Skip to main content
SpringerLink
Log in

Simplified High-Speed High-Distance List Decoding for Alternant Codes

  • Conference paper
Post-Quantum Cryptography (PQCrypto 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7071))

Included in the following conference series:

Abstract

This paper presents a simplified list-decoding algorithm to correct any number w of errors in any alternant code of any length n with any designed distance t + 1 over any finite field F q ; in particular, in the classical Goppa codes used in the McEliece and Niederreiter public-key cryptosystems. The algorithm is efficient for w close to, and in many cases slightly beyond, the F q Johnson bound \(J'=n'-\sqrt{n'(n'-t-1)}\) where n′ = n(q − 1)/q, assuming t + 1 ≤ n′. In the typical case that \(qn/t\in (\lg n)^{O(1)}\) and that the parent field has \((\lg n)^{O(1)}\) bits, the algorithm uses \(n(\lg n)^{O(1)}\) bit operations for \(w\le J'-n/(\lg n)^{O(1)}\); O(n 4.5) bit operations for \(w\le J'+o((\lg n)/\lg\lg n)\); and n O(1) bit operations for \(w\le J'+O((\lg n)/\lg\lg n)\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. — (no editor): 39th annual symposium on foundations of computer science, FOCS ’98, November 8-11, 1998, Palo Alto, California, USA. IEEE Computer Society (1998); See [35]

    Google Scholar 

  2. — (no editor): Proceedings of the 32nd annual ACM symposium on theory of computing. Association for Computing Machinery, New York (2000); See [14]

    Google Scholar 

  3. Alekhnovich, M.: Linear diophantine equations over polynomials and soft decoding of Reed-Solomon codes. IEEE Transactions on Information Theory 51, 2257–2265 (2005); Cited from §1, §2, §2

    Article  MathSciNet  MATH  Google Scholar 

  4. Augot, D., Barbier, M., Couvreur, A.: List-decoding of binary Goppa codes up to the binary Johnson bound (2010); Cited from §1, §1, §3, §3, §3, §3, §3, §3, §6

    Google Scholar 

  5. Barreto, P.S.L.M., Lindner, R., Misoczki, R.: Decoding square-free Goppa codes over F p (2010); Cited from §6

    Google Scholar 

  6. Beelen, P., Brander, K.: Key equations for list decoding of Reed-Solomon codes and how to solve them. Journal of Symbolic Computation 45, 773–786 (2010); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  7. Berlekamp, E.R.: Algebraic coding theory. McGraw-Hill, New York (1968); Cited from §1

    MATH  Google Scholar 

  8. Bernstein, D.J.: Fast multiplication and its applications. In: [19], pp. 325–384 (2008); Cited from §2, §2, §2, §2

    Google Scholar 

  9. Bernstein, D.J.: Reducing lattice bases to find small-height values of univariate polynomials. In: [19], pp. 421–446 (2008); Cited from §1, §3, §3, §3

    Google Scholar 

  10. Bernstein, D.J.: List decoding for binary Goppa codes. In: IWCC 2011 [21], pp. 62–80 (2011); Cited from §3, §3

    Google Scholar 

  11. Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: PQCrypto 2008 [17], pp. 31–46 (2008); Cited from §1

    Google Scholar 

  12. Bernstein, D.J., Lange, T., Peters, C.: Wild McEliece. In: SAC 2010 [13], pp. 143–158 (2011); Cited from §6

    Google Scholar 

  13. Biryukov, A., Gong, G., Stinson, D.R. (eds): Selected areas in cryptography—17th international workshop, SAC 2010, Waterloo, Ontario, Canada, August 12-13, 2010, revised selected papers. Lecture Notes in Computer Science, vol. 6544. Springer (2011); See [12]

    Google Scholar 

  14. Boneh, D.: Finding smooth integers in short intervals using CRT decoding. In: STOC 2000 [2], pp. 265–272 (2000); see also newer version [15]; Cited from §3, §3, §3

    Google Scholar 

  15. Boneh, D.: Finding smooth integers in short intervals using CRT decoding. Journal of Computer and System Sciences 64, 768–784 (2002); see also older version [14]

    Article  MathSciNet  MATH  Google Scholar 

  16. Bose, R.C., Ray-Chaudhuri, D.K.: On a class of error correcting binary group codes. Information and Control 3, 68–79 (1960); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  17. Buchmann, J., Ding, J. (eds.): Post-quantum cryptography, second international workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17-19, 2008, proceedings. Lecture Notes in Computer Science, vol. 5299, Springer (2008); See [11]

    Google Scholar 

  18. Bürgisser, P., Clausen, M., Shokrollahi, M.A.: Algebraic complexity theory. Springer, Berlin (1997); Cited from §2

    Book  MATH  Google Scholar 

  19. Buhler, J.P., Stevenhagen, P. (eds.): Surveys in algorithmic number theory. Mathematical Sciences Research Institute Publications, vol. 44. Cambridge University Press, New York (2008); See [8], [9]

    Google Scholar 

  20. Castagnos, G., Joux, A., Laguillaumie, F., Nguyen, P.Q.: Factoring pq2 with quadratic forms: nice cryptanalyses. In: Asiacrypt 2009 [43], pp. 469–486 (2009); Cited from §3

    Google Scholar 

  21. Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.): Coding and cryptology—third international workshop, IWCC 2011, Qingdao, China, May 30-June 3, 2011, proceedings. Lecture Notes in Computer Science, vol. 6639. Springer (2011); See [10]

    Google Scholar 

  22. Chien, R.T., Choy, D.M.: Algebraic generalization of BCH-Goppa-Helgert codes. IEEE Transactions on Information Theory 21, 70–79; Cited from §1

    Google Scholar 

  23. Cohn, H., Heninger, N.: Ideal forms of Coppersmith’s theorem and Guruswami-Sudan list decoding (2010); Cited from §3, §3, §3

    Google Scholar 

  24. Coppersmith, D.: Finding a small root of a univariate modular equation. In: Eurocrypt 1996 [44], pp. 155–165 (1996); see also newer version [26]; Cited from §3, §3

    Google Scholar 

  25. Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Eurocrypt 1996 [44], pp. 178–189 (1996); see also newer version [26]; Cited from §3, §3

    Google Scholar 

  26. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology 10, 233–260 (1997); see also older version [24] and [25]

    Article  MathSciNet  MATH  Google Scholar 

  27. Darnell, M. (ed.): Cryptography and coding: proceedings of the 6th IMA international conference held at the Royal Agricultural College, Cirencester, December 17-19, 1997. Lecture Notes in Computer Science, vol. 1355. Springer (1997); See [40]

    Google Scholar 

  28. Delsarte, P.: On subfield subcodes of modified Reed-Solomon codes. IEEE Transactions on Information Theory 21, 575–576 (1975); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  29. von zur Gathen, J., Gerhard, J.: Modern computer algebra, 2nd edn. Cambridge University Press, Cambridge (2003); Cited from §2, §2, §2, §2, §2, §2, §2, §2

    MATH  Google Scholar 

  30. Giorgi, P., Jeannerod, C.-P., Villard, G.: On the complexity of polynomial matrix computations. In: ISSAC 2003 [49], pp. 135–142 (2003); Cited from §2, §2, §2, §2

    Google Scholar 

  31. Goppa, V.D.: A new class of linear error correcting codes. Problemy Peredachi Informatsii 6, 24–30 (1970); Cited from §1, §6

    MathSciNet  MATH  Google Scholar 

  32. Goppa, V.D.: Rational representation of codes and (L,g)-codes. Problemy Peredachi Informatsii 7, 41–49 (1971) Cited from §1

    MathSciNet  MATH  Google Scholar 

  33. Gorenstein, D., Zierler, N.: A class of error-correcting codes in pm symbols. Journal of the Society for Industrial and Applied Mathematics 9, 207–214 (1961); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  34. Guruswami, V.: List decoding of error-correcting codes, Ph.D. thesis, Massachusetts Institute of Technology (2001); Cited from §1

    Google Scholar 

  35. Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometry codes. In: FOCS 1998 [1], pp. 28–39 (1998); see also newer version [36]; Cited from §1, §1, §3, §3, §3, §3, §3

    Google Scholar 

  36. Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Transactions on Information Theory 45, 1757–1767 (1999); see also older version [36]; Cited from §3, §3

    Article  MathSciNet  MATH  Google Scholar 

  37. Håstad, J.: Solving simultaneous modular equations of low degree. SIAM Journal on Computing 17, 336–341 (1988); Cited from §3

    Article  MathSciNet  Google Scholar 

  38. Helgert, H.J.: Alternant codes. Information and Control 26, 369–380 (1974); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  39. Hocquenghem, A.: Codes correcteurs d’erreurs. Chiffres 2, 147–156 (1959); Cited from §1

    MathSciNet  MATH  Google Scholar 

  40. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Cirencester 1997 [27], pp. 131–142 (1997); Cited from §3, §3

    Google Scholar 

  41. Howgrave-Graham, N.: Computational mathematics inspired by RSA, Ph.D. thesis (1998); Cited from §3, §3

    Google Scholar 

  42. Justesen, J.: On the complexity of decoding Reed-Solomon codes. IEEE Transactions on Information Theory 22, 237–238 (1976); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  43. Matsui, M. (ed.): Advances in cryptology—ASIACRYPT 2009, 15th international conference on the theory and application of cryptology and information security, Tokyo, Japan, December 6-10, 2009, proceedings. Lecture Notes in Computer Science, vol. 5912. Springer (2009); See [20]

    Google Scholar 

  44. Maurer, U.M. (ed.): Advances in cryptology—EUROCRYPT 1996: proceedings of the fifteenth international conference on the theory and application of cryptographic techniques Held in Saragossa, May 12-16, 1996. Lecture Notes in Computer Science, vol. 1070. Springer, Berlin (1996); See [24], [25]

    Google Scholar 

  45. Mora, T. (ed.): Applied algebra, algebraic algorithms and error-correcting codes: proceedings of the sixth international conference (AAECC-6) held in Rome, July 4-8, 1988. Lecture Notes in Computer Science, vol. 357. Springer, Berlin (1989); See [53]

    Google Scholar 

  46. Wesley Peterson, W.: Encoding and error-correction procedures for the Bose-Chaudhuri codes. Transactions of the Institute of Radio Engineers 6, 459–470 (1960); Cited from §1

    MathSciNet  MATH  Google Scholar 

  47. Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics 8, 300–304 (1960); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  48. Sarwate, D.V.: On the complexity of decoding Goppa codes. IEEE Transactions on Information Theory 23, 515–516 (1977); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  49. Rafael Sendra, J. (ed.): Symbolic and algebraic computation, international symposium ISSAC 2003, Drexel University, Philadelphia, Pennsylvania, USA, August 3-6, 2003, proceedings. Association for Computing Machinery (2003); See [30]

    Google Scholar 

  50. Sudan, M.: Decoding of Reed Solomon codes beyond the error-correction bound. Journal of Complexity 13, 180–193 (1997); Cited from §1

    Article  MathSciNet  MATH  Google Scholar 

  51. Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: Further results on Goppa codes and their applications to constructing efficient binary codes. IEEE Transactions on Information Theory 22, 518–526 (1976); Cited from § 6

    Article  MathSciNet  MATH  Google Scholar 

  52. Trifonov, P.: Efficient interpolation in the Guruswami-Sudan algorithm. IEEE Transactions on Information Theory 56, 4341–4349 (2010); Cited from §1

    Article  MathSciNet  Google Scholar 

  53. Vallée, B., Girault, M., Toffin, P.: How to guess ℓth roots modulo n by reducing lattice bases. In: AAECC 1989 [45], pp. 427–442 (1989); Cited from §3

    Google Scholar 

  54. Wu, Y.: New list decoding algorithms for Reed-Solomon and BCH codes. IEEE Transactions On Information Theory 54 (2008); Cited from §3, §3

    Google Scholar 

  55. Zassenhaus, H.: On Hensel factorization. I. Journal of Number Theory 1, 291–311 (1969); Cited from §2

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, Chicago, IL, 60607–7045, USA

    Daniel J. Bernstein

Authors
  1. Daniel J. Bernstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Bo-Yin Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bernstein, D.J. (2011). Simplified High-Speed High-Distance List Decoding for Alternant Codes. In: Yang, BY. (eds) Post-Quantum Cryptography. PQCrypto 2011. Lecture Notes in Computer Science, vol 7071. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25405-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25405-5_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25404-8

  • Online ISBN: 978-3-642-25405-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation