Advertisement

Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius

Conference paper
  • 436 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12100)

Abstract

We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. The expected work factor of this new randomized decoding approach is a polynomial term times \(q^{m(n-k)-w(n+m)+w^2+\min \{2\xi (\frac{n+k}{2}-\xi ),wk\} }\), where n is the code length, q the size of the base field, m the extension degree of the field, k the code dimension, w the number of errors, and \(\xi := w-\tfrac{n-k}{2}\). It improves upon generic rank-metric decoders by an exponential factor.

Keywords

Gabidulin codes Decoding Rank metric Code-based cryptography 

References

  1. 1.
    Aguilar Melchor, C., et al.: Rank quasi cyclic (RQC). Second round submission to the NIST post-quantum cryptography call (2019). https://pqc-rqc.org
  2. 2.
    Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.: A new algorithm for solving the rank syndrome decoding problem. In: IEEE International Symposium on Information Theory (ISIT), pp. 2421–2425, June 2018.  https://doi.org/10.1109/ISIT.2018.8437464
  3. 3.
    Augot, D., Finiasz, M.: A public key encryption scheme based on the polynomial reconstruction problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 229–240. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_14CrossRefGoogle Scholar
  4. 4.
    Bardet, M., et al.: An algebraic attack on rank metric code-based cryptosystems. Technical report (2019). arXiv:1910.00810v1
  5. 5.
    Ben-Sasson, E., Kopparty, S., Radhakrishnan, J.: Subspace polynomials and limits to list decoding of Reed-Solomon codes. IEEE Trans. Inf. Theory 56(1), 113–120 (2010).  https://doi.org/10.1109/TIT.2009.2034780MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Berlekamp, E., McEliece, R.J., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Delsarte, P.: Bilinear forms over a finite field with applications to coding theory. J. Comb. Theory Ser. A 25(3), 226–241 (1978)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Etzion, T., Vardy, A.: Error-correcting codes in projective space. IEEE Trans. Inf. Theory 57(2), 1165–1173 (2011)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Faure, C., Loidreau, P.: A new public-key cryptosystem based on the problem of reconstructing p–polynomials. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 304–315. Springer, Heidelberg (2006).  https://doi.org/10.1007/11779360_24CrossRefGoogle Scholar
  10. 10.
    Gabidulin, E.M.: Theory of codes with maximum rank distance. Probl. Inf. Transm. 21(1), 3–16 (1985)MathSciNetzbMATHGoogle Scholar
  11. 11.
    Gabidulin, E.M., Paramonov, A.V., Tretjakov, O.V.: Rank errors and rank erasures correction. In: 4th International Colloquium on Coding Theory (1991)Google Scholar
  12. 12.
    Gabidulin, E.M., Pilipchuk, N.I.: Error and erasure correcting algorithms for rank codes. Des. Codes Cryptogr. 49(1–3), 105–122 (2008)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Gaborit, P., Otmani, A., Talé Kalachi, H.: Polynomial-time key recovery attack on the Faure-Loidreau scheme based on Gabidulin codes. Des. Codes Cryptogr. 86, 1391–1403 (2018)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016).  https://doi.org/10.1109/TIT.2015.2511786MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2015)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Trans. Inf. Theory 45(6), 1757–1767 (1999)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Guruswami, V., Vardy, A.: Maximum-likelihood decoding of Reed-Solomon codes is NP-hard. IEEE Trans. Inf. Theory 51, 2249–2256 (2005)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Horlemann-Trautmann, A.L., Kuijper, M.: A module minimization approach to Gabidulin decoding via interpolation. J. Algebra Comb. Discrete Struct. Appl. 5(1), 29–43 (2017)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Jerkovits, T., Bartz, H.: Weak keys in the Faure-Loidreau cryptosystem. In: Baldi, M., Persichetti, E., Santini, P. (eds.) CBC 2019. LNCS, vol. 11666, pp. 102–114. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-25922-8_6CrossRefGoogle Scholar
  20. 20.
    Koetter, R., Kschischang, F.R.: Coding for errors and erasures in random network coding. IEEE Trans. Inf. Theory 54(8), 3579–3591 (2008)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Lavauzelle, J., Loidreau, P., Pham, B.D.: Ramesses, a rank metric encryption scheme with short keys. preprint (2019). https://arxiv.org/abs/1911.13119
  22. 22.
    Raviv, N., Wachter-Zeh, A.: Some Gabidulin codes cannot be list decoded efficiently at any radius. IEEE Trans. Inf. Theory 62(4), 1605–1615 (2016)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Richter, G., Plass, S.: Error and erasure decoding of rank-codes with a modified Berlekamp-Massey algorithm. In: International ITG Conference on Systems, Communications and Coding 2004 (SCC) (2004)Google Scholar
  24. 24.
    Roth, R.M.: Maximum-rank array codes and their application to crisscross error correction. IEEE Trans. Inf. Theory 37(2), 328–336 (1991)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Silva, D.: Error control for network coding. Ph.D. thesis (2009)Google Scholar
  26. 26.
    Silva, D., Kschischang, F.R., Koetter, R.: A rank-metric approach to error control in random network coding. IEEE Trans. Inf. Theory 54(9), 3951–3967 (2008)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Stern, J.: Approximating the number of error locations within a constant ratio is NP-complete. In: Cohen, G., Mora, T., Moreno, O. (eds.) AAECC 1993. LNCS, vol. 673, pp. 325–331. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-56686-4_54CrossRefGoogle Scholar
  28. 28.
    Trombetti, R., Zullo, F.: On the list decodability of Rank Metric codes. preprint (2019). https://arxiv.org/abs/1907.01289
  29. 29.
    Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Trans. Inf. Theory 43(6), 1757–1766 (1997)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Wachter, A., Sidorenko, V., Bossert, M.: A basis for all solutions of the key equation for Gabidulin codes. In: IEEE International Symposium on Information Theory (ISIT), pp. 1143–1147, June 2010.  https://doi.org/10.1109/ISIT.2010.5513681
  31. 31.
    Wachter-Zeh, A.: Bounds on list decoding of rank-metric codes. IEEE Trans. Inf. Theory 59(11), 7268–7277 (2013)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Wachter-Zeh, A.: Decoding of block and convolutional codes in rank metric. Ph.D. thesis, Ulm University and Université Rennes 1 (2013)Google Scholar
  33. 33.
    Wachter-Zeh, A., Puchinger, S., Renner, J.: Repairing the Faure-Loidreau public-key cryptosystem. In: IEEE International Symposium on Information Theory (ISIT) (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Technical University of Munich (TUM)MunichGermany
  2. 2.German Aerospace Center (DLR)Oberpfaffenhofen-WesslingGermany
  3. 3.Technical University of Denmark (DTU)LyngbyDenmark
  4. 4.Univ Rennes, DGA MI, CNRS, IRMAR - UMR 6625RennesFrance

Personalised recommendations