P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A - - PowerPoint PPT Presentation

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

• I. MÁRQUEZ-CORBELLA 1
• R. PELLIKAAN 2

1INRIA Rocquencourt - SECRET Team

• 2Dept. of Mathematics and Computing Science, Eindhoven University of Technology

IICMA 2015 The 3rd IndoMS International Conference

• n Mathematics and Its Applications

Depok, Indonesia, 3 November 2015

1 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

1

PUBLIC-KEY CRYPTOGRAPHY

2

CODE BASED CRYPTOGRAPHY

3

PREREQUISITES

Error-correcting codes Star Product GRS codes

4

ERROR-CORRECTING PAIRS

Decoding algorithm for GRS - ECP Codes with a t-ECP ECP one-way function

5

CONCLUSION

2 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PUBLIC-KEY CRYPTOGRAPHY (PKC)

Diffie and Hellman in 1976 in the public domain Ellis in 1970 for secret service, not made public until 1997 advantage with respect to symmetric-key cryptography no exchange of secret key between sender and receiver

3 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ONE-WAY FUNCTION

At the heart of any public-key cryptosystem is a

• ne-way function

a function y = f(x) that is easy to evaluate but for which it is computationally infeasible, one hopes to find the inverse x = f −1(y) Example differentiation a function is easy integrating a function is difficult

4 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PUBLIC KEY CRYPTOGRAPHY

EASY HARD EASY

(given the TRAPDOOR information)

Trapdoor one-way function

5 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

INTEGER FACTORIZATION

x = (p, q) is a pair of distinct prime numbers y = pq is its product proposed by Cocks in 1973 in secret service Rivest-Shamir-Adleman (RSA) in 1978 in public domain based on the hardness of factorizing integers

6 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

DISCRETE LOGARITHM

G is a group (written multiplicatively) with a ∈ G and x an integer y = ax proposed by Williamson in 1974 in secret service Diffie-Hellman in 1974 and 1976 in public domain based on difficulty of finding discrete logarithms in a finite field

7 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PREPARING FOR THE CRYPTOPOCALYPSE

MOST PKC ARE BASED ON NUMBER-THEORETIC PROBLEMS

8 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PREPARING FOR THE CRYPTOPOCALYPSE

MOST PKC ARE BASED ON NUMBER-THEORETIC PROBLEMS ➜ It can be attacked in polynomial time using Shor’s algorithm RSA DSA ECC ECDSA HECC

8 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PREPARING FOR THE CRYPTOPOCALYPSE

MOST PKC ARE BASED ON NUMBER-THEORETIC PROBLEMS ➜ It can be attacked in polynomial time using Shor’s algorithm RSA DSA ECC ECDSA HECC

Code-based Cryptography is a powerful alternative

8 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODE BASED CRYPTOGRAPHY

h1, . . . , hn is a given n-tuple of vectors in Fr

q

x is an n-tuple of elements in Fq y = n

j=1 xjhj

proposed by McEliece in 1978 based on the difficulty of decoding error-correcting codes it is NP complete

9 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

TRAPDOOR ONE-WAY FUNCTIONS - DECODER EASY

Encoder = Matrix Multiplication

10 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

TRAPDOOR ONE-WAY FUNCTIONS - DECODER EASY

Encoder = Matrix Multiplication

HARD

Decoding is NP-complete

10 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

TRAPDOOR ONE-WAY FUNCTIONS - DECODER EASY

Encoder = Matrix Multiplication

HARD

Decoding is NP-complete

EASY(with TRAPDOOR information)

Efficient decoder for certain families of codes

10 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

MCELIECE CRYPTOSYSTEM

➜ McEliece introduced the first PKC based

• n Error-Correcting Codes in 1978.

Advantages: ➣ Fast encryption (matrix-vector multiplication) and decryption functions. ➣ Interesting candidate for post-quantum cryptography. Drawback: ➣ Large key size.

• R. J. McEliece.

A public-key cryptosystem based on algebraic coding theory. DSN Progress Report, 42-44:114-116, 1978. 11 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Consider

• F
• family of codes

12 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Consider

• F
• family of codes

with an efficient decoding algorithm

12 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Consider

• F
• family of codes

with an efficient decoding algorithm Indistinguishable from random codes

12 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Consider

• F
• family of codes

with an efficient decoding algorithm Indistinguishable from random codes Key Generation Algorithm: G ∈ Fk×n

q

a generator matrix for C ∈ F AC an “Efficient” decoding algorithm for C which corrects up to t errors. Public Key: Kpub = (G, t) Private Key: Ksecret = (AC)

12 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Encryption Algorithm: Encrypt a message m ∈ Fk

q as

ENCRYPT(m) = mG + e = y where e is a random error vector of weight at most t.

13 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

THE MCELIECE CRYPTOSYSTEM

Encryption Algorithm: Encrypt a message m ∈ Fk

q as

ENCRYPT(m) = mG + e = y where e is a random error vector of weight at most t. Decryption Algorithm: Using Ksecret, the receiver obtain m. DECRYPT(y) = AC(y) = m

13 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

INNER PRODUCT AND DUAL CODE

The inner product on Fn

q is defined by

x · y = x1y1 + · · · + xnyn This inner product is bilinear, symmetric and non-degenerate For an [n, k]q code C we define the dual or orthogonal code C⊥ as C⊥ = { x ∈ Fn

q | c · x = 0 for all c ∈ C }

14 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

NOTATION AND PREREQUISITES

Fq: Finite field with q elements. An [n, k]q linear code C over Fq is a k-dimensional subspace of Fn

q

The Hamming weight of x ∈ Fn

q is wH(x).

Let C be a linear code over Fq we will denote by: n(C): Length , k(C): Dimension and d(C): Minimum distance

15 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

NOTATION AND PREREQUISITES

Fq: Finite field with q elements. An [n, k]q linear code C over Fq is a k-dimensional subspace of Fn

q

The Hamming weight of x ∈ Fn

q is wH(x).

Let C be a linear code over Fq we will denote by: n(C): Length , k(C): Dimension and d(C): Minimum distance MDS CODES - SINGLETON BOUND d(C) ≤ n(C) − k(C) + 1 If the equality holds = ⇒ C is an MDS code

15 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

NOTATION AND PREREQUISITES

Fq: Finite field with q elements. An [n, k]q linear code C over Fq is a k-dimensional subspace of Fn

q

The Hamming weight of x ∈ Fn

q is wH(x).

Let C be a linear code over Fq we will denote by: n(C): Length , k(C): Dimension and d(C): Minimum distance MDS CODES - SINGLETON BOUND d(C) ≤ n(C) − k(C) + 1 If the equality holds = ⇒ C is an MDS code EXAMPLES

1 The zero code of length n (i.e. the [n, 0, n + 1] linear code) and its

dual (i.e. Fn

q which has parameters [n, n, 1]).

2 The [n, 1, n] repetition code over Fq 3 The (Extended/Generalized) Reed-Solomon codes 15 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

STAR PRODUCT

Given two vectors a = (a1, . . . , an) ∈ Fn

q and b = (b1, . . . , bn) ∈ Fn q we

denote by a ∗ b the componentwise product: a ∗ b = (a1b1, . . . , anbn)

16 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

STAR PRODUCT

Given two vectors a = (a1, . . . , an) ∈ Fn

q and b = (b1, . . . , bn) ∈ Fn q we

denote by a ∗ b the componentwise product: a ∗ b = (a1b1, . . . , anbn) STAR PRODUCT OF CODES Let A and B be Fq-codes of length n. The star product code denoted by A ∗ B is: A ∗ B = {a ∗ b | a ∈ A and b ∈ B} When B = A, then A ∗ A is called the square of A and is denoted by A2

16 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q.

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k}

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq A basis for Lk is

• 1, X, X 2, . . . , X k−1

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq A basis for Lk is

• 1, X, X 2, . . . , X k−1

Evaluation Map: eva,b Lk − → Fn

q

f(X) − → b ∗ f(a) = (b1f(a1), . . . , bnf(an))

17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j.

➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq A basis for Lk is

• 1, X, X 2, . . . , X k−1

Evaluation Map: eva,b Lk − → Fn

q

f(X) − → b ∗ f(a) = (b1f(a1), . . . , bnf(an)) THE GENERALIZED REED-SOLOMON CODE (GRS) GRSk(a, b) =

• eva,b (f) | f ∈ Lk
• 17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j. =

⇒ code locators ➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i.

Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq A basis for Lk is

• 1, X, X 2, . . . , X k−1

Evaluation Map: eva,b Lk − → Fn

q

f(X) − → b ∗ f(a) = (b1f(a1), . . . , bnf(an)) THE GENERALIZED REED-SOLOMON CODE (GRS) GRSk(a, b) =

• eva,b (f) | f ∈ Lk
• 17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

GENERALIZED REED-SOLOMON CODES

➜ n, k nonnegative integers such that 1 ≤ k ≤ n ≤ q. ➜ a = (a1, . . . , an) ∈ Fn

q with ai = aj for all i = j. =

⇒ code locators ➜ b = (b1, . . . , bn) ∈ Fn

q with bi = 0 for all i. =

⇒ column multipliers Polynomial Vector Space: Lk = {f(X) ∈ Fq[X] | deg(f) < k} Lk is a vector space of dimension k over Fq A basis for Lk is

• 1, X, X 2, . . . , X k−1

Evaluation Map: eva,b Lk − → Fn

q

f(X) − → b ∗ f(a) = (b1f(a1), . . . , bnf(an)) THE GENERALIZED REED-SOLOMON CODE (GRS) GRSk(a, b) =

• eva,b (f) | f ∈ Lk
• 17 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PROPERTIES OF GRS CODES

PROPOSITION: PARAMETERS OF GRS CODES The GRSk(a, b) is an [n, k]q code with minimum distance d = n − k + 1

18 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PROPERTIES OF GRS CODES

PROPOSITION: PARAMETERS OF GRS CODES The GRSk(a, b) is an [n, k]q code with minimum distance d = n − k + 1 C is MDS ⇐ ⇒ C⊥ is MDS

18 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

PROPERTIES OF GRS CODES

PROPOSITION: PARAMETERS OF GRS CODES The GRSk(a, b) is an [n, k]q code with minimum distance d = n − k + 1 C is MDS ⇐ ⇒ C⊥ is MDS PROPOSITION: THE DUAL CODE OF A GRS CODE IS A GRS CODE GRSk(a, b)⊥ = GRSn−k(a, b′)

18 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CANONICAL GENERATOR MATRIX FOR GRS

19 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CANONICAL GENERATOR MATRIX FOR GRS

One basis for Lk is

• 1, X, X 2, . . . , X k−1

19 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CANONICAL GENERATOR MATRIX FOR GRS

One basis for Lk is

• 1, X, X 2, . . . , X k−1

Thus,

• eva,b(1) , eva,b(X) , eva,b(X 2) , . . . eva,b(X k−1)
• gives a

generator matrix for GRSk(a, b)

19 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CANONICAL GENERATOR MATRIX FOR GRS

One basis for Lk is

• 1, X, X 2, . . . , X k−1

Thus,

• eva,b(1) , eva,b(X) , eva,b(X 2) , . . . eva,b(X k−1)
• gives a

generator matrix for GRSk(a, b) G =         1 1 . . . 1 a1 a2 . . . an a2

1

a2

2

. . . a2

n

. . . . . . ... . . . ak−1

1

ak−1

2

. . . ak−1

n

               b1 b2 ... bn        =         b1 b2 . . . bn b1a1 b2a2 . . . bnan b1a2

1

b2a2

2

. . . bna2

n

. . . . . . ... . . . b1ak−1

1

b2ak−1

2

. . . bnak−1

n

        =        b ∗ 1 b ∗ a b ∗ a2 . . . b ∗ ak−1        ∈ Fk×n

q

19 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

ERROR-CORRECTING PAIRS (ECP) Let: ➜ C be an [n, K(C)]q code. and

• R. Pellikaan

On decoding by error location and dependent sets

• f error positions.

Discrete Math., 106–107: 369–381 (1992).

• R. Kötter.

A unified description of an error locating procedure for linear codes. In Proceedings of Algebraic and Combinatorial Coding Theory, 113–117. Voneshta Voda (1992). 20 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

ERROR-CORRECTING PAIRS (ECP) Let: ➜ C be an [n, K(C)]q code. and ➜ A be an [n, K(A)]qm code ➜ B be an [n, K(B)]qm code

• R. Pellikaan

On decoding by error location and dependent sets

• f error positions.

Discrete Math., 106–107: 369–381 (1992).

• R. Kötter.

A unified description of an error locating procedure for linear codes. In Proceedings of Algebraic and Combinatorial Coding Theory, 113–117. Voneshta Voda (1992). 20 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

ERROR-CORRECTING PAIRS (ECP) Let: ➜ C be an [n, K(C)]q code. and ➜ A be an [n, K(A)]qm code ➜ B be an [n, K(B)]qm code (A, B) is a t-ECP for C if the following properties hold: E.1 (A ∗ B) ⊥ C. E.2 K(A) > t. E.3 d(B⊥) > t. E.4 d(A) + d(C) > n.

• R. Pellikaan

On decoding by error location and dependent sets

• f error positions.

Discrete Math., 106–107: 369–381 (1992).

• R. Kötter.

A unified description of an error locating procedure for linear codes. In Proceedings of Algebraic and Combinatorial Coding Theory, 113–117. Voneshta Voda (1992). 20 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

ERROR-CORRECTING PAIRS (ECP) Let: ➜ C be an [n, K(C)]q code. and ➜ A be an [n, K(A)]qm code ➜ B be an [n, K(B)]qm code (A, B) is a t-ECP for C if the following properties hold: E.1 (A ∗ B) ⊥ C. E.2 K(A) > t. E.3 d(B⊥) > t. E.4 d(A) + d(C) > n. An [n, k]q code which has a t-ECP over Fqm has an efficient decoding algorithm.

• R. Pellikaan

On decoding by error location and dependent sets

• f error positions.

Discrete Math., 106–107: 369–381 (1992).

• R. Kötter.

A unified description of an error locating procedure for linear codes. In Proceedings of Algebraic and Combinatorial Coding Theory, 113–117. Voneshta Voda (1992). 20 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let C = GRSk(c, d) = ⇒ C⊥ = GRSn−k(c, d⊥)

21 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let C = GRSk(c, d) = ⇒ C⊥ = GRSn−k(c, d⊥) Consider the codes

A = GRSt+1(c, d⊥)

and

B = GRSt(c, 1)

21 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let C = GRSk(c, d) = ⇒ C⊥ = GRSn−k(c, d⊥) Consider the codes

A = GRSt+1(c, d⊥)

and

B = GRSt(c, 1)

sent codeword y = c + e received word error vector

21 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let C = GRSk(c, d) = ⇒ C⊥ = GRSn−k(c, d⊥) Consider the codes

A = GRSt+1(c, d⊥)

and

B = GRSt(c, 1)

sent codeword y = c + e received word error vector Define:

Ky =

• a ∈ A | y, a ∗ b = 0 , for all b ∈ B
• 21 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1)

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥)

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥)

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b = c + e, a ∗ b

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b = c + e, a ∗ b = c, a ∗ b

• =0

+ e, a ∗ b

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b = e, a ∗ b

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke?

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b = e, a ∗ b Or equivalently, Ky = Ke

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Ky = Ke? YES, since A ∗ B = C⊥

Take notice that: A ∗ B = GRSt+1(c, d⊥) ∗ GRSt(c, 1) = GRS2t(c, d⊥) = GRSn−k(c, d⊥) = C⊥ Thus, for all a ∈ A and b ∈ B y, a ∗ b = e, a ∗ b Or equivalently, Ky = Ke

22 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES There exists a nonzero a ∈ Ky?

23 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES There exists a nonzero a ∈ Ky?

We define f(X) =

• i∈supp(e)

(X − ci) = ⇒ deg(f) = t < t + 1, i.e. f ∈ Lt+1

23 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES There exists a nonzero a ∈ Ky?

We define f(X) =

• i∈supp(e)

(X − ci) = ⇒ deg(f) = t < t + 1, i.e. f ∈ Lt+1 a = d⊥ ∗ f(c) = evc,d⊥(f) ∈ A = GRSt+1(c, d⊥)

23 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES There exists a nonzero a ∈ Ky?

We define f(X) =

• i∈supp(e)

(X − ci) = ⇒ deg(f) = t < t + 1, i.e. f ∈ Lt+1 a = d⊥ ∗ f(c) = evc,d⊥(f) ∈ A = GRSt+1(c, d⊥) Moreover, a ∗ e = 0. Thus a ∈ Ky

23 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES There exists a nonzero a ∈ Ky? YES, since K(A) > t

We define f(X) =

• i∈supp(e)

(X − ci) = ⇒ deg(f) = t < t + 1, i.e. f ∈ Lt+1 a = d⊥ ∗ f(c) = evc,d⊥(f) ∈ A = GRSt+1(c, d⊥) Moreover, a ∗ e = 0. Thus a ∈ Ky

23 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Let a ∈ Ky, a = 0 = ⇒ supp(e) ⊆ supp(a)?

24 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Let a ∈ Ky, a = 0 = ⇒ supp(e) ⊆ supp(a)?

Indeed, 0 = e, a ∗ b = e ∗ a, b = ⇒ e ∗ a ∈ B⊥

24 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Let a ∈ Ky, a = 0 = ⇒ supp(e) ⊆ supp(a)?

Indeed, 0 = e, a ∗ b = e ∗ a, b = ⇒ e ∗ a ∈ B⊥ But wH(e ∗ a) ≤ wH(e) < t < d(B⊥)

24 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Let a ∈ Ky, a = 0 = ⇒ supp(e) ⊆ supp(a)?

Indeed, 0 = e, a ∗ b = e ∗ a, b = ⇒ e ∗ a ∈ B⊥ But wH(e ∗ a) ≤ wH(e) < t < d(B⊥) Thus e ∗ a = 0, i.e. supp(e) ⊆ {1, . . . , n} − supp(a) = supp(a)

24 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES Let a ∈ Ky, a = 0 = ⇒ supp(e) ⊆ supp(a)? YES, since d(B⊥) > t

Indeed, 0 = e, a ∗ b = e ∗ a, b = ⇒ e ∗ a ∈ B⊥ But wH(e ∗ a) ≤ wH(e) < t < d(B⊥) Thus e ∗ a = 0, i.e. supp(e) ⊆ {1, . . . , n} − supp(a) = supp(a)

24 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

Is the solution unique?

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

Is the solution unique?

Suppose that e1 and e2 are solutions of the above system.

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

Is the solution unique?

Suppose that e1 and e2 are solutions of the above system. Then, e1, a ∗ b = e2, a ∗ b with supp(e1) ⊆ supp(a) supp(e2) ⊆ supp(a)

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

Is the solution unique?

Suppose that e1 and e2 are solutions of the above system. Then, e1, a ∗ b = e2, a ∗ b with supp(e1) ⊆ supp(a) supp(e2) ⊆ supp(a) Then e1 − e2 ∈ C, but wH(e1 − e2) ≤ n − |supp(a)| ≤ d(C) − 1 which contradicts the minimality of d(C).

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

AN EFFICIENT DECODING ALGORITHM FOR GRS CODES

Let a ∈ Ky such that a = 0. If wH(e) ≤ t, then e is a solution of: y, a ∗ b = e, a ∗ b for all b ∈ B with ej = 0 for all j ∈ supp(a)

Is the solution unique? YES, since d(A) + d(C) > n

Suppose that e1 and e2 are solutions of the above system. Then, e1, a ∗ b = e2, a ∗ b with supp(e1) ⊆ supp(a) supp(e2) ⊆ supp(a) Then e1 − e2 ∈ C, but wH(e1 − e2) ≤ n − |supp(a)| ≤ d(C) − 1 which contradicts the minimality of d(C).

25 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

Let (A, B) be a t-ECP for C. sent codeword y = c + e with wH(e) ≤ t received word error vector

26 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

Let (A, B) be a t-ECP for C. sent codeword y = c + e with wH(e) ≤ t received word error vector

1 There exists a ∈ A, a = 0 such that

y, a ∗ b = 0 for all b ∈ B (1)

26 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

Let (A, B) be a t-ECP for C. sent codeword y = c + e with wH(e) ≤ t received word error vector

1 There exists a ∈ A, a = 0 such that

y, a ∗ b = 0 for all b ∈ B (1)

2 For every solution a ∈ A of (1) we have that:

a ∗ e = 0

26 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

Let (A, B) be a t-ECP for C. sent codeword y = c + e with wH(e) ≤ t received word error vector

1 There exists a ∈ A, a = 0 such that

y, a ∗ b = 0 for all b ∈ B (1)

2 For every solution a ∈ A of (1) we have that:

a ∗ e = 0

3 Since d(A) + d(C) ≥ n. Then, e is the unique solution of:

e, a ∗ b = 0 with e ∗ a = 0 for all b ∈ B

26 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

➜ t-ECP for Generalized Reed-Solomon (GRS) codes

• I. Duursma

Decoding codes from curves and cyclic codes. Ph.D thesis, Eindhoven University of Technology (1993)

• I. Duursma, R. Kötter.

Error-locating pairs for cyclic codes. IEEE Trans. Inform. Theory, Vol.40, 1108–1121 (1994) 27 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

➜ t-ECP for Generalized Reed-Solomon (GRS) codes Let D be a code that has (A, B) as t-ECP and suppose that C ⊆ D. Then (A, B) is also a t-ECP for C. In particular subcodes of GRS codes have a t-ECP

➜ t-ECP for Alternant codes ➜ t-ECP for Goppa codes

• I. Duursma

Decoding codes from curves and cyclic codes. Ph.D thesis, Eindhoven University of Technology (1993)

• I. Duursma, R. Kötter.

Error-locating pairs for cyclic codes. IEEE Trans. Inform. Theory, Vol.40, 1108–1121 (1994) 27 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

➜ t-ECP for Generalized Reed-Solomon (GRS) codes Let D be a code that has (A, B) as t-ECP and suppose that C ⊆ D. Then (A, B) is also a t-ECP for C. In particular subcodes of GRS codes have a t-ECP

➜ t-ECP for Alternant codes ➜ t-ECP for Goppa codes

➜ t-ECP for Algebraic-Geometric (AG) codes

• I. Duursma

Decoding codes from curves and cyclic codes. Ph.D thesis, Eindhoven University of Technology (1993)

• I. Duursma, R. Kötter.

Error-locating pairs for cyclic codes. IEEE Trans. Inform. Theory, Vol.40, 1108–1121 (1994) 27 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ERROR-CORRECTING PAIRS (ECP)

➜ t-ECP for Generalized Reed-Solomon (GRS) codes Let D be a code that has (A, B) as t-ECP and suppose that C ⊆ D. Then (A, B) is also a t-ECP for C. In particular subcodes of GRS codes have a t-ECP

➜ t-ECP for Alternant codes ➜ t-ECP for Goppa codes

➜ t-ECP for Algebraic-Geometric (AG) codes ➜ t-ECP for Cyclic codes

• I. Duursma

Decoding codes from curves and cyclic codes. Ph.D thesis, Eindhoven University of Technology (1993)

• I. Duursma, R. Kötter.

Error-locating pairs for cyclic codes. IEEE Trans. Inform. Theory, Vol.40, 1108–1121 (1994) 27 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

GRS codes

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Alternant codes Goppa codes GRS codes

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Subcodes

• f GRS codes

Alternant codes Goppa codes GRS codes

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Subcodes

• f AG codes

AG codes Subcodes

• f GRS codes

Alternant codes Goppa codes AG codes Reed Muller codes GRS codes

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Subcodes

• f AG codes

AG codes Subcodes

• f GRS codes

Alternant codes Goppa codes Reed Muller codes GRS codes GRS codes Reed-Muller codes

Broken Unbroken Subcodes of GRS

• f small dimension

(Unbroken) AG codes of Low genus (Broken)

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Subcodes

• f AG codes

Subcodes

• f AG codes

AG codes Subcodes

• f GRS codes

Subcodes

• f GRS codes

Alternant codes Goppa codes Reed Muller codes GRS codes GRS codes Reed-Muller codes AG codes GRS codes

Broken Unbroken Subcodes of GRS

• f small dimension

(Unbroken) AG codes of Low genus (Broken) Easy to retrieve an ECP

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CODES WITH A T-ECP

Subcodes

• f AG codes

Subcodes

• f AG codes

Subcodes

• f GRS codes

Subcodes

• f GRS codes

Alternant codes Goppa codes Reed Muller codes GRS codes GRS codes Reed-Muller codes AG codes GRS codes

Broken Unbroken Subcodes of GRS

• f small dimension

(Unbroken) AG codes of Low genus (Broken) New results in Wild Goppa codes (Broken) Easy to retrieve an ECP

28 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

ECP ONE-WAY FUNCTION

P(n, t, q) is the collection of pairs (A, B) that satisfy E.2 k(A) > E.5 d(A⊥) > 1 E.3 d(B⊥) > t E.6 d(A) + 2t > n Let C = Fn

q ∩ (A ∗ B)⊥.

Then d(C) is at least 2t + 1 and (A, B) is a t-ECP for C F(n, t, q) is the collection of Fq-linear codes of length n and minimum distance d ≥ 2t + 1 Consider the following map ϕ(n,t,q) : P(n, t, q) − → F(n, t, q) (A, B) − → C The question is whether this map is a one-way function.

29 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

CONCLUSION

MAIN RESULT Many known classes of codes that have have decoding algorithm correcting t-errors have a t-ECP and are not suitable for a code based PKC Future Question:Is the ECP map a one-way function?

30 / 31

ERROR-CORRECTING PAIRS

FOR A PUBLIC-KEY CRYPTOSYSTEM

PUBLIC-KEY CRYPTOGRAPHY CODE BASED

CRYPTOGRAPHY

PREREQUISITES

ERROR-CORRECTING CODES STAR PRODUCT GRS CODES

ERROR-CORRECTING PAIRS

DECODING ALGORITHM FOR GRS - ECP CODES WITH A T-ECP ECP ONE-WAY FUNCTION

CONCLUSION

Thank you for your attention!

31 / 31