Designs, Codes and Cryptography最新文献

{"title":"Investigation of the permutation and linear codes from the Welch APN function","authors":"Tor Helleseth, Chunlei Li, Yongbo Xia","doi":"10.1007/s10623-024-01461-3","DOIUrl":"https://doi.org/10.1007/s10623-024-01461-3","url":null,"abstract":"<p>Dobbertin in 1999 proved that the Welch power function <span>(x^{2^m+3})</span> was almost perferct nonlinear (APN) over the finite field <span>(mathbb {F}_{2^{2m+1}})</span>, where <i>m</i> is a positive integer. In his proof, Dobbertin showed that the APNness of <span>(x^{2^m+3})</span> essentially relied on the bijectivity of the polynomial <span>(g(x)=x^{2^{m+1}+1}+x^3+x)</span> over <span>(mathbb {F}_{2^{2m+1}})</span>. In this paper, we first determine the differential and Walsh spectra of the permutation polynomial <i>g</i>(<i>x</i>), revealing its favourable cryptograhphic properties. We then explore four families of binary linear codes related to the Welch APN power functions. For two cyclic codes among them, we propose algebraic decoding algorithms that significantly outperform existing methods in terms of decoding complexity.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141768460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Utilizing FWT in linear cryptanalysis of block ciphers with various structures","authors":"Yin Lv, Danping Shi, Lei Hu, Yi Guo","doi":"10.1007/s10623-024-01458-y","DOIUrl":"https://doi.org/10.1007/s10623-024-01458-y","url":null,"abstract":"<p>Linear cryptanalysis is one of the most classical cryptanalysis methods for block ciphers. Some critical techniques of the key-recovery phase are developed for enhancing linear cryptanalysis. Collard et al. improved the time complexity for last-round key-recovery attacks by using FWT. A generalized key-recovery algorithm for an arbitrary number of rounds with an associated time complexity formula is further provided by Flórez-Gutiérrez and Naya-Plasencia based on FWT in Eurocrypt 2020. However, the previous generalized algorithms are mainly applied to block ciphers with SPN structures, where the round-keys in the first and last round XORed to the state can be easily defined as <i>outer keys</i>. In Asiacrypt 2021, Leurent et al. applied the algorithm by Flórez-Gutiérrez et al. to Feistel structure ciphers. However, for other structures, such as NLFSR-based, the <i>outer keys</i> can not be directly deduced to utilize the previous algorithms. This paper extends the algorithm by Flórez-Gutiérrez et al. for more complicated structures, including but not limited to NLFSR-based, Feistel, ARX, and SPN. We also use the dependency relationships between ciphertext, plaintext and key information bits to eliminate the redundancy calculation and the improve analysis phase. We apply the algorithm with the improved analysis phase to KATAN (NLFSR-based) and SPARX (ARX). We obtain significantly improved results. The linear results we find for SPARX-128/128 beat other cryptanalytic techniques, becoming the best key recovery attacks on this cipher. The previous best linear attacks on KATAN32, KATAN48 and KATAN64 are improved by 9, 4, and 14 rounds, respectively.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141755204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Two new constructions of cyclic subspace codes via Sidon spaces","authors":"Shuhui Yu, Lijun Ji","doi":"10.1007/s10623-024-01466-y","DOIUrl":"https://doi.org/10.1007/s10623-024-01466-y","url":null,"abstract":"<p>A subspace of a finite field is called a Sidon space if the product of any two of its nonzero elements is unique up to a scalar multiplier from the base field. Sidon spaces, introduced by Roth et al. in (IEEE Trans Inf Theory 64(6):4412–4422, 2018), have a close connection with optimal full-length orbit codes. In this paper, we will construct several families of large cyclic subspace codes based on the two kinds of Sidon spaces. These new codes have more codewords than the previous constructions in the literature without reducing minimum distance. In particular, in the case of <span>(n=4k)</span>, the size of our resulting code is within a factor of <span>(frac{1}{2}+o_{k}(1))</span> of the sphere-packing bound as <i>k</i> goes to infinity.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141755192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MDS array codes with efficient repair and small sub-packetization level","authors":"Lei Li, Xinchun Yu, Chenhao Ying, Liang Chen, Yuanyuan Dong, Yuan Luo","doi":"10.1007/s10623-024-01440-8","DOIUrl":"https://doi.org/10.1007/s10623-024-01440-8","url":null,"abstract":"<p>Modern data centers use erasure codes to provide high storage efficiency and fault tolerance. Reed–Solomon code is commonly deployed in large-scale distributed storage systems due to its ease of implementation, but it consumes massive bandwidth during node repair. Minimum storage regenerating (MSR) codes is a class of maximum distance separable (MDS) codes that achieve the lower bound on repair bandwidth. However, an exponential sub-packetization level is inevitable for MSR codes, resulting in massive disk I/O consumption during node repair. Disk I/O is becoming the bottleneck of the performance in data centers where the storage system needs to frequently provide high-speed data access to clients. In this paper, we consider disk I/O as an important metric to evaluate the performance of a code and construct MDS array codes with efficient repair under small sub-packetization level. Specifically, two explicit families of MDS codes with efficient repair are proposed at the sub-packetization level of <span>({mathcal {O}}(r))</span>, where <i>r</i> denotes the number of parities. The first family of codes are constructed over a finite field <span>({mathbb {F}}_{q^m})</span> where <span>(q ge n)</span> is a prime power, <span>(m &gt; r(l-1) +1)</span>, <i>n</i> and <i>l</i> denote the code length and sub-packetization level, respectively. The second family of codes are built upon a special binary polynomial ring where the computation operations during node repair and file reconstruction are only XORs and cyclic shifts, avoiding complex multiplications and divisions over large finite fields.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141755084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security analysis of P-SPN schemes against invariant subspace attack with inactive S-boxes","authors":"Bolin Wang, Wenling Wu","doi":"10.1007/s10623-024-01465-z","DOIUrl":"https://doi.org/10.1007/s10623-024-01465-z","url":null,"abstract":"<p>The security requirements of new applications such as cloud computing, big data, and the Internet of Things have promoted the development and application of security protocols such as secure multi-party computation, fully homomorphic encryption, and zero-knowledge proof. In order to meet these demands, there is a need for new symmetric ciphers that minimize multiplications in <span>( {mathbb {F}}_{2^{n}} )</span> or <span>( {mathbb {F}}_{p} )</span>, where <i>p</i> is prime. One construction that addresses this demand is Partial SPN (P-SPN) construction, where the S-box layer is only applied to a portion of the state in each round. And there have been several research on the construction over the past years. The key to the design of P-SPN construction lies in the linear layers, but systematic exploration in this direction has been lacking in the existing work. In this work, we first establish a lower bound on the dimension of the maximal invariant subspace without active S-boxes for a generic P-SPN scheme. Subsequently, we concentrate on the linear layers of P-SPN construction. Through a meticulous examination of intriguing and beneficial characteristics for various matrices, we showcase that the security of a P-SPN scheme against invariant subspace attack depends on the degree of the minimal polynomial of the matrix. Inadequate choices of the matrices allow for large invariant subspaces that navigate any number of rounds without activating any S-boxes. A comprehensive proof for the Conjecture 1 proposed by Keller and Rosemarin is presented, which not only further improves the lower bound on the dimension of the maximal invariant subspace for the P-SPN rounds of STARKAD permutation, but also implies a lower bound on the dimension of the maximal invariant subspace for block matrices with special blocks. For a block circulant matrix with special blocks, a better annihilating polynomial exists and a lower bound on the dimension of the maximal invariant subspace can be identified. For circulant matrices and block circulant matrices with circulant blocks, we introduce methods to ascertain the range or exact value of the minimal polynomial degree. This determination advances the exploration of the invariant subspaces in these matrices. Especially if the number of S-Boxes in a P-SPN scheme is 1, we can attain the exact value of the dimension for the maximal invariant subspace. All the cases discussed here are invariant subspaces with inactive S-boxes. Our work intends to provide concise cryptanalytic methods for new proposals following P-SPN or HADES design principles. In addition, we derive a way to make sure that a circulant matrix <i>C</i> is resistant to invariant subspace attack with inactive S-boxes, thus providing design criteria for the construction of such matrices in the design of P-SPN schemes.\u0000</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141732689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A class of functions and their application in constructing semisymmetric designs","authors":"Robert S. Coulter, Bradley Fain","doi":"10.1007/s10623-024-01455-1","DOIUrl":"https://doi.org/10.1007/s10623-024-01455-1","url":null,"abstract":"<p>We introduce the notion of a semiplanar function of index <span>(lambda )</span>, generalising several previous concepts. We show how semiplanar functions can be used to construct semisymmetric designs using an incidence structure determined by the function. Issues regarding the connectivity of the structure are then considered. The question of existence is addressed by establishing monomial examples over finite fields, and we examine how composition with linearized polynomials can lead to further classes of examples. We end by returning to the incidence structure and considering maximal intersection sets when the incidence structure is constructed using a particular class of functions.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141730630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"eSTARK: extending STARKs with arguments","authors":"Héctor Masip-Ardevol, Jordi Baylina-Melé, Marc Guzmán-Albiol, Jose Luis Muñoz-Tapia","doi":"10.1007/s10623-024-01457-z","DOIUrl":"https://doi.org/10.1007/s10623-024-01457-z","url":null,"abstract":"<p>STARK is a widely used transparent proof system that uses low-degree tests for proving the correctness of a computer program. STARK consumes an intermediate representation known as AIR that is more appropriate for programs with a relatively short and structured description. However, an AIR is not able to succinctly express non-equality constraints, leading to the incorporation of unwanted polynomials. We present the eSTARK protocol, a new probabilistic proof that generalizes the STARK family through the introduction of a more generic intermediate representation called eAIR. We describe eSTARK in the polynomial IOP model, which combines the optimized version of the STARK protocol with the incorporation of three arguments into the protocol. We also explain various techniques that enhance the vanilla STARK complexity, including optimizations applied to polynomial computations, and analyze the tradeoffs between controlling the constraint degree either at the representation of the AIR or inside the eSTARK itself.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141730628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"New and improved formally self-dual codes with small hulls from polynomial four Toeplitz codes","authors":"Yang Li, Shitao Li, Shixin Zhu","doi":"10.1007/s10623-024-01460-4","DOIUrl":"https://doi.org/10.1007/s10623-024-01460-4","url":null,"abstract":"<p>Formally self-dual (FSD) codes and linear codes with small Euclidean (resp. Hermitian) hulls have recently attracted a lot of attention due to their theoretical and practical importance. However, there has been not much attention on FSD codes with small hulls. In this paper, we introduce two kinds of polynomial four Toeplitz codes and prove that they must be FSD. We characterize the linear complementary dual (LCD) properties and one-dimensional hull properties of such codes with respect to the Euclidean and Hermitian inner products. Using these characterizations, we find some improved binary, ternary Euclidean and quaternary Hermitian FSD LCD codes, as well as many non-equivalent ones that perform equally well with respect to best-known (FSD) LCD codes in the literature. Furthermore, some (near) maximum distance separable FSD codes with both one-dimensional Euclidean hull and one-dimensional Hermitian hull are also given as examples.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141730629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Non-canonical maximum cliques without a design structure in the block graphs of 2-designs","authors":"Sergey Goryainov, Elena V. Konstantinova","doi":"10.1007/s10623-024-01459-x","DOIUrl":"https://doi.org/10.1007/s10623-024-01459-x","url":null,"abstract":"<p>In this note we answer positively a question of Chris Godsil and Karen Meagher on the existence of a 2-design whose block graph has a non-canonical maximum clique without a design structure.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141725937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CSI-Otter: isogeny-based (partially) blind signatures from the class group action with a twist","authors":"Shuichi Katsumata, Yi-Fu Lai, Jason T. LeGrow, Ling Qin","doi":"10.1007/s10623-024-01441-7","DOIUrl":"https://doi.org/10.1007/s10623-024-01441-7","url":null,"abstract":"<p>In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the <i>linear identification protocol</i> abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT’19), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably secure in the random oracle model (ROM) against poly-logarithmically-many concurrent sessions assuming the subexponential hardness of the group action inverse problem. In more detail, our blind signature exploits the <i>quadratic twist</i> of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size 128 B and signature size 8 KB under the CSIDH-512 parameter sets—these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new <i>ring</i> variant of the group action inverse problem (<span>(textsf{rGAIP})</span>), we can halve the signature size to 4 KB while increasing the public key size to 512 B. We provide preliminary cryptanalysis of <span>({textsf{rGAIP}} )</span> and show that for certain parameter settings, it is essentially as secure as the standard <span>(textsf{GAIP})</span>. Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key—constructing such a hash function in the isogeny setting remains an open problem.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":null,"pages":null},"PeriodicalIF":1.6,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141725936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}