American Institute of Mathematical Sciences

The first construction of strongly secure quantum ramp secret sharing by Zhang and Matsumoto had an undesirable feature that the dimension of quantum shares must be larger than the number of shares. By using algebraic curves over finite fields, we propose a new construction in which the number of shares can become arbitrarily large for fixed dimension of shares.

We consider a communication scenario in which the channel undergoes two different classes of attacks at the same time: a passive eavesdropper and an active jammer. This scenario is modelled by the concept of arbitrarily varying wiretap channels (AVWCs). In this paper, we derive a full characterization of the list secrecy capacity of the AVWC, showing that the list secrecy capacity is equivalent to the correlated random secrecy capacity if the list size L is greater than the order of symmetrizability of the AVC between the transmitter and the legitimate receiver. Otherwise, it is zero. Our result indicates that for a sufficiently large list size L, list codes can overcome the drawbacks of correlated and uncorrelated codes and provide a stable secrecy capacity for AVWCs. Furthermore, we investigate the effect of relaxing the reliability and secrecy constraints by allowing a non-vanishing error probability and information leakage on the list size L. We found that we can construct a list code whose rate is close to the correlated secrecy capacity using a finite list size L that only depends on the average error probability requested. Finally, we point out that our capacity characterization is an important step in investigating the analytical properties of the capacity function such as: the continuity behavior, Turing computability and super-activation of parallel AVWCs.

Scalar multiplication on suitable Legendre form elliptic curves can be speeded up in two ways. One can perform the bulk of the computation either on the associated Kummer line or on an appropriate twisted Edwards form elliptic curve. This paper provides details of moving to and from between Legendre form elliptic curves and associated Kummer line and moving to and from between Legendre form elliptic curves and related twisted Edwards form elliptic curves. Further, concrete twisted Edwards form elliptic curves are identified which correspond to known Kummer lines at the 128-bit security level which provide very fast scalar multiplication on modern architectures supporting SIMD operations.

Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks (SPN) and Feistel Networks (FN), are often obtained as the composition of different layers. The bijectivity of any encryption function is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. Efficient decryption is guaranteed by the use of wave functions in FNs. It is shown how to avoid that the group generated by the round functions acts imprimitively, a serious flaw for the cipher. The primitivity is a consequence of a more general result, which reduce the problem of proving that a given FN generates a primitive group to proving that an SPN, directly related to the given FN, generates a primitive group. Finally, a concrete instance of real-world size wave cipher is proposed as an example, and its resistance against differential and linear cryptanalyses is also established.

One of the basic problems in secret sharing is to determine the exact values of the information ratio of the access structures. This task is important from the practical point of view, since the security of any system degrades as the amount of secret information increases.

A Dutch windmill graph consists of the edge-disjoint cycles such that all of them meet in one vertex. In this paper, we determine the exact information ratio of secret sharing schemes on the Dutch windmill graphs. Furthermore, we determine the exact ratio of some related graph families.

In the recent work [9], a combinatorial problem concerning linear codes over a finite field \begin{document}$\mathbb{F}_q$\end{document} was introduced. In that work the authors studied the weight set of an \begin{document}$[n,k]_q$\end{document} linear code, that is the set of non-zero distinct Hamming weights, showing that its cardinality is bounded above by \begin{document}$\frac{q^k-1}{q-1}$\end{document}. They showed that this bound was sharp in the case \begin{document}$ q = 2 $\end{document}, and in the case \begin{document}$ k = 2 $\end{document}. They conjectured that the bound is sharp for every prime power \begin{document}$ q $\end{document} and every positive integer \begin{document}$ k $\end{document}. In this work we quickly establish the truth of this conjecture. We provide two proofs, each employing different construction techniques. The first relies on the geometric view of linear codes as systems of projective points. The second approach is purely algebraic. We establish some lower bounds on the length of codes that satisfy the conjecture, and the length of the new codes constructed here are discussed.

We revisit the factoring with known bits problem on RSA moduli. In 1996, Coppersmith showed that the RSA modulus \begin{document}$N = pq$\end{document} with balanced \begin{document}$p,q$\end{document} can be efficiently factored, if the high order \begin{document}$\frac{1}{4} \log_2 N$\end{document} bits of one prime factor is given. Later, this important result is also generalized to the factorization of RSA variants moduli such as \begin{document}$N = p^r q$\end{document} or \begin{document}$N = p_1 p_2 ··· p_n$\end{document}. In 2000, Lim et al. proposed a new RSA variant with the modulus of the form \begin{document}$N = p^r q^s$\end{document}, which is much faster in the decryption process than the standard RSA. Then from 2015 to 2018, in order to investigate the security property of this RSA variant, Lu et al. and Coron et al. have presented three works studying the polynomial-time factorization of \begin{document}$N = p^r q^s$\end{document} with partial known bits of \begin{document}$p^u q^v$\end{document} (or one of the prime factors \begin{document}$p,q$\end{document}) for different choices of \begin{document}$u, v$\end{document}. In this paper, we present a new lattice construction used for Coppersmith's method, and thus improve previous results. Namely, our result requires fewer known bits to recover the prime factors \begin{document}$p,q$\end{document}. We also generalize our result to the factorization of \begin{document}$N = p_1^{r_1}p_2^{r_2}··· p_n^{r_n}$\end{document}.

Cyclic codes over finite field have been studied for decades due to their wide applications in communication and storage systems. However their weight distributions are known only in a few cases. In this paper, we investigate a class of \begin{document}$ p$\end{document}-ary cyclic codes whose duals have three zeros, where \begin{document}$ p$\end{document} is an odd prime. The weight distributions of the class of cyclic codes for all distinct cases are determined explicitly. The results indicate that these codes contain five-weight codes, seven-weight codes and eleven-weight codes. Some of these codes are optimal. Moreover, the covering structures of the class of codes are considered and being used to construct secret sharing schemes.

In this paper, we construct cyclic DNA codes over the ring \begin{document} $R = \mathbb{F}_2[u,v]/\langle u^3, v^2-v, vu-uv\rangle$ \end{document}. The correspondence between the elements of \begin{document} $R$ \end{document} and the alphabet \begin{document} $\{A,T,G,C\}^{3}$ \end{document} is obtained by a given Gray map. Moreover, some properties of binary images of the Condons under the Gray map are also discussed. Finally, two examples of cyclic DNA codes over \begin{document} $R$ \end{document} are presented to illustrate the obtained results.

Based on the existence of designs for the derived and residual parameters of admissible parameter sets of designs over finite fields we obtain a new infinite series of designs over finite fields for arbitrary prime powers \begin{document}$q$\end{document} with parameters \begin{document}$2\text{-}(8,4,\frac{(q^6-1)(q^3-1)}{(q^2-1)(q-1)};q)$\end{document} as well as designs with parameters \begin{document}$2\text{-}(10,4,85λ;2)$\end{document}, \begin{document}$2\text{-}(10,5,765λ;2)$\end{document}, \begin{document}$2\text{-}(11,5,6205λ;2)$\end{document}, \begin{document}$2\text{-}(11,5,502605λ;2)$\end{document}, and \begin{document}$2\text{-}(12,6,423181λ;2)$\end{document} for \begin{document}$λ = 7,12,19,21,22,24,31,36,42,43,48,49,55,60,63$\end{document}.

This paper investigates the existence, enumeration, and asymptotic performance of self-dual and LCD double circulant codes over Galois rings of characteristic \begin{document} $p^2$ \end{document} and order \begin{document} $p^4$ \end{document} with \begin{document} $p$ \end{document} an odd prime. When \begin{document} $p \equiv 3 \ ({\rm mod} \ 4),$ \end{document} we give a method to construct a duality preserving bijective Gray map from such a Galois ring to \begin{document} $\mathbb{Z}_{p^2}^2.$ \end{document} Closed formed enumeration formulas for double circulant codes that are self-dual (resp. LCD) are derived as a function of the length of these codes. Using random coding, we obtain families of asymptotically good self-dual and LCD codes over \begin{document} $\mathbb{Z}_{p^2}$ \end{document} with respect to the metric induced by the standard \begin{document} ${\mathbb{F}}_p$ \end{document}-valued Gray maps.

We identify a flaw in the security proof and a flaw in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and discuss the implications to its concrete security.

Let \begin{document}$\Bbb F_q$\end{document} be the finite field with \begin{document}$q = p^m$\end{document} elements, where \begin{document}$p$\end{document} is an odd prime and \begin{document}$m$\end{document} is a positive integer. For a positive integer \begin{document}$t$\end{document}, let \begin{document}$D \subset \Bbb F_q^t$\end{document} and let \begin{document}$\mbox{Tr}_m$\end{document} be the trace function from \begin{document}$\Bbb F_q$\end{document} onto \begin{document}$\Bbb F_p$\end{document}. We define a \begin{document}$p$\end{document}-ary linear code \begin{document}$\mathcal C_D$\end{document} by

\begin{document} $ \mathcal C_D = \{\textbf{c}(a_1,a_2, ..., a_t): a_1, a_2, ..., a_t ∈ \Bbb F_{p^m}\}, $ \end{document}

where

\begin{document}$\textbf{c}(a_1,a_2, ..., a_t) = \big(\mbox{Tr}_m(a_1x_1+a_2x_2+···+a_tx_t)\big)_{(x_1,x_2, ..., x_t)∈ D}.$ \end{document}

In this paper, we will present the weight enumerators of the linear codes \begin{document}$\mathcal C_D$\end{document} in the following two cases:

1. \begin{document}$D = \{(x_1,x_2, ..., x_t) ∈ \Bbb F_q^t \setminus \{(0,0, ..., 0)\}: \mbox{Tr}_m(x_1^2+x_2^2+···+x_t^2) = 0\}$\end{document};

2. \begin{document}$D = \{(x_1,x_2, ..., x_t) ∈ \Bbb F_q^t: \mbox{Tr}_m(x_1^2+x_2^2+···+x_t^2) = 1\}$\end{document}.

It is shown that \begin{document}$\mathcal C_D$\end{document} is a two-weight code if \begin{document}$tm$\end{document} is even and three-weight code if \begin{document}$tm$\end{document} is odd in both cases. The weight enumerators of \begin{document}$\mathcal C_D$\end{document} in the first case generalize the results in [17] and [18]. The complete weight enumerators of \begin{document}$\mathcal C_D$\end{document} are also investigated.