Interleaving Loidreau’s Rank-Metric Cryptosystem

Renner, Julian; Puchinger, Sven; Wachter-Zeh, Antonia

doi:10.1109/redundancy48165.2019.9003318

Cited by 8 publications

(5 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ideas of using interleaved codes in the McEliece system (Elleuch et al, 2018;Holzbaur et al, 2019) were combined with Loidreau's GPT variant (Loidreau, 2017) in (Renner et al, 2019a). That means, u parallel ciphertexts are considered where each is a codeword from Loidreau's Gabidulin code (i.e., a Gabidulin code scrambled with a matrix that contains elements from a subspace, (see Loidreau, 2017)) with rank multipliers plus a rank burst error (i.e., all the errors lie in a common row space).…”

Section: Interleaving Loidreau's Gpt Systemmentioning

confidence: 99%

“…The dimension of the total row space of the parallel errors is restricted by u u+1 n−k 2 . In (Renner et al, 2019a), it was shown that in principle, Loidreau's system can be interleaved using classical decoders for interleaved Gabidulin codes. Similar to (Holzbaur et al, 2019), an attack based on an error code can be prevented by choosing the error matrix in a suitable way.…”

Section: Interleaving Loidreau's Gpt Systemmentioning

confidence: 99%

See 1 more Smart Citation

Rank-Metric Codes and Their Applications

Bartz

Holzbaur

Liu

et al. 2022

FNT in Communications and Information Theory

View full text Add to dashboard Cite

The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size. In distributed data storage, codes in the rank metric have been used repeatedly to construct codes with locality, and in coded caching, they have been employed for the placement of coded symbols. This survey gives a general introduction to rank-metric codes, explains their most important applications, and highlights their relevance to these areas of research.Codes in the rank metric have drawn increasing interest in recent years due to their application to cryptography, distributed storage and network coding. The survey by Gorla and Ravagnani (2018) mainly focuses on combinatorial properties of rank-metric codes, while the one by Sheekey (2019a) considers MRD codes and their properties. In particular, Gorla and Ravagnani (2018) and Gorla ( 2019) treat (amongst others): isometries, anticodes, duality, MacWilliams identities, generalized weights in the rank metric. We will therefore not considers these topics in this survey. An English version of the textbook by Gabidulin (2021) has been published recently which contains a collection of Gabidulin's results in the area of rank-metric codes. Our survey deals shortly with properties of rank-metric codes, but the main focus is on their decoding and their applications to code-based cryptography, storage, and network coding.In this chapter, we give an introduction to rank-metric codes, their properties and decoding. In Section 2.1, we provide the basic notation used in this survey. Section 2.2 defines linearized polynomials and recalls some basic properties. In Section 2.3, we define the rank metric and state bounds on the cardinality of rank-metric codes, i.e., spherepacking, Gilbert-Varshamov, and Singleton-like bounds. Section 2.4, 2.5 and 2.6 provide the weight distribution of rank metric codes, constant-rank codes and covering property of rank-metric codes, respectively. Section 2.7 defines Gabidulin codes, proves their minimum rank distance and gives generator and parity-check matrices. In Section 2.8, we describe syndrome-based decoding of Gabidulin codes, i.e., we prove the key equation, show how to solve it and how to reconstruct the final error. We also outline error-erasure decoding and summarize known fast decoders. In Section 2.9, we discuss results on list decoding of Gabidulin codes. Further, we introduce interleaved Gabidulin codes (Section 2.10), folded Gabidulin codes (Section 2.11) and summarize further classes of MRD codes (Section 2.13).

show abstract

Section: Interleaving Loidreau's Gpt Systemmentioning

confidence: 99%

Section: Interleaving Loidreau's Gpt Systemmentioning

confidence: 99%

Rank-Metric Codes and Their Applications

Bartz

Holzbaur

Liu

et al. 2022

FNT in Communications and Information Theory

View full text Add to dashboard Cite

show abstract

“…Faure and Loidreau [96] proposed a rank-metric analog of the AF system, thus relying the security on the hardness of reconstructing p-polynomials. Also this proposal has been subject to algebraic attacks [103] and to repair attempts [218,189,188,143] which have been broken in [62]. Note that the AF system can be broken through list decoding of RS codes and in the same manner, the Faure-Loidreau system can be broken via list decoding of Gabidulin codes.…”

Section: Code Proposed In Attackmentioning

confidence: 99%

A Survey on Code-Based Cryptography

Weger¹,

Gassner²,

Rosenthal³

2022

Preprint

View full text Add to dashboard Cite

The improvements on quantum technology are threatening our daily cybersecurity, as a capable quantum computer can break all currently employed asymmetric cryptosystems. In preparation for the quantum-era the National Institute of Standards and Technology (NIST) has initiated a standardization process for public-key encryption (PKE) schemes, key-encapsulation mechanisms (KEM) and digital signature schemes. With this chapter we aim at providing a survey on code-based cryptography, focusing on PKEs and signature schemes. We cover the main frameworks introduced in code-based cryptography and analyze their security assumptions. We provide the mathematical background in a lecture notes style, with the intention of reaching a wider audience.

show abstract

“…As in [17], we consider the following model of channel: The error positions are all taken in the same q-ary vector space E, of dimension t, i.e, every error vector e = (e 1 , . .…”

Section: A Decoding Of Interleaved Codementioning

confidence: 99%