Improved decoding of Reed-Solomon and algebraic-geometry codes

Guruswami, Venkatesan; Sudan, Madhu

doi:10.1109/18.782097

Cited by 848 publications

(556 citation statements)

References 23 publications

Supporting

Mentioning

547

Contrasting

Unclassified

Order By: Relevance

“…We comment that the above theorem does not contradict to the efficient list decoding algorithm in [6], since the code in our proof has rate approaching one.…”

Section: Our Results On Hardness Of Decodingmentioning

confidence: 88%

“…The ultimate decoding problem for an error-correcting [n, k] q code is the maximum likelihood decoding: given a received word u ∈ F n q , find a codeword v such that the Hamming distance d(u, v) is minimal. When the number of errors is reasonably small, say, smaller than n − √ nk, then the list decoding algorithms of Guruswami-Sudan [6] gives a polynomial time algorithm to find all the codewords.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Complexity of Decoding Positive-Rate Reed-Solomon Codes

Cheng

Wan

2008

Automata, Languages and Programming

View full text Add to dashboard Cite

Abstract-It has been proved that the maximum likelihood decoding problem of Reed-Solomon codes is NP-hard. However, the length of the code in the proof is at most polylogarithmic in the size of the alphabet. For the complexity of maximum likelihood decoding of the primitive Reed-Solomon code, whose length is one less than the size of alphabet, the only known result states that it is at least as hard as the discrete logarithm in some cases where the information rate unfortunately goes to zero. In this paper, it is proved under a well known cryptography hardness assumption that 1) There does not exist a randomized polynomial time maximum likelihood decoder for the Reed-Solomon code family2) There does not exist a randomized polynomial time bounded-distance decoder for primitive Reed-Solomon codes at distance 2 3 + of the minimum distance for any constant 0 < < 1 3 . In particular, this rules out the possibility of a polynomial time algorithm for maximum likelihood decoding problem of primitive Reed-Solomon codes of any rate under the assumption.

show abstract

“…We comment that the above theorem does not contradict to the efficient list decoding algorithm in [6], since the code in our proof has rate approaching one.…”

Section: Our Results On Hardness Of Decodingmentioning

confidence: 88%

Section: Introductionmentioning

confidence: 99%

Complexity of Decoding Positive-Rate Reed-Solomon Codes

Cheng

Wan

2008

Automata, Languages and Programming

View full text Add to dashboard Cite

show abstract

“…In [5] Boneh and Franklin emphasize an interesting property of their scheme, namely the possibility to trace a collusion of more than k traitors using listdecoding techniques like the Guruswami-Sudan algorithm [18,19]. This would correspond to finding more than k errors in a codeword.…”

Section: Above-threshold Tracingmentioning

confidence: 99%

“…In the second step, factors (y − f (x)) of Q(x, y) are determined such that deg(f (x)) ≤ − 2k − 1. For a complete description of the method see [18,19]. Below we are interested in its practical feasibility (in particular of the first step) in the context of the traitor tracing problem.…”

Section: Guruswami-sudan Algorithm For Reed-solomon Codesmentioning

confidence: 99%

Improving the Boneh-Franklin Traitor Tracing Scheme

Junod

Karlov

Lenstra

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Traitor tracing schemes are cryptographically secure broadcast methods that allow identification of conspirators: if a pirate key is generated by k traitors out of a static set of legitimate users, then all traitors can be identified given the pirate key. In this paper we address three practicality and security issues of the Boneh-Franklin traitortracing scheme. In the first place, without changing the original scheme, we modify its tracing procedure in the non-black-box model such that it allows identification of k traitors in timeÕ(k 2 ), as opposed to the original tracing complexityÕ( ). This new tracing procedure works independently of the nature of the Reed-Solomon code used to watermark private keys. As a consequence, in applications with billions of users it takes just a few minutes on a common desktop computer to identify large collusions. Secondly, we exhibit the lack of practical value of listdecoding algorithms to identify more than k traitors. Finally, we show that 2k traitors can derive the keys of all legitimate users and we propose a fix to this security issue.

show abstract

“…The best algorithm known to solve this problem is the recent algorithm of Guruswami and Sudan [17] (GS), which was inspired by previous work of Ar et al [3] on a related problem. Its running time is polynomial in n, and the algorithm succeeds provided t > √ kn, for any field F of cardinality at most 2 n .…”

Section: S3 S2mentioning

confidence: 99%

Noisy Polynomial Interpolation and Noisy Chinese Remaindering

Bleichenbacher¹,

Nguyêñ

2000

Advances in Cryptology — EUROCRYPT 2000

View full text Add to dashboard Cite

Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange's polynomial interpolation. This paper presents new algorithms to solve the noisy polynomial interpolation problem. In particular, we prove a reduction from noisy polynomial interpolation to the lattice shortest vector problem, when the parameters satisfy a certain condition that we make explicit. Standard lattice reduction techniques appear to solve many instances of the problem. It follows that noisy polynomial interpolation is much easier than expected. We therefore suggest simple modifications to several cryptographic schemes recently proposed, in order to change the intractability assumption. We also discuss analogous methods for the related noisy Chinese remaindering problem arising from the well-known analogy between polynomials and integers.

show abstract

Improved decoding of Reed-Solomon and algebraic-geometry codes

Cited by 848 publications

References 23 publications

Complexity of Decoding Positive-Rate Reed-Solomon Codes

Complexity of Decoding Positive-Rate Reed-Solomon Codes

Improving the Boneh-Franklin Traitor Tracing Scheme

Noisy Polynomial Interpolation and Noisy Chinese Remaindering

Contact Info

Product

Resources

About