Abstract
The Goppa code distinguishing (GD) problem asks to distinguish efficiently a generator matrix of a Goppa code from a randomly drawn one. We revisit a distinguisher for alternant and Goppa codes through a new approach, namely by studying the dimension of square codes. We provide here a rigorous upper bound for the dimension of the square of the dual of an alternant or Goppa code, while the previous approach only provided algebraic explanations based on heuristics. Moreover, for Goppa codes, our proof extends to the non-binary case as well, thus providing an algebraic explanation for the distinguisher which was missing up to now. All the upper bounds are tight and match experimental evidence. Our work also introduces new algebraic results about products of trace codes in general and of dual of alternant and Goppa codes in particular, clarifying their square code structure. This might be of interest for cryptanalysis purposes.
Similar content being viewed by others
Code availability
Not applicable.
References
Becker A., Joux A., May A., Meurer A.: Decoding random binary linear codes in \(2^{n/20}\): how \(1+1=0\) improves information set decoding. In: Advances in Cryptology—EUROCRYPT 2012, LNCS. Springer (2012)
Bernstein D.J., Chou T., Lange T., von Maurich I., Mizoczki R., Niederhagen R., Persichetti E., Peters C., Schwabe P., Sendrier N., Szefer J., Wen W.: Classic McEliece: Conservative Code-Based Cryptography. Second Round Submission to the NIST Post-quantum Cryptography Call. https://classic.mceliece.org (2019)
Both L., May A.: Optimizing BJMM with nearest neighbors: full decoding in \(2^{2/21 n}\) and McEliece security. In: WCC Workshop on Coding and Cryptography, September 2017. On Line Proceedings. http://wcc2017.suai.ru/Proceedings_WCC2017.zip
Canteaut A., Chabaud F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans. Inform. Theory 44(1), 367–378 (1998).
Cascudo I., Cramer R., Mirandola D., Zémor G.: Squares of random linear codes. IEEE Trans. Inform. Theory 61(3), 1159–1173 (2015).
Courtois N., Finiasz M., Sendrier N.: How to achieve a McEliece-based digital signature scheme. In: Advances in Cryptology—ASIACRYPT 2001, Volume 2248 of LNCS, Gold Coast, Australia, pp. 157–174. Springer (2001)
Couvreur A., Gaborit P., Gauthier-Umaña V., Otmani A., Tillich J.-P.: Distinguisher-based attacks on public-key cryptosystems using Reed–Solomon codes. Des. Codes Cryptogr. 2, 641–666 (2014).
Couvreur A., Otmani A., Tillich J.-P.: Polynomial time attack on wild McEliece over quadratic extensions. IEEE Trans. Inform. Theory 63(1), 404–427 (2017).
Delsarte P.: On subfield subcodes of modified Reed–Solomon codes. IEEE Trans. Inform. Theory 21(5), 575–576 (1975).
Faugère J.-C., Gauthier V., Otmani A., Perret L., Tillich J.-P.: A distinguisher for high rate McEliece cryptosystems. In: Proc. IEEE Inf. Theory Workshop—ITW 2011, Paraty, Brazil, pp. 282–286 (2011)
Faugère J.-C., Gauthier V., Otmani A., Perret L., Tillich J.-P.: A distinguisher for high rate McEliece cryptosystems. IEEE Trans. Inform. Theory 59(10), 6830–6844 (2013).
Kachigar G., Tillich J.-P.: Quantum information set decoding algorithms. In: Post-quantum Cryptography 2017, Volume 10346 of LNCS, Utrecht, The Netherlands, pp. 69–89. Springer (2017)
Lee P.J., Brickell E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Advances in Cryptology—EUROCRYPT’88, Volume 330 of LNCS, pp. 275–280. Springer (1988)
MacWilliams F.J., Sloane N.J.A.: The Theory of Error-Correcting Codes, 5th edn North-Holland, Amsterdam (1986).
Márquez-Corbella I., Pellikaan R.: Error-correcting pairs for a public-key cryptosystem. CBC 2012, code-based cryptography workshop, 2012. IEEE Trans. Inform. Theory 63(1), 404–427 (2017).
May A., Ozerov I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald E., Fischlin M. (eds.) Advances in Cryptology—-EUROCRYPT 2015, Volume 9056 of LNCS, pp. 203–228. Springer (2015)
May A., Meurer A., Thomae E.: Decoding random linear codes in \(O(2^{0.054n})\). In: Lee D.H., Wang X. (eds.) Advances in Cryptology—ASIACRYPT 2011, Volume 7073 of LNCS, pp. 107–124. Springer (2011)
McEliece R.J.: A Public-Key System Based on Algebraic Coding Theory. DSN Progress Report 44, pp. 114–116. Jet Propulsion Lab (1978)
Patterson N.: The algebraic decoding of Goppa codes. IEEE Trans. Inform. Theory 21(2), 203–207 (1975).
Randriambololona H.: Asymptotically good binary linear codes with asymptotically good self-intersection spans. IEEE Trans. Inform. Theory 59(5), 3038–3045 (2013).
Randriambololona H.: On products and powers of linear codes under componentwise multiplication. In: Algorithmic Arithmetic, Geometry, and Coding Theory, Volume 637 of Contemp. Math., pp. 3–78. American Mathematics Society, Providence (2015)
Sendrier N.: On the use of structured codes in code based cryptography. In: Storme L., Nikova S., Preneel B. (eds.) Coding Theory and Cryptography III, pp. 59–68. The Royal Flemish Academy of Belgium for Science and the Arts, Bruxelles (2010).
Stern J.: A method for finding codewords of small weight. In: Cohen G.D., Wolfmann J. (eds.) Coding Theory and Applications, Volume 388 of LNCS, pp. 106–113. Springer (1988)
Wieschebrink C.: Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. In: Post-quantum Cryptography 2010, Volume 6061 of LNCS, pp. 61–72. Springer (2010)
Acknowledgements
The authors would like to thank the anonymous reviewers for their careful reading of the manuscript and their valuable comments or suggestions for simplifying or reorganizing proofs which helped to improve significantly the quality of the manuscript.
Funding
This work was supported in part by the ANR CBCRYPT project, Grant ANR-17-CE39-0007 and by the ANR BARRACUDA project, Grant ANR-21-CE39-0009, both of the French Agence Nationale de la Recherche.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Communicated by O. Ahmadi.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mora, R., Tillich, JP. On the dimension and structure of the square of the dual of a Goppa code. Des. Codes Cryptogr. 91, 1351–1372 (2023). https://doi.org/10.1007/s10623-022-01153-w
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-022-01153-w
Keywords
- Algebraic codes
- Goppa codes
- Alternant codes
- Square codes
- Distinguisher of Goppa codes
- Code-based Cryptography