutions. Our results reveal that OPlaceRAN is an effective cloud-native solution for containerized network functions placement and agnostic to the optimization model. Additionally, OPlaceRAN is up-to-date with the most advanced vNG-RAN design and development approaches, contributing to the evolution of the fifth-generation of mobile networks.
△ Less
Submitted 9 November, 2021;
originally announced November 2021.
-
Efficient Decoding of Gabidulin Codes over Galois Rings
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh,
Jens Zumbrägel
Abstract:
This paper presents the first decoding algorithm for Gabidulin codes over Galois rings with provable quadratic complexity. The new method consists of two steps: (1) solving a syndrome-based key equation to obtain the annihilator polynomial of the error and therefore the column space of the error, (2) solving a key equation based on the received word in order to reconstruct the error vector. This t…
▽ More
This paper presents the first decoding algorithm for Gabidulin codes over Galois rings with provable quadratic complexity. The new method consists of two steps: (1) solving a syndrome-based key equation to obtain the annihilator polynomial of the error and therefore the column space of the error, (2) solving a key equation based on the received word in order to reconstruct the error vector. This two-step approach became necessary since standard solutions as the Euclidean algorithm do not properly work over rings.
△ Less
Submitted 3 February, 2021;
originally announced February 2021.
-
On Software Implementation of Gabidulin Decoders
Authors:
Johannes Kunz,
Julian Renner,
Georg Maringer,
Thomas Schamberger,
Antonia Wachter-Zeh
Abstract:
This work compares the performance of software implementations of different Gabidulin decoders. The parameter sets used within the comparison stem from their applications in recently proposed cryptographic schemes. The complexity analysis of the decoders is recalled, counting the occurrence of each operation within the respective decoders. It is shown that knowing the number of operations may be m…
▽ More
This work compares the performance of software implementations of different Gabidulin decoders. The parameter sets used within the comparison stem from their applications in recently proposed cryptographic schemes. The complexity analysis of the decoders is recalled, counting the occurrence of each operation within the respective decoders. It is shown that knowing the number of operations may be misleading when comparing different algorithms as the run-time of the implementation depends on the instruction set of the device on which the algorithm is executed.
△ Less
Submitted 21 September, 2020;
originally announced September 2020.
-
Low-Rank Parity-Check Codes over Galois Rings
Authors:
Julian Renner,
Alessandro Neri,
Sven Puchinger
Abstract:
Low-rank parity-check (LRPC) are rank-metric codes over finite fields, which have been proposed by Gaborit et al. (2013) for cryptographic applications. Inspired by a recent adaption of Gabidulin codes to certain finite rings by Kamche et al. (2019), we define and study LRPC codes over Galois rings - a wide class of finite commutative rings. We give a decoding algorithm similar to Gaborit et al.'s…
▽ More
Low-rank parity-check (LRPC) are rank-metric codes over finite fields, which have been proposed by Gaborit et al. (2013) for cryptographic applications. Inspired by a recent adaption of Gabidulin codes to certain finite rings by Kamche et al. (2019), we define and study LRPC codes over Galois rings - a wide class of finite commutative rings. We give a decoding algorithm similar to Gaborit et al.'s decoder, based on simple linear-algebraic operations. We derive an upper bound on the failure probability of the decoder, which is significantly more involved than in the case of finite fields. The bound depends only on the rank of an error, i.e., is independent of its free rank. Further, we analyze the complexity of the decoder. We obtain that there is a class of LRPC codes over a Galois ring that can decode roughly the same number of errors as a Gabidulin code with the same code parameters, but faster than the currently best decoder for Gabidulin codes. However, the price that one needs to pay is a small failure probability, which we can bound from above.
△ Less
Submitted 4 December, 2020; v1 submitted 18 June, 2020;
originally announced June 2020.
-
Generic Decoding in the Sum-Rank Metric
Authors:
Sven Puchinger,
Julian Renner,
Johan Rosenkilde
Abstract:
We propose the first non-trivial generic decoding algorithm for codes in the sum-rank metric. The new method combines ideas of well-known generic decoders in the Hamming and rank metric. For the same code parameters and number of errors, the new generic decoder has a larger expected complexity than the known generic decoders for the Hamming metric and smaller than the known rank-metric decoders. F…
▽ More
We propose the first non-trivial generic decoding algorithm for codes in the sum-rank metric. The new method combines ideas of well-known generic decoders in the Hamming and rank metric. For the same code parameters and number of errors, the new generic decoder has a larger expected complexity than the known generic decoders for the Hamming metric and smaller than the known rank-metric decoders. Furthermore, we give a formal hardness reduction, providing evidence that generic sum-rank decoding is computationally hard. As a by-product of the above, we solve some fundamental coding problems in the sum-rank metric: we give an algorithm to compute the exact size of a sphere of a given sum-rank radius, and also give an upper bound as a closed formula; and we study erasure decoding with respect to two different notions of support.
△ Less
Submitted 28 October, 2021; v1 submitted 14 January, 2020;
originally announced January 2020.
-
Low-Rank Parity-Check Codes over the Ring of Integers Modulo a Prime Power
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh,
Camilla Hollanti,
Ragnar Freij-Hollanti
Abstract:
We define and analyze low-rank parity-check (LRPC) codes over extension rings of the finite chain ring $\mathbb{Z}_{p^r}$, where $p$ is a prime and $r$ is a positive integer. LRPC codes have originally been proposed by Gaborit et al.(2013) over finite fields for cryptographic applications. The adaption to finite rings is inspired by a recent paper by Kamche et al. (2019), which constructed Gabidul…
▽ More
We define and analyze low-rank parity-check (LRPC) codes over extension rings of the finite chain ring $\mathbb{Z}_{p^r}$, where $p$ is a prime and $r$ is a positive integer. LRPC codes have originally been proposed by Gaborit et al.(2013) over finite fields for cryptographic applications. The adaption to finite rings is inspired by a recent paper by Kamche et al. (2019), which constructed Gabidulin codes over finite principle ideal rings with applications to space-time codes and network coding. We give a decoding algorithm based on simple linear-algebraic operations. Further, we derive an upper bound on the failure probability of the decoder. The upper bound is valid for errors whose rank is equal to the free rank.
△ Less
Submitted 15 May, 2020; v1 submitted 14 January, 2020;
originally announced January 2020.
-
Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz,
Sven Puchinger,
Pierre Loidreau,
Antonia Wachter-Zeh
Abstract:
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm.…
▽ More
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.
△ Less
Submitted 10 February, 2020; v1 submitted 29 November, 2019;
originally announced November 2019.
-
Efficient Decoding of Interleaved Low-Rank Parity-Check Codes
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz
Abstract:
An efficient decoding algorithm for horizontally u-interleaved LRPC codes is proposed and analyzed. Upper bounds on the decoding failure rate and the computational complexity of the algorithm are derived. It is shown that interleaving reduces the decoding failure rate exponentially in the interleaving order u whereas the computational complexity grows linearly.
An efficient decoding algorithm for horizontally u-interleaved LRPC codes is proposed and analyzed. Upper bounds on the decoding failure rate and the computational complexity of the algorithm are derived. It is shown that interleaving reduces the decoding failure rate exponentially in the interleaving order u whereas the computational complexity grows linearly.
△ Less
Submitted 28 August, 2019;
originally announced August 2019.
-
Cryptanalysis of a System Based on Twisted Reed-Solomon Codes
Authors:
Julien Lavauzelle,
Julian Renner
Abstract:
Twisted Reed-Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed--Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the…
▽ More
Twisted Reed-Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed--Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the fact that a large subfamily of TRS codes is resilient to a direct use of known algebraic key-recovery methods. In this paper, an efficient key-recovery attack on the TRS variant that was used in the McEliece cryptosystem is presented. The algorithm exploits a new approach based on recovering the structure of a well-chosen subfield subcode of the public code. It is proved that the attack always succeeds and breaks the system for all practical parameters in $O(n^4)$ field operations. A software implementation of the algorithm retrieves a valid private key from the public key within a few minutes, for parameters claiming a security level of 128 bits. The success of the attack also indicates that, contrary to common beliefs, subfield subcodes of the public code need to be precisely analyzed when proposing a McEliece-type code-based cryptosystem. Finally, the paper discusses an attempt to repair the scheme and a modification of the attack aiming at Gabidulin-Paramonov-Tretjakov cryptosystems based on twisted Gabidulin codes.
△ Less
Submitted 23 March, 2020; v1 submitted 26 April, 2019;
originally announced April 2019.
-
Decoding High-Order Interleaved Rank-Metric Codes
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
This paper presents an algorithm for decoding homogeneous interleaved codes of high interleaving order in the rank metric. The new decoder is an adaption of the Hamming-metric decoder by Metzner and Kapturowski (1990) and guarantees to correct all rank errors of weight up to $d-2$ whose rank over the large base field of the code equals the number of errors, where $d$ is the minimum rank distance o…
▽ More
This paper presents an algorithm for decoding homogeneous interleaved codes of high interleaving order in the rank metric. The new decoder is an adaption of the Hamming-metric decoder by Metzner and Kapturowski (1990) and guarantees to correct all rank errors of weight up to $d-2$ whose rank over the large base field of the code equals the number of errors, where $d$ is the minimum rank distance of the underlying code. In contrast to previously-known decoding algorithms, the new decoder works for any rank-metric code, not only Gabidulin codes. It is purely based on linear-algebraic computations, and has an explicit and easy-to-handle success condition. Furthermore, a lower bound on the decoding success probability for random errors of a given weight is derived. The relation of the new algorithm to existing interleaved decoders in the special case of Gabidulin codes is given.
△ Less
Submitted 18 April, 2019;
originally announced April 2019.
-
Interleaving Loidreau's Rank-Metric Cryptosystem
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We propose and analyze an interleaved variant of Loidreau's rank-metric cryptosystem based on rank multipliers. We analyze and adapt several attacks on the system, propose design rules, and study weak keys. Finding secure instances requires near-MRD rank-metric codes which are not investigated in the literature. Thus, we propose a random code construction that makes use of the fact that short rand…
▽ More
We propose and analyze an interleaved variant of Loidreau's rank-metric cryptosystem based on rank multipliers. We analyze and adapt several attacks on the system, propose design rules, and study weak keys. Finding secure instances requires near-MRD rank-metric codes which are not investigated in the literature. Thus, we propose a random code construction that makes use of the fact that short random codes over large fields are MRD with high probability. We derive an upper bound on the decryption failure rate and give example parameters for potential key size reduction.
△ Less
Submitted 31 July, 2019; v1 submitted 29 January, 2019;
originally announced January 2019.
-
LIGA: A Cryptosystem Based on the Hardness of Rank-Metric List and Interleaved Decoding
Authors:
Julian Renner,
Sven Puchinger,
Antonia Wachter-Zeh
Abstract:
We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation al…
▽ More
We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail---hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.
△ Less
Submitted 18 May, 2020; v1 submitted 12 December, 2018;
originally announced December 2018.
-
CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem
Authors:
Conrad Watt,
John Renner,
Natalie Popescu,
Sunjay Cauligi,
Deian Stefan
Abstract:
A significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the "web ecosystem" - the wide variety of technologies that collectively underpins the modern World Wide Web. With the new introduction of the WebAssembly byt…
▽ More
A significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the "web ecosystem" - the wide variety of technologies that collectively underpins the modern World Wide Web. With the new introduction of the WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases which does not compromise this convenience.
We present Constant-Time WebAssembly (CT-Wasm), a type-driven strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms. CT-Wasm's type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time. Building on an existing Wasm mechanization, we mechanize the full CT-Wasm specification, prove soundness of the extended type system, implement a verified type checker, and give several proofs of the language's security properties.
We provide two implementations of CT-Wasm: an OCaml reference interpreter and a native implementation for Node.js and Chromium that extends Google's V8 engine. We also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap the benefits of CT-Wasm's type system today, while develo** cryptographic algorithms for base Wasm environments. We evaluate the language, our implementations, and supporting tools by porting several cryptographic primitives - Salsa20, SHA-256, and TEA - and the full TweetNaCl library. We find that CT-Wasm is fast, expressive, and generates code that we experimentally measure to be constant-time.
△ Less
Submitted 17 December, 2018; v1 submitted 3 August, 2018;
originally announced August 2018.
-
Twisted Gabidulin Codes in the GPT Cryptosystem
Authors:
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
In this paper, we investigate twisted Gabidulin codes in the GPT code-based public-key cryptosystem. We show that Overbeck's attack is not feasible for a subfamily of twisted Gabidulin codes. The resulting key sizes are significantly lower than in the original McEliece system and also slightly smaller than in Loidreau's unbroken GPT variant.
In this paper, we investigate twisted Gabidulin codes in the GPT code-based public-key cryptosystem. We show that Overbeck's attack is not feasible for a subfamily of twisted Gabidulin codes. The resulting key sizes are significantly lower than in the original McEliece system and also slightly smaller than in Loidreau's unbroken GPT variant.
△ Less
Submitted 14 August, 2018; v1 submitted 26 June, 2018;
originally announced June 2018.
-
Repairing the Faure-Loidreau Public-Key Cryptosystem
Authors:
Antonia Wachter-Zeh,
Sven Puchinger,
Julian Renner
Abstract:
A repair of the Faure-Loidreau (FL) public-key code-based cryptosystem is proposed. The FL cryptosystem is based on the hardness of list decoding Gabidulin codes which are special rank-metric codes. We prove that the recent structural attack on the system by Gaborit et al. is equivalent to decoding an interleaved Gabidulin code. Since all known polynomial-time decoders for these codes fail for a l…
▽ More
A repair of the Faure-Loidreau (FL) public-key code-based cryptosystem is proposed. The FL cryptosystem is based on the hardness of list decoding Gabidulin codes which are special rank-metric codes. We prove that the recent structural attack on the system by Gaborit et al. is equivalent to decoding an interleaved Gabidulin code. Since all known polynomial-time decoders for these codes fail for a large constructive class of error patterns, we are able to construct public keys that resist the attack. It is also shown that all other known attacks fail for our repair and parameter choices. Compared to other code-based cryptosystems, we obtain significantly smaller key sizes for the same security level.
△ Less
Submitted 7 May, 2018; v1 submitted 11 January, 2018;
originally announced January 2018.
-
Experimental Comparison of Probabilistic Sha** Methods for Unrepeated Fiber Transmission
Authors:
Julian Renner,
Tobias Fehenberger,
Metodi P. Yankov,
Francesco Da Ros,
Søren Forchhammer,
Georg Böcherer,
Norbert Hanik
Abstract:
This paper studies the impact of probabilistic sha** on effective signal-to-noise ratios (SNRs) and achievable information rates (AIRs) in a back-to-back configuration and in unrepeated nonlinear fiber transmissions. For back-to-back, various shaped quadrature amplitude modulation (QAM) distributions are found to have the same implementation penalty as uniform input. By demonstrating in transmis…
▽ More
This paper studies the impact of probabilistic sha** on effective signal-to-noise ratios (SNRs) and achievable information rates (AIRs) in a back-to-back configuration and in unrepeated nonlinear fiber transmissions. For back-to-back, various shaped quadrature amplitude modulation (QAM) distributions are found to have the same implementation penalty as uniform input. By demonstrating in transmission experiments that shaped QAM input leads to lower effective SNR than uniform input at a fixed average launch power, we experimentally confirm that sha** enhances the fiber nonlinearities. However, sha** is ultimately found to increase the AIR, which is the most relevant figure of merit as it is directly related to spectral efficiency. In a detailed study of these sha** gains for the nonlinear fiber channel, four strategies for optimizing QAM input distributions are evaluated and experimentally compared in wavelength division multiplexing (WDM) systems. The first sha** scheme generates a Maxwell-Boltzmann (MB) distribution based on a linear additive white Gaussian noise channel. The second strategy uses the Blahut-Arimoto algorithm to optimize an unconstrained QAM distribution for a split-step Fourier method based channel model. In the third and fourth approach, MB-shaped QAM and unconstrained QAM are optimized via the enhanced Gaussian noise (EGN) model. Although the absolute sha** gains are found to be relatively small, the relative improvements by EGN-optimized unconstrained distributions over linear AWGN optimized MB distributions are up to 59%. This general behavior is observed in 9-channel and fully loaded WDM experiments.
△ Less
Submitted 8 November, 2017; v1 submitted 3 May, 2017;
originally announced May 2017.