Xiaoli Dong, Jun Liu, Yongzhuang Wei, Wen Gao, Jie Chen
{"title":"Meet-in-the-middle attacks on AES with value constraints","authors":"Xiaoli Dong, Jun Liu, Yongzhuang Wei, Wen Gao, Jie Chen","doi":"10.1007/s10623-024-01396-9","DOIUrl":"https://doi.org/10.1007/s10623-024-01396-9","url":null,"abstract":"<p>In meet-in-the-middle (MITM) attacks, the sizes of the precomputation tables determine the effectiveness. In this paper, value constraints are presented to reduce the size of the precomputation table in MITM attacks on AES. Based on a differential property of linear combinations of multiple S-boxes, value constraints related to input or output in four and five rounds of AES are explored. Meanwhile, with these value constraints, a method of setting up non-linear equations is proposed to reduce the sizes of the precomputation tables by decreasing the number of byte parameters. Compared with the existing results, their sizes can be reduced by <span>(2^8)</span>, <span>(2^{16})</span>, or <span>(2^{24})</span>. Finally, some attacks are improved with lower time and memory complexities.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140607893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Fast decoding of lifted interleaved linearized Reed–Solomon codes for multishot network coding","authors":"Hannes Bartz, Sven Puchinger","doi":"10.1007/s10623-024-01393-y","DOIUrl":"https://doi.org/10.1007/s10623-024-01393-y","url":null,"abstract":"<p>Martínez-Peñas and Kschischang (IEEE Trans. Inf. Theory 65(8):4785–4803, 2019) proposed lifted linearized Reed–Solomon codes as suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed–Solomon (LILRS) codes. Compared to the construction by Martínez-Peñas–Kschischang, interleaving allows to increase the decoding region significantly and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. We propose two decoding schemes for LILRS that are both capable of correcting insertions and deletions beyond half the minimum distance of the code by either allowing a list or a small decoding failure probability. We propose a probabilistic unique Loidreau–Overbeck-like decoder for LILRS codes and an efficient interpolation-based decoding scheme that can be either used as a list decoder (with exponential worst-case list size) or as a probabilistic unique decoder. We derive upper bounds on the decoding failure probability of the probabilistic-unique decoders which show that the decoding failure probability is very small for most channel realizations up to the maximal decoding radius. The tightness of the bounds is verified by Monte Carlo simulations.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140557132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Constructing linked systems of relative difference sets via Schur rings","authors":"Mikhail Muzychuk, Grigory Ryabov","doi":"10.1007/s10623-024-01406-w","DOIUrl":"https://doi.org/10.1007/s10623-024-01406-w","url":null,"abstract":"<p>In the present paper, we study relative difference sets (RDSs) and linked systems of them. It is shown that a closed linked system of RDSs is always graded by a group. Based on this result, we also define a product of RDS linked systems sharing the same grading group. Further, we generalize the Davis-Polhill-Smith construction of a linked system of RDSs. Finally, we construct new linked system of RDSs in a Heisenberg group over a finite field and family of RDSs in an extraspecial <i>p</i>-group of exponent <span>(p^2)</span>. All constructions of new RDSs and their linked systems make usage of cyclotomic Schur rings.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140557199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Symmetric 2-adic complexity of Tang–Gong interleaved sequences from generalized GMW sequence pair","authors":"Bo Yang, Kangkang He, Xiangyong Zeng, Zibi Xiao","doi":"10.1007/s10623-024-01399-6","DOIUrl":"https://doi.org/10.1007/s10623-024-01399-6","url":null,"abstract":"<p>Tang–Gong interleaved sequences constructed from the generalized GMW sequence pair are a class of binary sequences with optimal autocorrelation magnitude. In this paper, the symmetric 2-adic complexity of these sequences is investigated. We first derive a lower bound on their 2-adic complexity by extending the method proposed by Hu. Then, by analysing the algebraic structure of these sequences, a lower bound on their symmetric 2-adic complexity is obtained. Our result shows that the symmetric 2-adic complexity of these sequences is large enough to resist attacks with the rational approximation algorithm.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140557080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Lengths of divisible codes: the missing cases","authors":"Sascha Kurz","doi":"10.1007/s10623-024-01398-7","DOIUrl":"https://doi.org/10.1007/s10623-024-01398-7","url":null,"abstract":"<p>A linear code <i>C</i> over <span>({mathbb {F}}_q)</span> is called <span>(Delta )</span>-divisible if the Hamming weights <span>({text {wt}}(c))</span> of all codewords <span>(c in C)</span> are divisible by <span>(Delta )</span>. The possible effective lengths of <span>(q^r)</span>-divisible codes have been completely characterized for each prime power <i>q</i> and each non-negative integer <i>r</i> in Kiermaier and Kurz (IEEE Trans Inf Theory 66(7):4051–4060, 2020). The study of <span>(Delta )</span>-divisible codes was initiated by Harold Ward (Archiv der Mathematik 36(1):485–494, 1981). If <i>t</i> divides <span>(Delta )</span> but is coprime to <i>q</i>, then each <span>(Delta )</span>-divisible code <i>C</i> over <span>({mathbb {F}}_q)</span> is the <i>t</i>-fold repetition of a <span>(Delta /t)</span>-divisible code. Here we determine the possible effective lengths of <span>(p^r)</span>-divisible codes over finite fields of characteristic <i>p</i>, where <span>(rin {mathbb {N}})</span> but <span>(p^r)</span> is not a power of the field size, i.e., the missing cases.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140551869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"New constructions of signed difference sets","authors":"Zhiwen He, Tingting Chen, Gennian Ge","doi":"10.1007/s10623-024-01389-8","DOIUrl":"https://doi.org/10.1007/s10623-024-01389-8","url":null,"abstract":"<p>Signed difference sets have interesting applications in communications and coding theory. A <span>((v,k,lambda ))</span>-difference set in a finite group <i>G</i> of order <i>v</i> is a subset <i>D</i> of <i>G</i> with <i>k</i> distinct elements such that the expressions <span>(xy^{-1})</span> for all distinct two elements <span>(x,yin D)</span>, represent each non-identity element in <i>G</i> exactly <span>(lambda )</span> times. A <span>((v,k,lambda ))</span>-signed difference set is a generalization of a <span>((v,k,lambda ))</span>-difference set <i>D</i>, which satisfies all properties of <i>D</i>, but has a sign for each element in <i>D</i>. We will show some new existence results for signed difference sets by using partial difference sets, product methods, and cyclotomic classes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140541690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Algebraic properties of the maps $$chi _n$$","authors":"Jan Schoone, Joan Daemen","doi":"10.1007/s10623-024-01395-w","DOIUrl":"https://doi.org/10.1007/s10623-024-01395-w","url":null,"abstract":"<p>The Boolean map <span>(chi _n :mathbb {F}_2^n rightarrow mathbb {F}_2^n, x mapsto y)</span> defined by <span>(y_i = x_i + (x_{i+1}+1)x_{i+2})</span> (where <span>(iin mathbb {Z}/nmathbb {Z})</span>) is used in various permutations that are part of cryptographic schemes, e.g., <span>Keccak</span>-f (the SHA-3-permutation), ASCON (the winner of the NIST Lightweight competition), Xoodoo, Rasta and Subterranean (2.0). In this paper, we study various algebraic properties of this map. We consider <span>(chi _n)</span> (through vectorial isomorphism) as a univariate polynomial. We show that it is a power function if and only if <span>(n=1,3)</span>. We furthermore compute bounds on the sparsity and degree of these univariate polynomials, and the number of different univariate representations. Secondly, we compute the number of monomials of given degree in the inverse of <span>(chi _n)</span> (if it exists). This number coincides with binomial coefficients. Lastly, we consider <span>(chi _n)</span> as a polynomial map, to study whether the same rule (<span>(y_i = x_i + (x_{i+1}+1)x_{i+2})</span>) gives a bijection on field extensions of <span>(mathbb {F}_2)</span>. We show that this is not the case for extensions whose degree is divisible by two or three. Based on these results, we conjecture that this rule does not give a bijection on any extension field of <span>(mathbb {F}_2)</span>.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140541719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Jacobi polynomials for the first-order generalized Reed–Muller codes","authors":"Ryosuke Yamaguchi","doi":"10.1007/s10623-024-01392-z","DOIUrl":"https://doi.org/10.1007/s10623-024-01392-z","url":null,"abstract":"<p>In this paper, we give the Jacobi polynomials for first-order generalized Reed–Muller codes. We show as a corollary the nonexistence of combinatorial 3-designs in these codes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140538679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Anonymous attribute-based broadcast encryption with hidden multiple access structures","authors":"Tran Viet Xuan Phuong","doi":"10.1007/s10623-024-01373-2","DOIUrl":"https://doi.org/10.1007/s10623-024-01373-2","url":null,"abstract":"<p>Due to the high demands of data communication, the broadcasting system streams the data daily. This service not only sends out the message to the correct participant but also respects the security of the identity user. In addition, when delivered, all the information must be protected for the party who employs the broadcasting service. Currently, Attribute-Based Broadcast Encryption (ABBE) is useful to apply for the broadcasting service. (ABBE) is a combination of Attribute-Based Encryption (ABE) and Broadcast Encryption (BE), which allows a broadcaster (or encrypter) to broadcast an encrypted message, including a predefined user set and specified access policy to install the authorization mechanism. It is desirable to hide all the information when producing in the ciphertext, which has not been considered in the previous works of ABBE. Motivated by the above issue, we devise a solution to achieve anonymity for the ABBE scheme, which not only hides the access structures but also anonymizes the user’s identity. In this work, we propose two schemes as Anonymous Key Policy (AKP)-ABBE and Anonymous Ciphertext Policy (ACP)-ABBE with supporting multiple access structures by using <span>(textsf {OR}/textsf {AND})</span> gates. Specifically, we present the generic constructions of AKP/ACP-ABBE on the building block of the Inner Product Encryption (<span>(textsf {IPE})</span>), which enables the hidden user’s identity and complex <span>(textsf {OR}/textsf {AND})</span>-Gate access structure. We show that our proposed schemes are secured under the standard models.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140533966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Daniele Bartoli, Nicola Durante, Giovanni Giuseppe Grimaldi
{"title":"Ovoids of Q(6, q) of low degree","authors":"Daniele Bartoli, Nicola Durante, Giovanni Giuseppe Grimaldi","doi":"10.1007/s10623-024-01388-9","DOIUrl":"https://doi.org/10.1007/s10623-024-01388-9","url":null,"abstract":"<p>Ovoids of the parabolic quadric <i>Q</i>(6, <i>q</i>) of <span>(textrm{PG}(6,q))</span> have been largely studied in the last 40 years. They can only occur if <i>q</i> is an odd prime power and there are two known families of ovoids of <i>Q</i>(6, <i>q</i>), the Thas-Kantor ovoids and the Ree-Tits ovoids, both for <i>q</i> a power of 3. It is well known that to any ovoid of <i>Q</i>(6, <i>q</i>) two polynomials <span>(f_1(X,Y,Z))</span>, <span>(f_2(X,Y,Z))</span> can be associated. In this paper we classify ovoids of <i>Q</i>(6, <i>q</i>) with <span>(max {deg (f_1),deg (f_2)}<(frac{1}{6.3}q)^{frac{3}{13}}-1)</span>.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140533964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}