{"title":"Breaking the power-of-two barrier: noise estimation for BGV in NTT-friendly rings","authors":"Andrea Di Giusto, Chiara Marcolla","doi":"10.1007/s10623-024-01524-5","DOIUrl":"https://doi.org/10.1007/s10623-024-01524-5","url":null,"abstract":"<p>The Brakerski–Gentry–Vaikuntanathan (BGV) scheme is a Fully Homomorphic Encryption (FHE) cryptosystem based on the Ring Learning With Error (RLWE) problem. Ciphertexts in this scheme contain an error term that grows with operations and causes decryption failure when it surpasses a certain threshold. Consequently, the parameters of BGV need to be estimated carefully, with a trade-off between security and error margin. The ciphertext space of BGV is the ring <span>(mathcal {R}_q=mathbb {Z}_q[x]/(Phi _m(x)))</span>, where usually the degree <i>n</i> of the cyclotomic polynomial <span>(Phi _m(x))</span> is chosen as a power of two for efficiency reasons. However, the jump between two consecutive powers-of-two polynomials also causes a jump in security, resulting in parameters that are much bigger than what is needed. In this work, we explore the non-power-of-two instantiations of BGV. Although our theoretical research encompasses results applicable to any cyclotomic ring, the focus of our investigation is the case of <span>({m=2^scdot 3^t})</span> where <span>(s,tge 1)</span>, i.e., cyclotomic polynomials with degree <span>({n=phi (m)=2^scdot 3^{t-1}})</span>. We provide a thorough analysis of the noise growth in this new setting using the canonical norm and compare our results with the power-of-two case considering practical aspects like NTT algorithms. We find that in many instances, the parameter estimation process yields better results for the non-power-of-two setting.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"38 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142637521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A new method of constructing $$(k+s)$$ -variable bent functions based on a family of s-plateaued functions on k variables","authors":"Sihong Su, Xiaoyan Chen","doi":"10.1007/s10623-024-01520-9","DOIUrl":"https://doi.org/10.1007/s10623-024-01520-9","url":null,"abstract":"<p>It is important to study the new construction methods of bent functions. In this paper, we first propose a secondary construction method of <span>((k+s))</span>-variable bent function <i>g</i> through a family of <i>s</i>-plateaued functions <span>(f_0,f_1,ldots ,f_{2^s-1})</span> on <i>k</i> variables with disjoint Walsh supports, which can be obtained through any given <span>((k-s))</span>-variable bent function <i>f</i> by selecting <span>(2^s)</span> disjoint affine subspaces <span>(S_0,S_1,ldots ,S_{2^s-1})</span> of <span>({mathbb {F}}_2^k)</span> with dimension <span>(k-s)</span> to specify the Walsh support of these <i>s</i>-plateaued functions respectively, where <i>s</i> is a positive integer and <span>(k-s)</span> is a positive even integer. The dual functions of these newly constructed bent functions are determined. This secondary construction method of bent functions has a great improvement in counting. As a generalization, we find that the one initial <span>((k-s))</span>-variable bent function <i>f</i> can be replaced by several different <span>((k-s))</span>-variable bent functions. Compared to the first construction method, the latter one gives much more bent functions. It is worth mentioning that it can give all the 896 bent functions on 4 variables.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"9 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142600906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yongbo Xia, Chunlei Li, Furong Bao, Shaoping Chen, Tor Helleseth
{"title":"Further investigation on differential properties of the generalized Ness–Helleseth function","authors":"Yongbo Xia, Chunlei Li, Furong Bao, Shaoping Chen, Tor Helleseth","doi":"10.1007/s10623-024-01525-4","DOIUrl":"https://doi.org/10.1007/s10623-024-01525-4","url":null,"abstract":"<p>Let <i>n</i> be an odd positive integer, <i>p</i> be an odd prime with <span>(pequiv 3pmod 4)</span>, <span>(d_{1} = {{p^{n}-1}over {2}} -1 )</span> and <span>(d_{2} =p^{n}-2)</span>. The function defined by <span>(f_u(x)=ux^{d_{1}}+x^{d_{2}})</span> is called the generalized Ness–Helleseth function over <span>(mathbb {F}_{p^n})</span>, where <span>(uin mathbb {F}_{p^n})</span>. It was initially studied by Ness and Helleseth in the ternary case. In this paper, for <span>(p^n equiv 3 pmod 4)</span> and <span>(p^n ge 7)</span>, we provide the necessary and sufficient condition for <span>(f_u(x))</span> to be an APN function. In addition, for each <i>u</i> satisfying <span>(chi (u+1) = chi (u-1))</span>, the differential spectrum of <span>(f_u(x))</span> is investigated, and it is expressed in terms of some quadratic character sums of cubic polynomials, where <span>(chi (cdot ))</span> denotes the quadratic character of <span>({mathbb {F}}_{p^n})</span>.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"9 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142597482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sabyasachi Dey, Gregor Leander, Nitin Kumar Sharma
{"title":"Improved key recovery attacks on reduced-round Salsa20","authors":"Sabyasachi Dey, Gregor Leander, Nitin Kumar Sharma","doi":"10.1007/s10623-024-01522-7","DOIUrl":"https://doi.org/10.1007/s10623-024-01522-7","url":null,"abstract":"<p>In this paper, we present an improved attack on the stream cipher Salsa20. Our improvements are based on two technical contributions. First, we make use of a distribution of a linear combination of several random variables that are derived from different differentials and explain how to exploit this in order to improve the attack complexity. Secondly, we study and exploit how to choose the actual value for so-called probabilistic neutral bits optimally. Because of the limited influence of these key bits on the computation, in the usual attack approach, these are fixed to a constant value, often zero for simplicity. As we will show, despite the fact that their influence is limited, the constant can be chosen in significantly better ways, and intriguingly, zero is the worst choice. Using this, we propose the first-ever attack on 7.5-round of the 128-bit key version of Salsa20. Also, we provide improvements in the attack against the 8-round of the 256-bit key version of Salsa20 and the 7-round of the 128-bit key version of Salsa20.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"2 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142597483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xianmang He, Zusheng Zhang, Si Tian, Jingli Wang, Yindong Chen
{"title":"Parallel construction for constant dimension codes from mixed dimension construction","authors":"Xianmang He, Zusheng Zhang, Si Tian, Jingli Wang, Yindong Chen","doi":"10.1007/s10623-024-01518-3","DOIUrl":"https://doi.org/10.1007/s10623-024-01518-3","url":null,"abstract":"<p>The community has been pursuing improvements in the cardinalities for constant dimensional codes (CDC for short) for the past decade. Lao et al. (IEEE Trans Inf Theory 69(7):4333–4344, 2023) has shown that mixed dimension subspace codes can be used to construct large constant dimension subspace codes. The exploration of the CDCs’ construction is transformed into finding mixed dimension/distance subspace codes with large dimension distributions. In this paper, we apply the parallel construction to this mixed dimension construction, which allows us to contribute approximately more than 80 new constant dimension codes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"196 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142598203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Generalized bilateral multilevel construction for constant dimension codes","authors":"Xiaoqin Hong, Xiwang Cao, Gaojun Luo","doi":"10.1007/s10623-024-01513-8","DOIUrl":"https://doi.org/10.1007/s10623-024-01513-8","url":null,"abstract":"<p>Constant dimension codes (CDCs) have drawn extensive attention due to their applications in random network coding. This paper introduces a new class of codes, namely generalized bilateral Ferrers diagram rank-metric codes, to generalize the bilateral multilevel construction in Etzion and Vardy (Adv Math Commun 16:1165–1183, 2022). Combining our generalized bilateral multilevel construction and the double multilevel construction in Liu and Ji (IEEE Trans Inf Theory 69:157–168, 2023), we present an effective technique to construct CDCs. By means of bilateral identifying vectors, this approach helps us to select fewer identifying and inverse identifying vectors to construct CDCs with larger size. The new constructed CDCs have the largest size regarding known codes for many sets of parameters. Our method gives rise to at least 138 new lower bounds for CDCs.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"37 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142580297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Griesmer type bounds for additive codes over finite fields, integral and fractional MDS codes","authors":"Simeon Ball, Michel Lavrauw, Tabriz Popatia","doi":"10.1007/s10623-024-01519-2","DOIUrl":"https://doi.org/10.1007/s10623-024-01519-2","url":null,"abstract":"<p>In this article we prove Griesmer type bounds for additive codes over finite fields. These new bounds give upper bounds on the length of maximum distance separable (MDS) codes, codes which attain the Singleton bound. We will also consider codes to be MDS if they attain the fractional Singleton bound, due to Huffman. We prove that this bound in the fractional case can be obtained by codes whose length surpasses the length of the longest known codes in the integral case. For small parameters, we provide exhaustive computational results for additive MDS codes, by classifying the corresponding (fractional) subspace-arcs. This includes a complete classification of fractional additive MDS codes of size 243 over the field of order 9.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"68 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142566117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Simple vs. vectorial: exploiting structural symmetry to beat the ZeroSum distinguisher","authors":"Sahiba Suryawanshi, Shibam Ghosh, Dhiman Saha, Prathamesh Ram","doi":"10.1007/s10623-024-01502-x","DOIUrl":"https://doi.org/10.1007/s10623-024-01502-x","url":null,"abstract":"<p>Higher order differential properties constitute a very insightful tool at the hands of a cryptanalyst allowing for probing a cryptographic primitive from an algebraic perspective. In FSE 2017, Saha et al. reported <span>SymSum</span> (referred to as <span>(textsf {SymSum}_textsf {Vec})</span> in this paper), a new distinguisher based on higher order <i>vectorial</i> Boolean derivatives of <span>SHA-3</span>, constituting one of the best distinguishers on the latest cryptographic hash standard. <span>(textsf {SymSum}_textsf {Vec})</span> exploits the difference in the algebraic degree of highest degree monomials in the algebraic normal form of <span>SHA-3</span> with regards to their dependence on round constants. Later in AFRICACRYPT 2020, Suryawanshi et al. extended <span>(textsf {SymSum}_textsf {Vec})</span> using linearization techniques and in SSS 2023 also applied it to <span>NIST-LWC</span> finalist <span>Xoodyak</span>. However, a major limitation of <span>(textsf {SymSum}_textsf {Vec})</span> is the maximum attainable derivative (<span>MAD</span>) of the polynomial representation, which is <i>less than half</i> of the widely studied <span>ZeroSum</span> distinguisher. This is attributed to <span>(textsf {SymSum}_textsf {Vec})</span> being dependent on <i>k</i>-fold <i>vectorial</i> derivatives while <span>ZeroSum</span> relies on <i>k</i>-fold <i>simple</i> derivatives. In this work we overcome this limitation of <span>(textsf {SymSum}_textsf {Vec})</span> by developing and validating the theory of computing <span>(textsf {SymSum}_textsf {Vec})</span> with simple derivatives. This gives us a close to <span>(100%)</span> improvement in the <span>MAD</span> that can be computed. The new distinguisher reported in this work can also be combined with 1/2-round linearization to penetrate more rounds. Moreover, we identify an issue with the 2-round linearization claim made by Suryawanshi et al. which renders it invalid and also furnishes an algebraic fix at the cost of some additional constraints. Combining all the results we report <span>(textsf {SymSum}_textsf {Sim})</span>, a new variant of the <span>(textsf {SymSum}_textsf {Vec})</span> distinguisher based on <i>k</i>-fold <i>simple</i> derivatives that outperforms <span>ZeroSum</span> by a factor of <span>(2^{257}, 2^{129})</span> for <span>( 10- )</span>round <span>SHA3-384</span> and 9-round <span>SHA3-512</span> respectively while enjoying the same <span>MAD</span> as <span>ZeroSum</span>. For every other <span>SHA-3</span> variant, <span>(textsf {SymSum}_textsf {Sim})</span> maintains an advantage of factor 2 over the <span>ZeroSum</span>. Combined with 1/2-round linearization, <span>(textsf {SymSum}_textsf {Sim})</span> improves upon all existing <span>ZeroSum</span> and <span>(textsf {SymSum}_textsf {Vec})</span> distinguishers on both <span>SHA-3</span> and <span>Xoodyak</span>. As regards <span>Keccak</span> <span>(-p)</span>, the internal permutation of <span>SHA-3</span>, we re","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"17 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142563294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Association schemes and orthogonality graphs on anisotropic points of polar spaces","authors":"Sam Adriaensen, Maarten De Boeck","doi":"10.1007/s10623-024-01514-7","DOIUrl":"https://doi.org/10.1007/s10623-024-01514-7","url":null,"abstract":"<p>In this paper, we study association schemes on the anisotropic points of classical polar spaces. Our main result concerns non-degenerate elliptic and hyperbolic quadrics in <span>({{,textrm{PG},}}(n,q))</span> with <i>q</i> odd. We define relations on the anisotropic points of such a quadric that depend on the type of line spanned by the points and whether or not they are of the same “quadratic type”. This yields an imprimitive 5-class association scheme. We calculate the matrices of eigenvalues and dual eigenvalues of this scheme. We also use this result, together with similar results from the literature concerning other classical polar spaces, to exactly calculate the spectrum of orthogonality graphs on the anisotropic points of non-degenerate quadrics in odd characteristic and of non-degenerate Hermitian varieties. As a byproduct, we obtain a 3-class association scheme on the anisotropic points of non-degenerate Hermitian varieties, where the relation containing two points depends on the type of line spanned by these points, and whether or not they are orthogonal.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"48 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142489404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Algebraic hierarchical locally recoverable codes with nested affine subspace recovery","authors":"Kathryn Haymaker, Beth Malmskog, Gretchen Matthews","doi":"10.1007/s10623-024-01510-x","DOIUrl":"https://doi.org/10.1007/s10623-024-01510-x","url":null,"abstract":"<p>Codes with locality, also known as locally recoverable codes, allow for recovery of erasures using proper subsets of other coordinates. These subsets are typically of small cardinality to promote recovery using limited network traffic and other resources. Hierarchical locally recoverable codes allow for recovery of erasures using sets of other symbols whose sizes increase as needed to allow for recovery of more symbols. In this paper, we describe a hierarchical recovery structure arising from geometry in Reed–Muller codes and codes with availability from fiber products of curves. We demonstrate how the fiber product hierarchical codes can be viewed as punctured subcodes of Reed–Muller codes, uniting the two constructions. This point of view provides natural structures for local recovery with availability at each level in the hierarchy.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"92 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2024-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142489402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}