International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2011: Advances in Cryptology – ASIACRYPT 2011 pp 107-124

Decoding Random Linear Codes in \(\tilde{\mathcal{O}}(2^{0.054n})\)

  • Alexander May
  • Alexander Meurer
  • Enrico Thomae
Conference paper

DOI: 10.1007/978-3-642-25385-0_6

Volume 7073 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Decoding random linear codes is a fundamental problem in complexity theory and lies at the heart of almost all code-based cryptography. The best attacks on the most prominent code-based cryptosystems such as McEliece directly use decoding algorithms for linear codes. The asymptotically best decoding algorithm for random linear codes of length n was for a long time Stern’s variant of information-set decoding running in time \(\tilde{\mathcal{O}}\left(2^{0.05563n}\right)\). Recently, Bernstein, Lange and Peters proposed a new technique called Ball-collision decoding which offers a speed-up over Stern’s algorithm by improving the running time to \(\tilde{\mathcal{O}}\left(2^{0.05558n}\right)\).

In this paper, we present a new algorithm for decoding linear codes that is inspired by a representation technique due to Howgrave-Graham and Joux in the context of subset sum algorithms. Our decoding algorithm offers a rigorous complexity analysis for random linear codes and brings the time complexity down to \(\tilde{\mathcal{O}}\left(2^{0.05363n}\right)\).

Keywords

Information set decodingrepresentation technique
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Alexander May
    • 1
  • Alexander Meurer
    • 1
  • Enrico Thomae
    • 1
  1. 1.Faculty of Mathematics, Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany