Designs, Codes and Cryptography最新文献

{"title":"RYDE: a digital signature scheme based on rank syndrome decoding problem with MPC-in-the-Head paradigm","authors":"Loïc Bidoux, Jesús-Javier Chi-Domínguez, Thibauld Feneuil, Philippe Gaborit, Antoine Joux, Matthieu Rivain, Adrien Vinçotte","doi":"10.1007/s10623-024-01544-1","DOIUrl":"https://doi.org/10.1007/s10623-024-01544-1","url":null,"abstract":"<p>We present a signature scheme based on the syndrome decoding (SD) problem in rank metric. It is a construction from Multi-Party Computation (MPC), using a MPC protocol which is a slight improvement of the linearized polynomial protocol used in Feneuil (Cryptology ePrint Archive, Report 2022/1512, 2022), allowing to obtain a zero-knowledge proof thanks to the MPCitH (MPC-in-the-Head) paradigm. We design two different zero-knowledge proofs exploiting this paradigm: the first, which reaches the lower communication costs, relies on additive secret sharing and uses the hypercube technique (Aguilar-Melchor et al., in: Cryptology ePrint Archive, Report 2022/1645, 2022); and the second relies on low-threshold linear secret sharing as proposed in Feneuil (Cryptology ePrint Archive, Report 2022/1512, 2022). These proofs of knowledge are transformed to signature schemes thanks to the Fiat–Shamir transform (Fiat and Shamir, in: International Cryptology Conference (CRYPTO), 1986) and the resulting schemes have signatures of size less than 6 kB. These performances prompted us to propose this signature scheme to the post-quantum cryptography standardization process organized by NIST.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"12 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142924654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fully selective opening secure IBE from LWE","authors":"Dingding Jia, Haiyang Xue, Bao Li","doi":"10.1007/s10623-024-01560-1","DOIUrl":"https://doi.org/10.1007/s10623-024-01560-1","url":null,"abstract":"<p>Selective opening security ensures that, when an adversary is given multiple ciphertexts and corrupts a subset of the senders (thereby obtaining the plaintexts and the senders’ randomness), the privacy of the remaining ciphertexts is still preserved. Previous selective opening secure IBE schemes encrypt messages bit-by-bit, or only achieve selective-id security. In this paper, we present the first adaptive-id, selective opening secure identity-based encryption (IBE) tightly from LWE. To achieve this, we introduce a new primitive called delegatable all-but-many lossy trapdoor functions (DABM-LTDF) and provide a generic construction that converts DABM-LTDF into an adaptive-id, selective opening secure IBE through a tight security reduction. Finally, we construct a concrete DABM-LTDF from the LWE assumption, resulting in the first adaptive-id, selective opening secure IBE from LWE.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"17 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142916897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Quantum sieving for code-based cryptanalysis and its limitations for ISD","authors":"Lynn Engelberts, Simona Etinski, Johanna Loyer","doi":"10.1007/s10623-024-01545-0","DOIUrl":"https://doi.org/10.1007/s10623-024-01545-0","url":null,"abstract":"<p>Sieving using near-neighbor search techniques is a well-known method in lattice-based cryptanalysis, yielding the current best runtime for the shortest vector problem in both the classical and quantum setting. Recently, sieving has also become an important tool in code-based cryptanalysis. Specifically, a variant of the information-set decoding (ISD) framework, commonly used for attacking cryptographically relevant instances of the decoding problem, has been introduced that involves a sieving subroutine. The resulting sieving-based ISD framework yields complexities close to the best-performing classical algorithms for the decoding problem. It is therefore natural to ask how well quantum versions perform. In this work, we introduce the first quantum algorithms for code sieving by designing quantum variants of the aforementioned sieving subroutine. In particular, using quantum-walk techniques, we provide a speed-up over classical code sieving and over a variant using Grover’s algorithm. Our quantum-walk algorithm exploits the structure of the underlying search problem by adding a layer of locality sensitive filtering, inspired by a quantum-walk algorithm for lattice sieving. We complement our asymptotic analysis of the quantum algorithms with numerical results, and observe that our quantum speed-ups for code sieving behave similarly as those observed in lattice sieving. In addition, we show that a natural quantum analog of the sieving-based ISD framework does not provide any speed-up over the first quantum ISD algorithm. Our analysis highlights that the framework should be adapted in order to outperform state-of-the-art quantum ISD algorithms.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"20 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142916896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Divisible design graphs from the symplectic graph","authors":"Bart De Bruyn, Sergey Goryainov, Willem H. Haemers, Leonid Shalaginov","doi":"10.1007/s10623-024-01557-w","DOIUrl":"https://doi.org/10.1007/s10623-024-01557-w","url":null,"abstract":"<p>A divisible design graph is a graph whose adjacency matrix is an incidence matrix of a (group) divisible design. Divisible design graphs were introduced in 2011 as a generalization of <span>((v,k,lambda ))</span>-graphs. Here we describe four new infinite families that can be obtained from the symplectic strongly regular graph <i>Sp</i>(2<i>e</i>, <i>q</i>) (<i>q</i> odd, <span>(ege 2)</span>) by modifying the set of edges. To achieve this we need two kinds of spreads in <span>(PG(2e-1,q))</span> with respect to the associated symplectic form: the symplectic spread consisting of totally isotropic subspaces and, when <span>(e=2)</span>, a special spread that consists of lines which are not totally isotropic and which is closed under the action of the associated symplectic polarity. Existence of symplectic spreads is known, but the construction of a special spread for every odd prime power <i>q</i> is a main result of this paper. We also show an equivalence between special spreads of <i>Sp</i>(4, <i>q</i>) and certain nice point sets in the projective space <span>(operatorname {PG}(4,q))</span>. We have included relevant background from finite geometry, and when <span>(q=3,5)</span> and 7 we worked out all possible special spreads.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"25 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The set of pure gaps at several rational places in function fields","authors":"Alonso S. Castellanos, Erik A. R. Mendoza, Guilherme Tizziotti","doi":"10.1007/s10623-024-01556-x","DOIUrl":"https://doi.org/10.1007/s10623-024-01556-x","url":null,"abstract":"<p>In this work, we explore the use of maximal elements in generalized Weierstrass semigroups and their relationship with pure gaps, extending the results in Castellanos et al. [J Pure Appl Algebra 228(4):107513, 2024]. We provide a method to completely determine the set of pure gaps at several rational places in a function field <i>F</i> over a finite field, where the periods of certain places are the same, and determine its cardinality. As an example, we calculate the cardinality and provide a simple, explicit description of the set of pure gaps at several rational places distinct from the infinity place on Kummer extensions, offering a different characterization from that presented by Hu and Yang [Des Codes Cryptogr 86(1):211–230, 2018]. Furthermore, we present some applications in coding theory and AG codes with good parameters.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"23 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The weight hierarchies of three classes of linear codes","authors":"Wei Lu, Qingyao Wang, Xiaoqiang Wang, Dabin Zheng","doi":"10.1007/s10623-024-01553-0","DOIUrl":"https://doi.org/10.1007/s10623-024-01553-0","url":null,"abstract":"<p>Studying the generalized Hamming weights of linear codes is a significant research area within coding theory, as it provides valuable structural information about the codes and plays a crucial role in determining their performance in various applications. However, determining the generalized Hamming weights of linear codes, particularly their weight hierarchy, is generally a challenging task. In this paper, we focus on investigating the generalized Hamming weights of three classes of linear codes over finite fields. These codes are constructed by different defining sets. By analysing the intersections between the definition sets and the duals of all <i>r</i>-dimensional subspaces, we get the inequalities on the sizes of these intersections. Then constructing subspaces that reach the upper bounds of these inequalities, we successfully determine the complete weight hierarchies of these codes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"87 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Several families of negacyclic BCH codes and their duals","authors":"Zhonghua Sun, Xinyue Liu","doi":"10.1007/s10623-024-01551-2","DOIUrl":"https://doi.org/10.1007/s10623-024-01551-2","url":null,"abstract":"<p>Negacyclic BCH codes are a special subclasses of negacyclic codes, and have the best parameters known in many cases. A family of good negacyclic BCH codes are the <i>q</i>-ary narrow-sense negacyclic BCH codes of length <span>(n=(q^m-1)/2)</span>, where <i>q</i> is an odd prime power. Little is known about the true minimum distance of this family of negacyclic BCH codes and the dimension of this family of negacyclic BCH codes with large designed distance. The main objective of this paper is to study three subfamilies of this family of negacyclic BCH codes. The dimension and true minimum distance of a subfamily of the <i>q</i>-ary narrow-sense negacyclic BCH codes of length <i>n</i> are determined. The dimension and good lower bounds on the minimum distance of two subfamilies of the <i>q</i>-ary narrow-sense negacyclic BCH codes of length <i>n</i> are presented. The minimum distances of the duals of the <i>q</i>-ary narrow-sense negacyclic BCH codes of length <i>n</i> are also investigated. As will be seen, the three subfamilies of negacyclic BCH codes are sometimes distance-optimal and sometimes have the same parameters as the best linear codes known.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"25 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fault attacks on multi-prime RSA signatures","authors":"Chunzhi Zhao, Jinzheng Cao, Junqi Zhang, Qingfeng Cheng","doi":"10.1007/s10623-024-01554-z","DOIUrl":"https://doi.org/10.1007/s10623-024-01554-z","url":null,"abstract":"<p>At CHES 2009, Coron et al. proposed a fault attack on standard RSA signatures based on Coppersmith’s method. This work greatly enhances the practicality of fault attacks on RSA signatures. In practice, multi-prime RSA signatures are widely used due to their faster generation speed. In this paper, we propose fault attacks on multi-prime RSA signatures under the PKCS#1 v2.x protocols. We conduct the fault attacks based on Coppersmith’s method in various scenarios. To be specific, we first consider the case where there is only one fault signature, and then we consider the cases where there are multiple fault signatures with co-prime moduli, common moduli, and arbitrary moduli. For each case, we give the upper bound of the unknowns that can be solved in polynomial time, which improves the practicability of the attacks. Our research is grounded in the EMSA-PKCS1-v1_5 encoding method and has been verified by experiments.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"33 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the vector subspaces of $$mathbb {F}_{2^n}$$ over which the multiplicative inverse function sums to zero","authors":"Claude Carlet","doi":"10.1007/s10623-024-01531-6","DOIUrl":"https://doi.org/10.1007/s10623-024-01531-6","url":null,"abstract":"<p>We study the behavior of the multiplicative inverse function (which plays an important role in cryptography and in the study of finite fields), with respect to a recently introduced generalization of almost perfect nonlinearity (APNness), called <i>k</i>th-order sum-freedom, that extends a classic characterization of APN functions, and has also some relationship with integral attacks. This generalization corresponds to the fact that a vectorial function <span>(F:mathbb {F}_2^nmapsto mathbb {F}_2^m)</span> sums to a nonzero value over every <i>k</i>-dimensional affine subspace of <span>(mathbb {F}_2^n)</span>, for some <span>(kle n)</span> (APNness corresponds to <span>(k=2)</span>). The sum of the values of the inverse function <span>(xin mathbb {F}_{2^n}mapsto x^{2^n-2}in mathbb {F}_{2^n})</span> over any affine subspace <i>A</i> of <span>(mathbb {F}_{2^n})</span> not containing 0 (i.e. being not a vector space) has been addressed, thanks to a simple expression of such sum, which shows that it never vanishes. We study in the present paper the case of vector (i.e. linear) subspaces, which is much less simple to handle. The sum depends on a coefficient in subspace polynomials. We study for which values of <i>k</i> the multiplicative inverse function can sum to nonzero values over all <i>k</i>-dimensional vector subspaces. We show that, for every <i>k</i> not co-prime with <i>n</i>, it sums to zero over at least one <i>k</i>-dimensional <span>(mathbb {F}_2)</span>-subspace of <span>(mathbb {F}_{2^n})</span>. We study the behavior of the inverse function over direct sums of vector spaces and we deduce that the property of the inverse function to be <i>k</i>th-order sum-free happens for <i>k</i> if and only if it happens for <span>(n-k)</span>. We derive several other results and we show that the set of values <i>k</i> such that the inverse function is not <i>k</i>th-order sum-free is stable when adding two values of <i>k</i> whose product is smaller than <i>n</i> (and when subtracting two values under some conditions). We clarify the case of dimension at most 4 (equivalently, of co-dimension at most 4) and this allows to address, for every <i>n</i>, all small enough values of <i>k</i> of the form <span>(3a+4b)</span>.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"31 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Codes from $$A_m$$ -invariant polynomials","authors":"Giacomo Micheli, Vincenzo Pallozzi Lavorante, Phillip Waitkevich","doi":"10.1007/s10623-024-01550-3","DOIUrl":"https://doi.org/10.1007/s10623-024-01550-3","url":null,"abstract":"<p>Let <i>q</i> be a prime power. This paper provides a new class of linear codes that arises from the action of the alternating group on <span>({mathbb {F}}_q[x_1,dots ,x_m])</span> combined with the ideas in Datta and Johnsen (Des Codes Cryptogr 91(3):747–761, 2023). Compared with Generalized Reed–Muller codes with analogous parameters, our codes have the same asymptotic relative distance but a better rate. Our results follow from combinations of Galois theoretical methods with Weil-type bounds for hypersurfaces.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"153 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142887319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}