Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius
- 436 Downloads
Abstract
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. The expected work factor of this new randomized decoding approach is a polynomial term times \(q^{m(n-k)-w(n+m)+w^2+\min \{2\xi (\frac{n+k}{2}-\xi ),wk\} }\), where n is the code length, q the size of the base field, m the extension degree of the field, k the code dimension, w the number of errors, and \(\xi := w-\tfrac{n-k}{2}\). It improves upon generic rank-metric decoders by an exponential factor.
Keywords
Gabidulin codes Decoding Rank metric Code-based cryptographyReferences
- 1.Aguilar Melchor, C., et al.: Rank quasi cyclic (RQC). Second round submission to the NIST post-quantum cryptography call (2019). https://pqc-rqc.org
- 2.Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.: A new algorithm for solving the rank syndrome decoding problem. In: IEEE International Symposium on Information Theory (ISIT), pp. 2421–2425, June 2018. https://doi.org/10.1109/ISIT.2018.8437464
- 3.Augot, D., Finiasz, M.: A public key encryption scheme based on the polynomial reconstruction problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 229–240. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_14CrossRefGoogle Scholar
- 4.Bardet, M., et al.: An algebraic attack on rank metric code-based cryptosystems. Technical report (2019). arXiv:1910.00810v1
- 5.Ben-Sasson, E., Kopparty, S., Radhakrishnan, J.: Subspace polynomials and limits to list decoding of Reed-Solomon codes. IEEE Trans. Inf. Theory 56(1), 113–120 (2010). https://doi.org/10.1109/TIT.2009.2034780MathSciNetCrossRefzbMATHGoogle Scholar
- 6.Berlekamp, E., McEliece, R.J., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
- 7.Delsarte, P.: Bilinear forms over a finite field with applications to coding theory. J. Comb. Theory Ser. A 25(3), 226–241 (1978)MathSciNetCrossRefGoogle Scholar
- 8.Etzion, T., Vardy, A.: Error-correcting codes in projective space. IEEE Trans. Inf. Theory 57(2), 1165–1173 (2011)MathSciNetCrossRefGoogle Scholar
- 9.Faure, C., Loidreau, P.: A new public-key cryptosystem based on the problem of reconstructing p–polynomials. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 304–315. Springer, Heidelberg (2006). https://doi.org/10.1007/11779360_24CrossRefGoogle Scholar
- 10.Gabidulin, E.M.: Theory of codes with maximum rank distance. Probl. Inf. Transm. 21(1), 3–16 (1985)MathSciNetzbMATHGoogle Scholar
- 11.Gabidulin, E.M., Paramonov, A.V., Tretjakov, O.V.: Rank errors and rank erasures correction. In: 4th International Colloquium on Coding Theory (1991)Google Scholar
- 12.Gabidulin, E.M., Pilipchuk, N.I.: Error and erasure correcting algorithms for rank codes. Des. Codes Cryptogr. 49(1–3), 105–122 (2008)MathSciNetCrossRefGoogle Scholar
- 13.Gaborit, P., Otmani, A., Talé Kalachi, H.: Polynomial-time key recovery attack on the Faure-Loidreau scheme based on Gabidulin codes. Des. Codes Cryptogr. 86, 1391–1403 (2018)MathSciNetCrossRefGoogle Scholar
- 14.Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016). https://doi.org/10.1109/TIT.2015.2511786MathSciNetCrossRefzbMATHGoogle Scholar
- 15.Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2015)MathSciNetCrossRefGoogle Scholar
- 16.Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Trans. Inf. Theory 45(6), 1757–1767 (1999)MathSciNetCrossRefGoogle Scholar
- 17.Guruswami, V., Vardy, A.: Maximum-likelihood decoding of Reed-Solomon codes is NP-hard. IEEE Trans. Inf. Theory 51, 2249–2256 (2005)MathSciNetCrossRefGoogle Scholar
- 18.Horlemann-Trautmann, A.L., Kuijper, M.: A module minimization approach to Gabidulin decoding via interpolation. J. Algebra Comb. Discrete Struct. Appl. 5(1), 29–43 (2017)MathSciNetzbMATHGoogle Scholar
- 19.Jerkovits, T., Bartz, H.: Weak keys in the Faure-Loidreau cryptosystem. In: Baldi, M., Persichetti, E., Santini, P. (eds.) CBC 2019. LNCS, vol. 11666, pp. 102–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25922-8_6CrossRefGoogle Scholar
- 20.Koetter, R., Kschischang, F.R.: Coding for errors and erasures in random network coding. IEEE Trans. Inf. Theory 54(8), 3579–3591 (2008)MathSciNetCrossRefGoogle Scholar
- 21.Lavauzelle, J., Loidreau, P., Pham, B.D.: Ramesses, a rank metric encryption scheme with short keys. preprint (2019). https://arxiv.org/abs/1911.13119
- 22.Raviv, N., Wachter-Zeh, A.: Some Gabidulin codes cannot be list decoded efficiently at any radius. IEEE Trans. Inf. Theory 62(4), 1605–1615 (2016)MathSciNetCrossRefGoogle Scholar
- 23.Richter, G., Plass, S.: Error and erasure decoding of rank-codes with a modified Berlekamp-Massey algorithm. In: International ITG Conference on Systems, Communications and Coding 2004 (SCC) (2004)Google Scholar
- 24.Roth, R.M.: Maximum-rank array codes and their application to crisscross error correction. IEEE Trans. Inf. Theory 37(2), 328–336 (1991)MathSciNetCrossRefGoogle Scholar
- 25.Silva, D.: Error control for network coding. Ph.D. thesis (2009)Google Scholar
- 26.Silva, D., Kschischang, F.R., Koetter, R.: A rank-metric approach to error control in random network coding. IEEE Trans. Inf. Theory 54(9), 3951–3967 (2008)MathSciNetCrossRefGoogle Scholar
- 27.Stern, J.: Approximating the number of error locations within a constant ratio is NP-complete. In: Cohen, G., Mora, T., Moreno, O. (eds.) AAECC 1993. LNCS, vol. 673, pp. 325–331. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-56686-4_54CrossRefGoogle Scholar
- 28.Trombetti, R., Zullo, F.: On the list decodability of Rank Metric codes. preprint (2019). https://arxiv.org/abs/1907.01289
- 29.Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Trans. Inf. Theory 43(6), 1757–1766 (1997)MathSciNetCrossRefGoogle Scholar
- 30.Wachter, A., Sidorenko, V., Bossert, M.: A basis for all solutions of the key equation for Gabidulin codes. In: IEEE International Symposium on Information Theory (ISIT), pp. 1143–1147, June 2010. https://doi.org/10.1109/ISIT.2010.5513681
- 31.Wachter-Zeh, A.: Bounds on list decoding of rank-metric codes. IEEE Trans. Inf. Theory 59(11), 7268–7277 (2013)MathSciNetCrossRefGoogle Scholar
- 32.Wachter-Zeh, A.: Decoding of block and convolutional codes in rank metric. Ph.D. thesis, Ulm University and Université Rennes 1 (2013)Google Scholar
- 33.Wachter-Zeh, A., Puchinger, S., Renner, J.: Repairing the Faure-Loidreau public-key cryptosystem. In: IEEE International Symposium on Information Theory (ISIT) (2018)Google Scholar