2017
DOI: 10.1007/978-3-319-59879-6_5
|View full text |Cite
|
Sign up to set email alerts
|

Quantum Information Set Decoding Algorithms

Abstract: The security of code-based cryptosystems such as the McEliece cryptosystem relies primarily on the difficulty of decoding random linear codes. The best decoding algorithms are all improvements of an old algorithm due to Prange: they are known under the name of information set decoding techniques. It is also important to assess the security of such cryptosystems against a quantum computer. This research thread started in [22] and the best algorithm to date has been Bernstein's quantising [5] of the simplest inf… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
33
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 53 publications
(34 citation statements)
references
References 24 publications
0
33
0
Order By: Relevance
“…This problem is considered very hard when t or w are large enough: after decades of active research [Pra62, LB88, Leo88, Ste88, Dum91, Bar97, FS09, BLP11, MMT11, BJMM12, MO15, DT17, BM17] the best algorithms solving this issue are still exponential in t (or w), their complexity is of the form e tα(R)(1+o(1)) N (replace t by w in the low-weight search problem) where N is the number of solutions of the problem and R is the rate of the code. This holds even for algorithms in the quantum computing model [Ber11,KT17]. Moreover, the relative exponent α(R) has decreased only very slowly after 50 years of active research on the topic.The proposal made in [MTSB13] exploits this.…”
Section: Introductionmentioning
confidence: 99%
“…This problem is considered very hard when t or w are large enough: after decades of active research [Pra62, LB88, Leo88, Ste88, Dum91, Bar97, FS09, BLP11, MMT11, BJMM12, MO15, DT17, BM17] the best algorithms solving this issue are still exponential in t (or w), their complexity is of the form e tα(R)(1+o(1)) N (replace t by w in the low-weight search problem) where N is the number of solutions of the problem and R is the rate of the code. This holds even for algorithms in the quantum computing model [Ber11,KT17]. Moreover, the relative exponent α(R) has decreased only very slowly after 50 years of active research on the topic.The proposal made in [MTSB13] exploits this.…”
Section: Introductionmentioning
confidence: 99%
“…We chose to employ the results provided in [43] to evaluate the computational efforts of Stern's variant of the ISD as they provide exact formulas instead of asymptotic bounds. However, we note that a recent work [22] provides improved asymptotic bounds on the computational complexity of quantum ISD for increasing values of the codeword length n. Deriving from this approach exact values for given parameters set is worth investigating.…”
Section: Analysis Of the Algorithm With Respect To Known Attacksmentioning
confidence: 97%
“…Instead, with classical computers the most efficient ISD algorithm turns out to be the BJMM algorithm in [9]. Therefore, the security levels against attackers provided with classical computers have been estimated by considering the work factor of BJMM in (22) and (23). We chose to employ the results provided in [43] to evaluate the computational efforts of Stern's variant of the ISD as they provide exact formulas instead of asymptotic bounds.…”
Section: Analysis Of the Algorithm With Respect To Known Attacksmentioning
confidence: 99%
See 2 more Smart Citations