-
Weighted-Hamming Metric for Parallel Channels
Authors:
Sebastian Bitzer,
Alberto Ravagnani,
Violetta Weger
Abstract:
Independent parallel q-ary symmetric channels are a suitable transmission model for several applications. The proposed weighted-Hamming metric is tailored to this setting and enables optimal decoding performance. We show that some weighted-Hamming-metric codes exhibit the unusual property that all errors beyond half the minimum distance can be corrected. Nevertheless, a tight relation between the…
▽ More
Independent parallel q-ary symmetric channels are a suitable transmission model for several applications. The proposed weighted-Hamming metric is tailored to this setting and enables optimal decoding performance. We show that some weighted-Hamming-metric codes exhibit the unusual property that all errors beyond half the minimum distance can be corrected. Nevertheless, a tight relation between the error-correction capability of a code and its minimum distance can be established. Generalizing their Hamming-metric counterparts, upper and lower bounds on the cardinality of a code with a given weighted-Hamming distance are obtained. Finally, we propose a simple code construction with optimal minimum distance for specific parameters.
△ Less
Submitted 15 February, 2024; v1 submitted 31 January, 2024;
originally announced January 2024.
-
Better bounds on the minimal Lee distance
Authors:
Jessica Bariffi,
Violetta Weger
Abstract:
This paper provides new and improved Singleton-like bounds for Lee metric codes over integer residue rings. We derive the bounds using various novel definitions of generalized Lee weights based on different notions of a support of a linear code. In this regard, we introduce three main different support types for codes in the Lee metric and analyze their utility to derive bounds on the minimum Lee…
▽ More
This paper provides new and improved Singleton-like bounds for Lee metric codes over integer residue rings. We derive the bounds using various novel definitions of generalized Lee weights based on different notions of a support of a linear code. In this regard, we introduce three main different support types for codes in the Lee metric and analyze their utility to derive bounds on the minimum Lee distance. Eventually, we propose a new point of view to generalized weights and give an improved bound on the minimum distance of codes in the Lee metric for which we discuss the density of maximum Lee distance codes with respect to this novel Singleton-like bound.
△ Less
Submitted 12 July, 2023;
originally announced July 2023.
-
On the Number of $t$-Lee-Error-Correcting Codes
Authors:
Nadja Willenborg,
Anna-Lena Horlemann,
Violetta Weger
Abstract:
We consider $t$-Lee-error-correcting codes of length $n$ over the residue ring $\mathbb{Z}_m := \mathbb{Z}/m\mathbb{Z}$ and determine upper and lower bounds on the number of $t$-Lee-error-correcting codes. We use two different methods, namely estimating isolated nodes on bipartite graphs and the graph container method. The former gives density results for codes of fixed size and the latter for any…
▽ More
We consider $t$-Lee-error-correcting codes of length $n$ over the residue ring $\mathbb{Z}_m := \mathbb{Z}/m\mathbb{Z}$ and determine upper and lower bounds on the number of $t$-Lee-error-correcting codes. We use two different methods, namely estimating isolated nodes on bipartite graphs and the graph container method. The former gives density results for codes of fixed size and the latter for any size. This confirms some recent density results for linear Lee metric codes and provides new density results for nonlinear codes. To apply a variant of the graph container algorithm we also investigate some geometrical properties of the balls in the Lee metric.
△ Less
Submitted 9 May, 2023;
originally announced May 2023.
-
Generic Decoding of Restricted Errors
Authors:
Marco Baldi,
Sebastian Bitzer,
Alessio Pavoni,
Paolo Santini,
Antonia Wachter-Zeh,
Violetta Weger
Abstract:
Several recently proposed code-based cryptosystems base their security on a slightly generalized version of the classical (syndrome) decoding problem. Namely, in the so-called restricted (syndrome) decoding problem, the error values stem from a restricted set. In this paper, we propose new generic decoders, that are inspired by subset sum solvers and tailored to the new setting. The introduced alg…
▽ More
Several recently proposed code-based cryptosystems base their security on a slightly generalized version of the classical (syndrome) decoding problem. Namely, in the so-called restricted (syndrome) decoding problem, the error values stem from a restricted set. In this paper, we propose new generic decoders, that are inspired by subset sum solvers and tailored to the new setting. The introduced algorithms take the restricted structure of the error set into account in order to utilize the representation technique efficiently. This leads to a considerable decrease in the security levels of recently published code-based cryptosystems.
△ Less
Submitted 8 June, 2023; v1 submitted 15 March, 2023;
originally announced March 2023.
-
On the Density of Codes over Finite Chain Rings
Authors:
Anna-Lena Horlemann,
Violetta Weger,
Nadja Willenborg
Abstract:
We determine the asymptotic proportion of free modules over finite chain rings with good distance properties and treat the asymptotics in the code length n and the residue field size q separately. We then specialize and apply our technique to rank metric codes and to Hamming metric codes.
We determine the asymptotic proportion of free modules over finite chain rings with good distance properties and treat the asymptotics in the code length n and the residue field size q separately. We then specialize and apply our technique to rank metric codes and to Hamming metric codes.
△ Less
Submitted 19 December, 2022;
originally announced December 2022.
-
The Subfield Metric and its Application to Quantum Error Correction
Authors:
Markus Grassl,
Anna-Lena Horlemann,
Violetta Weger
Abstract:
We introduce a new weight and corresponding metric over finite extension fields for asymmetric error correction. The weight distinguishes between elements from the base field and the ones outside of it, which is motivated by asymmetric quantum codes. We set up the theoretic framework for this weight and metric, including upper and lower bounds, asymptotic behavior of random codes, and we show the…
▽ More
We introduce a new weight and corresponding metric over finite extension fields for asymmetric error correction. The weight distinguishes between elements from the base field and the ones outside of it, which is motivated by asymmetric quantum codes. We set up the theoretic framework for this weight and metric, including upper and lower bounds, asymptotic behavior of random codes, and we show the existence of an optimal family of codes achieving the Singleton-type upper bound.
△ Less
Submitted 23 May, 2024; v1 submitted 1 December, 2022;
originally announced December 2022.
-
Interleaved Prange: A New Generic Decoder for Interleaved Codes
Authors:
Anmoal Porwal,
Lukas Holzbaur,
Hedongliang Liu,
Julian Renner,
Antonia Wachter-Zeh,
Violetta Weger
Abstract:
Due to the recent challenges in post-quantum cryptography, several new approaches for code-based cryptography have been proposed. For example, a variant of the McEliece cryptosystem based on interleaved codes was proposed. In order to deem such new settings secure, we first need to understand and analyze the complexity of the underlying problem, in this case the problem of decoding a random interl…
▽ More
Due to the recent challenges in post-quantum cryptography, several new approaches for code-based cryptography have been proposed. For example, a variant of the McEliece cryptosystem based on interleaved codes was proposed. In order to deem such new settings secure, we first need to understand and analyze the complexity of the underlying problem, in this case the problem of decoding a random interleaved code. A simple approach to decode such codes, would be to randomly choose a vector in the row span of the received matrix and run a classical information set decoding algorithm on this erroneous codeword. In this paper, we propose a new generic decoder for interleaved codes, which is an adaption of the classical idea of information set decoding by Prange and perfectly fits the interleaved setting. We then analyze the cost of the new algorithm and a comparison to the simple approach described above shows the superiority of Interleaved Prange.
△ Less
Submitted 27 May, 2022;
originally announced May 2022.
-
Information Set Decoding for Lee-Metric Codes using Restricted Balls
Authors:
Jessica Bariffi,
Karan Khathuria,
Violetta Weger
Abstract:
The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have been proposed. The observation that such decoders come with a larger cost than their Hamming metric counterparts make the Lee metric a promising alternative for classical code-based cryptography. Unlike in the Hamming metric, an error vector that is chosen uniform at random of a given Lee weight is exp…
▽ More
The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have been proposed. The observation that such decoders come with a larger cost than their Hamming metric counterparts make the Lee metric a promising alternative for classical code-based cryptography. Unlike in the Hamming metric, an error vector that is chosen uniform at random of a given Lee weight is expected to have only few entries with large Lee weight. Using this expected distribution of entries, we are able to drastically decrease the cost of generic decoders in the Lee metric, by reducing the original problem to a smaller instance, whose solution lives in restricted balls.
△ Less
Submitted 25 May, 2022;
originally announced May 2022.
-
Generic Decoding in the Cover Metric
Authors:
Sebastian Bitzer,
Julian Renner,
Antonia Wachter-Zeh,
Violetta Weger
Abstract:
In this paper, we study the hardness of decoding a random code endowed with the cover metric. As the cover metric lies in between the Hamming and rank metric, it presents itself as a promising candidate for code-based cryptography. We give a polynomial-time reduction from the classical Hamming-metric decoding problem, which proves the NP-hardness of the decoding problem in the cover metric. We the…
▽ More
In this paper, we study the hardness of decoding a random code endowed with the cover metric. As the cover metric lies in between the Hamming and rank metric, it presents itself as a promising candidate for code-based cryptography. We give a polynomial-time reduction from the classical Hamming-metric decoding problem, which proves the NP-hardness of the decoding problem in the cover metric. We then provide a generic decoder, following the information set decoding idea from Prange's algorithm in the Hamming metric. A study of its cost then shows that the complexity is exponential in the number of rows and columns, which is in contrast to the behaviour in the Hamming metric, where the complexity grows exponentially in the number of code symbols.
△ Less
Submitted 25 May, 2022;
originally announced May 2022.
-
A Survey on Code-Based Cryptography
Authors:
Violetta Weger,
Niklas Gassner,
Joachim Rosenthal
Abstract:
The improvements on quantum technology are threatening our daily cybersecurity, as a capable quantum computer can break all currently employed asymmetric cryptosystems. In preparation for the quantum-era the National Institute of Standards and Technology (NIST) has initiated in 2016 a standardization process for public-key encryption (PKE) schemes, key-encapsulation mechanisms (KEM) and digital si…
▽ More
The improvements on quantum technology are threatening our daily cybersecurity, as a capable quantum computer can break all currently employed asymmetric cryptosystems. In preparation for the quantum-era the National Institute of Standards and Technology (NIST) has initiated in 2016 a standardization process for public-key encryption (PKE) schemes, key-encapsulation mechanisms (KEM) and digital signature schemes. In 2023, NIST made an additional call for post-quantum signatures. With this chapter we aim at providing a survey on code-based cryptography, focusing on PKEs and signature schemes. We cover the main frameworks introduced in code-based cryptography and analyze their security assumptions. We provide the mathematical background in a lecture notes style, with the intention of reaching a wider audience.
△ Less
Submitted 1 February, 2024; v1 submitted 18 January, 2022;
originally announced January 2022.
-
Bounds in the Lee Metric and Optimal Codes
Authors:
Eimear Byrne,
Violetta Weger
Abstract:
In this paper we investigate known Singleton-like bounds in the Lee metric and characterize optimal codes, which turn out to be very few. We then focus on Plotkin-like bounds in the Lee metric and present a new bound that extends and refines a previously known, and out-performs it in the case of non-free codes. We then compute the density of optimal codes with regard to the new bound. Finally we f…
▽ More
In this paper we investigate known Singleton-like bounds in the Lee metric and characterize optimal codes, which turn out to be very few. We then focus on Plotkin-like bounds in the Lee metric and present a new bound that extends and refines a previously known, and out-performs it in the case of non-free codes. We then compute the density of optimal codes with regard to the new bound. Finally we fill a gap in the characterization of Lee-equidistant codes.
△ Less
Submitted 13 December, 2021;
originally announced December 2021.
-
Density of Free Modules over Finite Chain Rings
Authors:
Eimear Byrne,
Anna-Lena Horlemann,
Karan Khathuria,
Violetta Weger
Abstract:
In this paper we focus on modules over a finite chain ring $\mathcal{R}$ of size $q^s$. We compute the density of free modules of $\mathcal{R}^n$, where we separately treat the asymptotics in $n,q$ and $s$. In particular, we focus on two cases: one where we fix the length of the module and one where we fix the rank of the module. In both cases, the density results can be bounded by the Andrews-Gor…
▽ More
In this paper we focus on modules over a finite chain ring $\mathcal{R}$ of size $q^s$. We compute the density of free modules of $\mathcal{R}^n$, where we separately treat the asymptotics in $n,q$ and $s$. In particular, we focus on two cases: one where we fix the length of the module and one where we fix the rank of the module. In both cases, the density results can be bounded by the Andrews-Gordon identities. We also study the asymptotic behaviour of modules generated by random matrices over $\mathcal{R}$. Since linear codes over $\mathcal{R}$ are submodules of $\mathcal{R}^n$ we get direct implications for coding theory. For example, we show that random codes achieve the Gilbert-Varshamov bound with high probability.
△ Less
Submitted 8 February, 2022; v1 submitted 17 June, 2021;
originally announced June 2021.
-
On Bounds for Ring-Based Coding Theory
Authors:
Niklas Gassner,
Marcus Greferath,
Joachim Rosenthal,
Violetta Weger
Abstract:
Coding Theory where the alphabet is identified with the elements of a ring or a module has become an important research topic over the last 30 years. Such codes over rings had important applications and many interesting mathematical problems are related to this line of research.
It has been well established, that with the generalization of the algebraic structure to rings there is a need to also…
▽ More
Coding Theory where the alphabet is identified with the elements of a ring or a module has become an important research topic over the last 30 years. Such codes over rings had important applications and many interesting mathematical problems are related to this line of research.
It has been well established, that with the generalization of the algebraic structure to rings there is a need to also generalize the underlying metric beyond the usual Hamming weight used in traditional coding theory over finite fields.
This paper introduces a new weight, called the overweight, which can be seen as a generalization of the Lee weight on the integers modulo $4$. For this new weight we provide a number of well-known bounds, like a Plotkin bound, a sphere-packing bound, and a Gilbert-Varshamov bound. A further highlight is the proof of a Johnson bound for the homogeneous weight on a general finite Frobenius ring.
△ Less
Submitted 16 March, 2021; v1 submitted 13 March, 2021;
originally announced March 2021.
-
On single server private information retrieval in a coding theory perspective
Authors:
Gianira N. Alfarano,
Karan Khathuria,
Violetta Weger
Abstract:
In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. Further,…
▽ More
In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. Further, we describe some known PIR schemes with respect to this code-based framework, and present the weaknesses of the broken PIR schemes in a generic point of view.
△ Less
Submitted 14 August, 2020;
originally announced August 2020.
-
A New Path to Code-based Signatures via Identification Schemes with Restricted Errors
Authors:
Marco Baldi,
Massimo Battaglioni,
Franco Chiaraluce,
Anna-Lena Horlemann-Trautmann,
Edoardo Persichetti,
Paolo Santini,
Violetta Weger
Abstract:
In this paper we introduce a variant of the Syndrome Decoding Problem (SDP), that we call Restricted SDP (R-SDP), in which the entries of the searched vector are defined over a subset of the underlying finite field. We prove the NP-completeness of R-SDP, via a reduction from the classical SDP, and describe algorithms which solve such new problem. We study the properties of random codes under this…
▽ More
In this paper we introduce a variant of the Syndrome Decoding Problem (SDP), that we call Restricted SDP (R-SDP), in which the entries of the searched vector are defined over a subset of the underlying finite field. We prove the NP-completeness of R-SDP, via a reduction from the classical SDP, and describe algorithms which solve such new problem. We study the properties of random codes under this new decoding perspective, in the fashion of traditional coding theory results, and assess the complexity of solving a random R-SDP instance. As a concrete application, we describe how Zero-Knowledge Identification (ZK-ID) schemes based on SDP can be tweaked to rely on R-SDP, and show that this leads to compact public keys as well as significantly reduced communication costs. Thus, these schemes offer an improved basis for the construction of code-based digital signature schemes derived from identification schemes through the well-know Fiat-Shamir transformation.
△ Less
Submitted 30 January, 2021; v1 submitted 14 August, 2020;
originally announced August 2020.
-
On the Hardness of the Lee Syndrome Decoding Problem
Authors:
Violetta Weger,
Karan Khathuria,
Anna-Lena Horlemann,
Massimo Battaglioni,
Paolo Santini,
Edoardo Persichetti
Abstract:
In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the $3$-dimensional matching problem. Then, we study the complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric o…
▽ More
In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the $3$-dimensional matching problem. Then, we study the complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric over finite rings, as well as proposing some novel solutions. For the analyzed algorithms, we assess the computational complexity in the asymptotic regime and compare it to the corresponding algorithms in the Hamming metric.
△ Less
Submitted 1 April, 2022; v1 submitted 27 February, 2020;
originally announced February 2020.
-
Information set decoding of Lee-metric codes over finite rings
Authors:
Violetta Weger,
Massimo Battaglioni,
Paolo Santini,
Franco Chiaraluce,
Marco Baldi,
Edoardo Persichetti
Abstract:
Information set decoding (ISD) algorithms are the best known procedures to solve the decoding problem for general linear codes. These algorithms are hence used for codes without a visible structure, or for which efficient decoders exploiting the code structure are not known. Classically, ISD algorithms have been studied for codes in the Hamming metric. In this paper we switch from the Hamming metr…
▽ More
Information set decoding (ISD) algorithms are the best known procedures to solve the decoding problem for general linear codes. These algorithms are hence used for codes without a visible structure, or for which efficient decoders exploiting the code structure are not known. Classically, ISD algorithms have been studied for codes in the Hamming metric. In this paper we switch from the Hamming metric to the Lee metric, and study ISD algorithms and their complexity for codes measured with the Lee metric over finite rings.
△ Less
Submitted 18 February, 2021; v1 submitted 23 January, 2020;
originally announced January 2020.
-
Encryption Scheme Based on Expanded Reed-Solomon Codes
Authors:
Karan Khathuria,
Joachim Rosenthal,
Violetta Weger
Abstract:
We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an extension field as secret codes and disguise it by considering its shortened expanded code over the base field. Considering shortened expanded codes provides a safeguard against distinguisher attacks based on the Schur product. Moreover, without using a cyclic or a quasi-cyclic structure we obtain a key siz…
▽ More
We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an extension field as secret codes and disguise it by considering its shortened expanded code over the base field. Considering shortened expanded codes provides a safeguard against distinguisher attacks based on the Schur product. Moreover, without using a cyclic or a quasi-cyclic structure we obtain a key size reduction of nearly $45 \%$ compared to the classic McEliece cryptosystem proposed by Bernstein et al.
△ Less
Submitted 26 November, 2019; v1 submitted 3 June, 2019;
originally announced June 2019.
-
Information Set Decoding in the Lee Metric with Applications to Cryptography
Authors:
Anna-Lena Horlemann-Trautmann,
Violetta Weger
Abstract:
We convert Stern's information set decoding (ISD) algorithm to the ring $\mathbb{Z}/4 \mathbb{Z}$ equipped with the Lee metric. Moreover, we set up the general framework for a McEliece and a Niederreiter cryptosystem over this ring. The complexity of the ISD algorithm determines the minimum key size in these cryptosystems for a given security level. We show that using Lee metric codes can drastica…
▽ More
We convert Stern's information set decoding (ISD) algorithm to the ring $\mathbb{Z}/4 \mathbb{Z}$ equipped with the Lee metric. Moreover, we set up the general framework for a McEliece and a Niederreiter cryptosystem over this ring. The complexity of the ISD algorithm determines the minimum key size in these cryptosystems for a given security level. We show that using Lee metric codes can drastically decrease the key size, compared to Hamming metric codes. In the end we explain how our results can be generalized to other Galois rings $\mathbb{Z}/p^s\mathbb{Z}$.
△ Less
Submitted 27 April, 2020; v1 submitted 18 March, 2019;
originally announced March 2019.
-
Generalization of the Ball-Collision Algorithm
Authors:
Carmelo Interlando,
Karan Khathuria,
Nicole Rohrer,
Joachim Rosenthal,
Violetta Weger
Abstract:
In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
△ Less
Submitted 28 December, 2018;
originally announced December 2018.
-
On the algebraic structure of $E_p^{(m)}$ and applications to cryptography
Authors:
Karan Khathuria,
Giacomo Micheli,
Violetta Weger
Abstract:
In this paper we show that the $\mathbb Z/p^{m}\mathbb Z$-module structure of the ring $E_p^{(m)}$ is isomorphic to a $\mathbb Z/p^{m}\mathbb Z$-submodule of the matrix ring over $\mathbb Z/p^{m}\mathbb Z$. Using this intrinsic structure of $E_p^{(m)}$, solving a linear system over $E_p^{(m)}$ becomes computationally equivalent to solving a linear system over $\mathbb Z/p^{m}\mathbb Z$. As an appl…
▽ More
In this paper we show that the $\mathbb Z/p^{m}\mathbb Z$-module structure of the ring $E_p^{(m)}$ is isomorphic to a $\mathbb Z/p^{m}\mathbb Z$-submodule of the matrix ring over $\mathbb Z/p^{m}\mathbb Z$. Using this intrinsic structure of $E_p^{(m)}$, solving a linear system over $E_p^{(m)}$ becomes computationally equivalent to solving a linear system over $\mathbb Z/p^{m}\mathbb Z$. As an application we break the protocol based on the Diffie-Hellman Decomposition problem and ElGamal Decomposition problem over $E_p^{(m)}$. Our algorithm terminates in a provable running time of $O(m^{6})$ $\mathbb Z/p^{m}\mathbb Z$-operations.
△ Less
Submitted 14 December, 2019; v1 submitted 6 October, 2018;
originally announced October 2018.
