Chapter

Advances in Cryptology – ASIACRYPT 2011

Volume 7073 of the series Lecture Notes in Computer Science pp 107-124

Decoding Random Linear Codes in \(\tilde{\mathcal{O}}(2^{0.054n})\)

  • Alexander MayAffiliated withFaculty of Mathematics, Horst Görtz Institute for IT-Security, Ruhr-University Bochum
  • , Alexander MeurerAffiliated withFaculty of Mathematics, Horst Görtz Institute for IT-Security, Ruhr-University Bochum
  • , Enrico ThomaeAffiliated withFaculty of Mathematics, Horst Görtz Institute for IT-Security, Ruhr-University Bochum

Abstract

Decoding random linear codes is a fundamental problem in complexity theory and lies at the heart of almost all code-based cryptography. The best attacks on the most prominent code-based cryptosystems such as McEliece directly use decoding algorithms for linear codes. The asymptotically best decoding algorithm for random linear codes of length n was for a long time Stern’s variant of information-set decoding running in time \(\tilde{\mathcal{O}}\left(2^{0.05563n}\right)\). Recently, Bernstein, Lange and Peters proposed a new technique called Ball-collision decoding which offers a speed-up over Stern’s algorithm by improving the running time to \(\tilde{\mathcal{O}}\left(2^{0.05558n}\right)\).

In this paper, we present a new algorithm for decoding linear codes that is inspired by a representation technique due to Howgrave-Graham and Joux in the context of subset sum algorithms. Our decoding algorithm offers a rigorous complexity analysis for random linear codes and brings the time complexity down to \(\tilde{\mathcal{O}}\left(2^{0.05363n}\right)\).

Keywords

Information set decoding representation technique