{"title":"Understanding the new distinguisher of alternant codes at degree 2","authors":"Axel Lemoine, Rocco Mora, Jean-Pierre Tillich","doi":"10.1007/s10623-025-01626-8","DOIUrl":"https://doi.org/10.1007/s10623-025-01626-8","url":null,"abstract":"<p>Distinguishing Goppa codes or alternant codes from generic linear codes (Faugère et al. in Proceedings of the IEEE Information Theory Workshop—ITW 2011, Paraty, Brasil, October 2011, pp. 282–286, 2011) has been shown to be a first step before being able to attack McEliece cryptosystem based on those codes (Bardet et al. in IEEE Trans Inf Theory 70(6):4492–4511, 2024). Whereas the distinguisher of Faugère et al. (2011) is only able to distinguish Goppa codes or alternant codes of rate very close to 1, in Couvreur et al. (in: Guo and Steinfeld (eds) Advances in Cryptology—ASIACRYPT 2023—29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, December 4–8, 2023, Proceedings, Part IV, Volume 14441 of LNCS, pp. 3–38, Springer, 2023) a much more powerful (and more general) distinguisher was proposed. It is based on computing the Hilbert series <span>({{{,textrm{HF},}}(d),;d in mathbb {N}})</span> of a Pfaffian modeling. The distinguisher of Faugère et al. (2011) can be interpreted as computing <span>({{,textrm{HF},}}(1))</span>. Computing <span>({{,textrm{HF},}}(2))</span> still gives a polynomial time distinguisher for alternant or Goppa codes and is apparently able to distinguish Goppa or alternant codes in a much broader regime of rates as the one of Faugère et al. (2011). However, the scope of this distinguisher was unclear. We give here a formula for <span>({{,textrm{HF},}}(2))</span> corresponding to generic alternant codes when the field size <i>q</i> satisfies <span>(q geqslant r)</span>, where <i>r</i> is the degree of the alternant code. We also show that this expression for <span>({{,textrm{HF},}}(2))</span> provides a lower bound in general. The value of <span>({{,textrm{HF},}}(2))</span> corresponding to random linear codes is known and this yields a precise description of the new regime of rates that can be distinguished by this new method. This shows that the new distinguisher improves significantly upon the one given in Faugère et al. (2011).</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"17 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143849751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"New upper bounds for wide-sense frameproof codes","authors":"Chengyu Sun, Xin Wang","doi":"10.1007/s10623-025-01631-x","DOIUrl":"https://doi.org/10.1007/s10623-025-01631-x","url":null,"abstract":"<p>Frameproof codes are used to fingerprint digital data. It can prevent copyrighted materials from unauthorized use. To determine the maximum size of the frameproof codes is a crucial problem in this research area. In this paper, we study the upper bounds for frameproof codes under Boneh-Shaw descendant (wide-sense descendant). First, we give new upper bounds for wide-sense 2-frameproof codes to improve the known results. Then we take the alphabet size into consideration and answer an open question in this area. Finally, we improve the general upper bounds for wide-sense <i>t</i>-frameproof codes.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"28 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143849750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Altan B. Kılıç, Anne Nijsten, Ruud Pellikaan, Alberto Ravagnani
{"title":"Knot theory and error-correcting codes","authors":"Altan B. Kılıç, Anne Nijsten, Ruud Pellikaan, Alberto Ravagnani","doi":"10.1007/s10623-025-01615-x","DOIUrl":"https://doi.org/10.1007/s10623-025-01615-x","url":null,"abstract":"<p>This paper builds a novel bridge between algebraic coding theory and mathematical knot theory, with applications in both directions. We give methods to construct error-correcting codes starting from the colorings of a knot, describing through a series of results how the properties of the knot translate into code parameters. We show that knots can be used to obtain error-correcting codes with prescribed parameters and an efficient decoding algorithm.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"10 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143849749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Utilizing two subfields to accelerate individual logarithm computation in extended tower number field sieve","authors":"Yuqing Zhu, Chang Lv, Jiqiang Liu","doi":"10.1007/s10623-025-01590-3","DOIUrl":"https://doi.org/10.1007/s10623-025-01590-3","url":null,"abstract":"<p>The hardness of discrete logarithm problem (DLP) over finite fields forms the security foundation of many cryptographic schemes. When the characteristic is not small, the state-of-the-art algorithms for solving the DLP are the number field sieve (NFS) and its variants. NFS first computes the logarithms of the factor base, which consists of elements of small norms. Then, for a target element, its logarithm is calculated by establishing a relation with the factor base. Although computing the factor-base elements is the most time-consuming part of NFS, it can be performed only once and treated as pre-computation for a fixed finite field when multiple logarithms need to be computed. In this paper, we present a method for accelerating individual logarithm computation by utilizing two subfields. We focus on the case where the extension degree of the finite field is a multiple of 6 within the extended tower number field sieve framework. Our method allows for the construction of an element with a lower degree, while maintaining the same coefficient bound compared to Guillevic’s method, which uses only one subfield. Consequently, the element derived from our approach enjoys a smaller norm, which will improve the efficiency in individual logarithm computation.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"26 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143819557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The geometry of covering codes in the sum–rank metric","authors":"Matteo Bonini, Martino Borello, Eimear Byrne","doi":"10.1007/s10623-025-01628-6","DOIUrl":"https://doi.org/10.1007/s10623-025-01628-6","url":null,"abstract":"<p>We introduce the concept of a sum–rank saturating system and outline its correspondence to covering properties of a sum–rank metric code. We consider the problem of determining the shortest length of a sum–rank-<span>(rho )</span>-saturating system of a fixed dimension, which is equivalent to the covering problem in the sum–rank metric. We obtain upper and lower bounds on this quantity. We also give constructions of saturating systems arising from geometrical structures.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"74 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143805904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Joonas Ahola, Iván Blanco-Chacón, Wilmar Bolaños, Antti Haavikko, Camilla Hollanti, Rodrigo M. Sánchez-Ledesma
{"title":"Fast multiplication and the PLWE–RLWE equivalence for an infinite family of maximal real subfields of cyclotomic fields","authors":"Joonas Ahola, Iván Blanco-Chacón, Wilmar Bolaños, Antti Haavikko, Camilla Hollanti, Rodrigo M. Sánchez-Ledesma","doi":"10.1007/s10623-025-01601-3","DOIUrl":"https://doi.org/10.1007/s10623-025-01601-3","url":null,"abstract":"<p>We prove the equivalence between the Ring Learning With Errors (RLWE) and the Polynomial Learning With Errors (PLWE) problems for the maximal totally real subfield of the <span>(2^r 3^s)</span>th cyclotomic field for <span>(r ge 3)</span> and <span>(s ge 1)</span>. Moreover, we describe a fast algorithm for computing the product of two elements in the ring of integers of these subfields. This multiplication algorithm has quasilinear complexity in the dimension of the field, as it makes use of the fast Discrete Cosine Transform (DCT). Our approach assumes that the two input polynomials are given in a basis of Chebyshev-like polynomials, in contrast to the customary power basis. To validate this assumption, we prove that the change of basis from the power basis to the Chebyshev-like basis can be computed with <span>({mathcal {O}}(n log n))</span> arithmetic operations, where <i>n</i> is the problem dimension. Finally, we provide a heuristic and theoretical comparison of the vulnerability to some attacks for the <i>p</i>th cyclotomic field versus the maximal totally real subextension of the 4<i>p</i>th cyclotomic field for a reasonable set of parameters of cryptographic size.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"74 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Constructions of binary cyclic codes with minimum weights exceeding the square-root lower bound","authors":"Hai Liu, Chunyu Gan, Chengju Li, Xueying Shi","doi":"10.1007/s10623-025-01621-z","DOIUrl":"https://doi.org/10.1007/s10623-025-01621-z","url":null,"abstract":"<p>Cyclic codes are an interesting type of linear codes and have wide applications in communication and storage systems due to their efficient encoding and decoding algorithms. Constructing binary cyclic codes with parameters <span>([n, frac{n+1}{2}, d ge sqrt{n}])</span> is an interesting topic in coding theory, as their minimum distances have a square-root bound. Let <span>(n=2^lambda -1)</span>, where <span>(lambda )</span> has three forms: <span>(p^2, p_1p_2, 2p_2)</span> for odd primes <span>(p, p_1, p_2)</span>. In this paper, we mainly construct several classes of binary cyclic codes with parameters <span>([2^lambda -1, k ge 2^{lambda -1}, d ge sqrt{n}])</span>. Specifically, the binary cyclic codes <span>({mathcal {C}}_{(1, p^2)})</span>, <span>({mathcal {C}}_{(1, 2p_2)})</span>, <span>({mathcal {C}}_{(2, 2p_2)})</span>, and <span>({mathcal {C}}_{(1, p_1p_2)})</span> have minimum distance <span>(d ge sqrt{n})</span> though their dimensions satisfy <span>(k > frac{n+1}{2})</span>. Moreover, two classes of binary cyclic codes <span>({mathcal {C}}_{(2, p^2)})</span> and <span>({mathcal {C}}_{(2, p_1p_2)})</span> with dimension <span>(k= frac{n+1}{2})</span> and minimum distance <i>d</i> much exceeding the square-root bound are presented, which extends the results given by Sun, Li, and Ding [30]. In fact, the rate of these two classes of binary cyclic codes are around <span>(frac{1}{2})</span> and the lower bounds on their minimum distances are close to <span>(frac{n}{log _2 n})</span>. In addition, their extended codes are also investigated.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"21 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Quantum codes and irreducible products of characters","authors":"Eric Kubischta, Ian Teixeira","doi":"10.1007/s10623-025-01599-8","DOIUrl":"https://doi.org/10.1007/s10623-025-01599-8","url":null,"abstract":"<p>In a recent paper, we defined a type of weighted unitary design called a twisted unitary 1-group and showed that such a design automatically induced error-detecting quantum codes. We also showed that twisted unitary 1-groups correspond to irreducible products of characters thereby reducing the problem of code-finding to a computation in the character theory of finite groups. Using a combination of GAP computations and results from the mathematics literature on irreducible products of characters, we identify many new non-trivial quantum codes with unusual transversal gates. Transversal gates are of significant interest to the quantum information community for their central role in fault tolerant quantum computing. Most unitary <span>(text {t})</span>-designs have never been realized as the transversal gate group of a quantum code. We, for the first time, find nontrivial quantum codes realizing nearly every finite group which is a unitary 2-design or better as the transversal gate group of some error-detecting quantum code.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"72 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143784818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Giacomo Micheli, Vincenzo Pallozzi Lavorante, Abhi Shukul, Noah Smith
{"title":"Constructions of locally recoverable codes with large availability","authors":"Giacomo Micheli, Vincenzo Pallozzi Lavorante, Abhi Shukul, Noah Smith","doi":"10.1007/s10623-025-01624-w","DOIUrl":"https://doi.org/10.1007/s10623-025-01624-w","url":null,"abstract":"<p>Let <i>p</i> be a prime number, <i>m</i> be a positive integer, and <span>(q=p^m)</span>. For any fixed locality <i>r</i> such that <span>(pnot mid r(r+1))</span>, we construct infinite families of locally recoverable codes with availabilty of nodes lower bounded by <span>(q/r!+O(sqrt{q}))</span> and number of locality sets equal to <span>(q^2/(r+1)!+O(q^{3/2}))</span>.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"34 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143784812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A new method for erasure decoding of convolutional codes","authors":"Julia Lieb, Raquel Pinto, Carlos Vela","doi":"10.1007/s10623-025-01623-x","DOIUrl":"https://doi.org/10.1007/s10623-025-01623-x","url":null,"abstract":"<p>In this paper, we propose a new erasure decoding algorithm for convolutional codes using the generator matrix. This implies that our decoding method also applies to catastrophic convolutional codes in opposite to the classic approach using the parity-check matrix. We compare the performance of both decoding algorithms. Moreover, we enlarge the family of optimal convolutional codes (complete-MDP) based on the generator matrix.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"17 1","pages":""},"PeriodicalIF":1.6,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143766850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}