Advanced Search
Article Contents
Article Contents

Information set decoding in the Lee metric with applications to cryptography

  • * Corresponding author: Violetta Weger

    * Corresponding author: Violetta Weger
Abstract Full Text(HTML) Figure(0) / Table(1) Related Papers Cited by
  • We convert Stern's information set decoding (ISD) algorithm to the ring $ \mathbb{Z}/4 \mathbb{Z} $ equipped with the Lee metric. Moreover, we set up the general framework for a McEliece and a Niederreiter cryptosystem over this ring. The complexity of the ISD algorithm determines the minimum key size in these cryptosystems for a given security level. We show that using Lee metric codes can substantially decrease the key size, compared to Hamming metric codes. In the end we explain how our results can be generalized to other Galois rings $ \mathbb{Z}/p^s\mathbb{Z} $.

    Mathematics Subject Classification: Primary: 11T71; Secondary: 68P30.


    \begin{equation} \\ \end{equation}
  • 加载中
  • Table 1.  Key sizes and security levels (both in bits) for GV-codes over $ \mathbb Z_4 $ with $ n = 150 $ and $ d = 81 $

    $ k_1 $ 1 2 3 $ \dots$ 18 19 $ \dots$ 24 25 26
    best $ \ell $ 0 0 0 $ \dots$ 0 0 $ \dots$ 0 1 2
    best $ v $ 4 4 4 $ \dots$ 3 3 $ \dots$ 2 2 2
    key size 5198 5296 5390 $ \dots$ 6110 6160 $ \dots$ 6440 6446 6448
    security level 31 31 31 $ \dots$ 27 27 $ \dots$ 28 28 28
     | Show Table
    DownLoad: CSV
  • [1] E. F. Assmus and H. F. Mattson, Error-correcting codes: An axiomatic approach, Information and Control, 6 (1963), 315-330.  doi: 10.1016/S0019-9958(63)80010-8.
    [2] A. Becker, A. Joux, A. May and A. Meurer, Decoding random binary linear codes in $2^{n/20}$: How 1+ 1 = 0 improves information set decoding, Advances in Cryptology–EUROCRYPT 2012, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7237 (2012), 520–536. doi: 10.1007/978-3-642-29011-4_31.
    [3] E. Berlekamp, Algebraic Coding Theory, World Scientific Publishing Co. Pte. Ltd., Hackensack, NJ, 2015. doi: 10.1142/9407.
    [4] D. J. Bernstein, Grover vs. McEliece, In International Workshop on Post-Quantum Cryptography, Lecture Notes in Comput. Sci., Springer, 6061 (2010), 73–80. doi: 10.1007/978-3-642-12929-2_6.
    [5] D. J. Bernstein, T. Lange and C. Peters, Attacking and defending the McEliece cryptosystem, In International Workshop on Post-Quantum Cryptography, Springer, (2008), 31–46. doi: 10.1007/978-3-540-88403-3_3.
    [6] D. J. Bernstein, T. Lange and C. Peters, Smaller decoding exponents: Ball-collision decoding, In Annual Cryptology Conference, Springer, (2011), 743–760. doi: 10.1007/978-3-642-22792-9_42.
    [7] T. Blackford, Cyclic codes over $\mathbb{Z}_4$ of oddly even length, Discrete Applied Mathematics, 128 (2003), 27-46.  doi: 10.1016/S0166-218X(02)00434-1.
    [8] I. F. Blake, Codes over certain rings, Information and Control, 20 (1972), 396-404.  doi: 10.1016/S0019-9958(72)90223-9.
    [9] I. F. Blake, Codes over integer residue rings, Information and Control, 29 (1975), 295-300.  doi: 10.1016/S0019-9958(75)80001-5.
    [10] E. Byrne, Decoding a class of Lee metric codes over a Galois ring, IEEE Transactions on Information Theory, 48 (2002), 966-975.  doi: 10.1109/18.992804.
    [11] A. Canteaut and Hervé Chabanne, A Further Improvement of the Work Factor in an Attempt at Breaking McEliece's Cryptosystem, PhD thesis, INRIA, 1994.
    [12] A. Canteaut and F. Chabaud, A new algorithm for finding minimum-weight words in a linear code: Application to McEliece's cryptosystem and to narrow-sense BCH codes of length 511, IEEE Transactions on Information Theory, 44 (1998), 367-378.  doi: 10.1109/18.651067.
    [13] A. Canteaut and N. Sendrier, Cryptanalysis of the original McEliece cryptosystem, In Advances in Cryptology ASIACRYPT'98 (Beijing), Lecture Notes in Comput. Sci., Springer, Berlin, 1514 (1998), 187–199. doi: 10.1007/3-540-49649-1_16.
    [14] F. Chabaud, Asymptotic analysis of probabilistic algorithms for finding short codewords, Eurocode '92 (Udine, 1992), CISM Courses and Lect., Springer, Vienna, 339 (1993), 175–183.
    [15] J. T. Coffey and R. M. Goodman, The complexity of information set decoding, IEEE Transactions on Information Theory, 36 (1990), 1031-1037.  doi: 10.1109/18.57202.
    [16] I. I. Dumer, Two decoding algorithms for linear codes, Problemy Peredachi Informatsii, 25 (1989), 24-32. 
    [17] T. Etzion, A. Vardy and E. Yaakobi, Dense error-correcting codes in the Lee metric, In IEEE Information Theory Workshop, (2010), 1–5.
    [18] M. Finiasz and N. Sendrier, Security bounds for the design of code-based cryptosystems, In International Conference on the Theory and Application of Cryptology and Information Security, Springer, (2009), 88–105. doi: 10.1007/978-3-642-10366-7_6.
    [19] E. Gabidulin, A brief survey of metrics in coding theory, Mathematics of Distances and Applications, 66 (2012).
    [20] M. Greferath, An introduction to ring-linear coding theory, In Gröbner Bases, Coding, and Cryptography, Springer, (2009), 219–238. doi: 10.1007/978-3-540-93806-4_13.
    [21] R. A. HammonsV. P. KumarR. A. CalderbankN. Sloane and P. Solé, The $\mathbb{Z}_4$-linearity of Kerdock, Preparata, Goethals, and related codes, IEEE Transactions on Information Theory, 40 (1994), 301-319.  doi: 10.1109/18.312154.
    [22] T. Helleseth and V. Zinoviev, On $\mathbb{Z}_4$-linear Goethals codes and Kloosterman sums, Designs, Codes and Cryptography, 17 (1999), 269-288.  doi: 10.1023/A:1026491513009.
    [23] S. Hirose, May-Ozerov algorithm for nearest-neighbor problem over $\mathbb{F}_q$ and its application to information set decoding, In International Conference for Information Technology and Communications, Springer, (2016), 115–126.
    [24] C. Interlando, K. Khathuria, N. Rohrer, J. Rosenthal and V. Weger, Generalization of the Ball-Collision algorithm, preprint, arXiv: : 1812.10955, 2018.
    [25] D. S. Krotov, $\mathbb{Z}_4$-linear Hadamard and extended perfect codes, Electron. Notes Discrete Math., Elsevier Sci. B. V., Amsterdam, 6 (2001), 107-112. 
    [26] E. A. Kruk, Decoding complexity bound for linear block codes, Problemy Peredachi Informatsii, 25 (1989), 103-107. 
    [27] P. J. Lee and E. F. Brickell, An observation on the security of McEliece's public-key cryptosystem, In Workshop on the Theory and Application of of Cryptographic Techniques, Springer, 330 (1988), 275–280. doi: 10.1007/3-540-45961-8_25.
    [28] J. S. Leon, A probabilistic algorithm for computing minimum weights of large error-correcting codes, IEEE Transactions on Information Theory, 34 (1988), 1354-1359.  doi: 10.1109/18.21270.
    [29] A. May, A. Meurer and E. Thomae, Decoding random linear codes in $\mathcal{O} (2^{0.054 n})$, In International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2011 (2011), 107–124. doi: 10.1007/978-3-642-25385-0_6.
    [30] A. May and I. Ozerov, On computing nearest neighbors with applications to decoding of binary linear codes, In Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, (2015), 203–228. doi: 10.1007/978-3-662-46800-5_9.
    [31] R. J. McEliece, A Public-Key Cryptosystem Based on Algebraic Coding Theory, Technical report, DSN Progress report, Jet Propulsion Laboratory, Pasadena, 1978.
    [32] A. Meurer, A Coding-Theoretic Approach to Cryptanalysis, PhD thesis, Ruhr University Bochum, 2012.
    [33] A. A. Nechaev, Kerdock code in a cyclic form, Discrete Mathematics and Applications, 1 (1991), 365-384.  doi: 10.1515/dma.1991.1.4.365.
    [34] R. NiebuhrE. PersichettiPi erre-Louis CayrelS. Bulygin and J. Buchmann, On lower bounds for information set decoding over $\mathbb{F}_q$ and on the effect of partial knowledge, International journal of information and Coding Theory, 4 (2017), 47-78.  doi: 10.1504/IJICOT.2017.081458.
    [35] C. Peters, Information-set decoding for linear codes over $\mathbb{F}_q$, In International Workshop on Post-Quantum Cryptography, Springer, 6061 (2010), 81–94. doi: 10.1007/978-3-642-12929-2_7.
    [36] V. S. Pless and Z. Qian, Cyclic codes and quadratic residue codes over $\mathbb{Z}_4$, IEEE Transactions on Information Theory, 42 (1996), 1594-1600.  doi: 10.1109/18.532906.
    [37] E. Prange, The use of information sets in decoding cyclic codes, IRE Transactions on Information Theory, 8 (1962), 5-9.  doi: 10.1109/tit.1962.1057777.
    [38] R. M. Roth and P. H. Siegel, Lee-metric BCH codes and their application to constrained and partial-response channels, IEEE Transactions on Information Theory, 40 (1994), 1083-1096.  doi: 10.1109/18.335966.
    [39] C. Satyanarayana, Lee metric codes over integer residue rings (corresp), IEEE Transactions on Information Theory, 25 (1979), 250-254.  doi: 10.1109/TIT.1979.1056017.
    [40] P. Shankar, On BCH codes over arbitrary integer rings (corresp), IEEE Transactions on Information Theory, 25 (1979), 480-483.  doi: 10.1109/TIT.1979.1056063.
    [41] E. Spiegel, Codes over $\mathbb{Z}_m$, Information and control, 35 (1977), 48-51.  doi: 10.1016/S0019-9958(77)90526-5.
    [42] J. Stern, A method for finding codewords of small weight, In International Colloquium on Coding Theory and Applications, Springer, 388 (1989), 106–113. doi: 10.1007/BFb0019850.
    [43] I. Tal and R. M. Roth, On list decoding of alternant codes in the Hamming and Lee metrics, In IEEE International Symposium on Information Theory, 2003,364–364.
    [44] H. Tapia-Recillas, A secret sharing scheme from a chain ring linear code, Congressus Numerantium, 186 (2007), 33-39. 
    [45] J. van Tilburg, On the McEliece public-key cryptosystem, In Conference on the Theory and Application of Cryptography, Springer, 403 (1990), 119–131. doi: 10.1007/0-387-34799-2_10.
    [46] V. Weger, M. Battaglioni, P. Santini, F. Chiaraluce, M. Baldi and E. Persichetti, Information set decoding of Lee-metric codes over finite rings, arXiv preprint, arXiv: 2001.08425, 2020.
    [47] Y. Wu and C. N. Hadjicostis, Decoding algorithm and architecture for BCH codes under the Lee metric, IEEE Transactions on Communications, 56 (2008), 2050-2059.  doi: 10.1109/TCOMM.2008.041227.
  • 加载中



Article Metrics

HTML views(2451) PDF downloads(309) Cited by(0)

Access History

Other Articles By Authors



    DownLoad:  Full-Size Img  PowerPoint