Repairing the Faure-Loidreau Public-Key Cryptosystem

Wachter-Zeh, Antonia; Puchinger, Sven; Renner, Julian

doi:10.1109/isit.2018.8437561

Cited by 18 publications

(24 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One can also observe that the derived lower bounds on the work factor give a good estimate of the actual runtime of the algorithm denoted by W Sim . The results in Table 1 show further, that for parameters proposed in [19,33], the new algorithm solves Problem 2 with a significantly lower computational complexity than the approaches based on the known algorithms.…”

Section: Examples and Simulation Resultsmentioning

confidence: 85%

“…The security of the public-key cryptosystem from [2] relied on the hardness of ML decoding of RS codes but was broken by a structural attack. More recently, some public-key cryptosystems based their security partly upon the difficulty of solving the problem Dec-Gab (Decisional-Gabidulin defined in the following) and Search-Gab (Search-Gabidulin), i.e., decoding Gabidulin codes beyond the unique decoding radius or derived instances of this problem [8,19,33].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius

Renner

Jerkovits

Bartz

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.

show abstract

Section: Examples and Simulation Resultsmentioning

confidence: 85%

Section: Introductionmentioning

confidence: 99%

Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius

Renner

Jerkovits

Bartz

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Another important distance function of coding theory is the rank metric, which measures the rank of the difference between a pair of matrices with entries from a finite field F q . Rank metric codes have seen a recent resurgence of interest both for their potential use in code based cryptography and as error-correcting codes in network communications [19,26,27,36,39,40]. They are also intriguing as mathematical objects in their own right, and several researchers have sought to describe their structural properties [1,4,7,12,13,14,20,21,25,32,35].…”

Section: Introductionmentioning

confidence: 99%

Partition-balanced families of codes and asymptotic enumeration in coding theory

Byrne

Ravagnani

2020

Journal of Combinatorial Theory, Series A

View full text Add to dashboard Cite

We introduce the class of partition-balanced families of codes, and show how to exploit their combinatorial invariants to obtain upper and lower bounds on the number of codes that have a prescribed property. In particular, we derive precise asymptotic estimates on the density functions of several classes of codes that are extremal with respect to minimum distance, covering radius, and maximality. The techniques developed in this paper apply to various distance functions, including the Hamming and the rank metric distances. Applications of our results show that, unlike the Fqm -linear MRD codes, the Fq-linear MRD codes are not dense in the family of codes of the same dimension. More precisely, we show that the density of Fq-linear MRD codes in F n×m q in the set of all matrix codes of the same dimension is asymptotically at most 1/2, both as q → +∞ and as m → +∞. We also prove that MDS and Fqm -linear MRD codes are dense in the family of maximal codes. Although there does not exist a direct analogue of the redundancy bound for the covering radius of Fq-linear rank metric codes, we show that a similar bound is satisfied by a uniformly random matrix code with high probability. In particular, we prove that codes meeting this bound are dense. Finally, we compute the average weight distribution of linear codes in the rank metric, and other parameters that generalize the total weight of a linear code.2010 Mathematics Subject Classification. 05A16, 11T71.

show abstract

“…In 2018, Gaborit et al showed, that the private key in the FL crytposystem can be recovered in polynomial time from the public key with high probability. In [7] it was shown, that the attack from [8] is equivalent to the problem of list decoding interleaved Gabidulin codes [9]. In other words, the private key is a noisy codeword of an interleaved Gabidulin code with error weight chosen slightly larger then the unique decoding radius.…”

Section: Introductionmentioning

confidence: 99%

“…This kind of decoding is called probabilist unique decoding. By restricting to error patterns that make the probabilistic unique decoder of an interleaved Gabidulin decoder fail, the FL cryptosystem can be repaired [7].…”

Section: Introductionmentioning

confidence: 99%