3.10. Decoding One Out of Many
- document 1 document 2 document 3
- niveau 1 niveau 2 niveau 3
- audio 1 audio 2 audio 3
Descriptif
The final session of this week isdevoted to Decoding One Out of Many. Decoding One Out of Manyis interested in solving the following variantof Syndrome Decoding. In this variant, the onlydifference with the usual Syndrome Decoding isthat we are interested in a set of syndromesrather than a single syndrome. So, the instance will be S, a set of syndromes of size N. H, a parity-checkmatrix and w an integer, the weight we are looking for. And we are interestedin an error e, such that the syndrome of e is anelement of the set S with e of weight w or less. We will denote CSD sub N of H, S, w, the set of allsolutions to the above problem. As for CSD1 which is, infact, the plain CSD, we will only consider solvable instances. And by solvable hereinstances, we mean something very strong, we meanthat every syndrome in the set S belongs to that set. So, every syndrome inthe set S corresponds to an error of weight w. We expect with thistechnique - and I will show you how we obtain this -, weexpect to get all solutions, the N solution to the problem atthe expense of a factor only √ N. Or alternatively, weexpect to get a single solution to the problem,but to gain a factor √ N to obtain that solution. Again, I will startwith Birthday Decoding. Now, I want to solveBirthday Decoding with multiple instances. I will now split the matrix intotwo parts, but you can see here that n1 will be larger than n2, that is the left partof the matrix is larger than the right part of the matrix. Also, the weight w,instead of being divided in two equal parts is divided in w1+w2, and possibly one of thoseweights, in fact, it will be w1, is greater thanthe other part w2. I define those two sets:the first set is simply a set of syndromes of errorse1*(H1 transpose) when the weight of e1 is w1. But the second listis in fact formed of the syndrome according to H2that is e2*(H2 transpose) + any syndrome s. So, the list L2 willhave a size equal to the number of syndromes N * (n2, w2)that is the number of errors of weight w2, when the first list L1 will have simply a size (n1,w1).
Intervenants
Thèmes
Notice
Documentation
Dans la même collection
-
3.9. Generalized Birthday Algorithm for DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
The session nine is devoted to the application of the Generalized Birthday Algorithm to decoding. The Generalized Birthday Algorithm was presented by David Wagner in 2002, in a more general
-
3.7. May, Meurer, and Thomae AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
So, with the session 7 we are entering the most advanced part of that course. The idea of what I called the Improved Birthday Decoding is to use the so-called "representation technique" introduced
-
3.8. Becker, Joux, May, and Meurer AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Now in session 8, we will present yet another evolution of information set decoding. Before presenting this improvement, we will first improve the Birthday Decoding algorithm what I call a Further
-
3.6. Stern/Dumer AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will present the Stern algorithm for decoding. In fact, the idea is to combine two algorithms that we have seen before, the Lee and Brickell algorithm and the Birthday Decoding.
-
3.5. Lee and Brickell AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this fifth session, we will study a variant of information set decoding proposed by Lee and Brickell. So, the main idea consists in relaxing the Prange algorithm to amortize the cost of the
-
3.4. Complexity AnalysisMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will present the main technique to make the analysis of the various algorithms presented in this course. So, Information Set Decoding refers to a family of algorithms which is
-
3.2. Combinatorial Solutions: Exhaustive Search and Birthday DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will detail two combinatorial solutions to the decoding problem. The first one is the Exhaustive Search. To find our w columns, we will simply enumerate all the tuples j1 to jw
-
3.3. Information Set Decoding: the Power of Linear AlgebraMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this third session, we will present the most important concept of the week: Information Set Decoding. The problem of decoding is not only a combinatorial problem. Because we are dealing with
-
3.1. From Generic Decoding to Syndrome DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the third week of the MOOC on code-based cryptography. This week, we will learn about message attacks. Among the ten sessions of this week, the first six will present the most essential
Avec les mêmes intervenants
-
5.7. The Fast Syndrome-Based (FSB) Hash FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a
-
5.5. Stern’s Zero-Knowledge Identification SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove
-
5.6. An Efficient Provably Secure One-Way FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and
-
5.4. Parallel-CFSMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute
-
5.3. Attacks against the CFS SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is
-
5.1. Code-Based Digital SignaturesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key
-
5.2. The Courtois-Finiasz-Sendrier (CFS) ConstructionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document
-
4.9. Goppa codes still resistMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that
-
4.8. Attack against Algebraic Geometry codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n
-
4.7. Attack against Reed-Muller codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm
-
4.6. Attack against GRS codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by
-
4.5. Error-Correcting PairsMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,
Sur le même thème
-
-
An Introduction to Iris: Higher-Order Concurrent Separation LogicBirkedalLars
Modern programming languages such as Java, Scala, and Rust are examples of concurrent higher-order imperative programming languages.
-
Opinion polarization and network segregation. Modelling a complex RelationshipFlacheAndreas
Recently, many societies seem to shift towards more polarization and volatility in opinions, for example in attitudes about immigration, climate policy, or the best policy response to Covid-19. A
-
21 Molecular Algorithms Using Reprogrammable DNA Self-AssemblyWoodsDamien
The history of computing tells us that computers can be made of almost anything: silicon, gears and levers, neurons, flowing water, interacting particles or even light. Although lithographically
-
Topological insights in neuroscienceHess BellwaldKathryn
Over the past decade, and particularly over the past five years, research at the interface of topology and neuroscience has grown remarkably fast. Topology has, for example, been successfully applied
-
Quelques algorithmes de calcul d'enveloppe convexe en 2DGiraultAlain
Le calcul de l'enveloppe convexe d'un nuage de points est un des problèmes fondamentaux en informatique, avec des applications multiples : traitement d'images, reconstruction 3D, détection de
-
Modélisation de la croissance des micro-organismesJongHidde de
La croissance microbienne peut être formulée comme un problème d'optimisation : comment allouer les ressources nutritives extraites de l'environnement aux différentes fonctions cellulaires afin de
-
Les mathématiques et la physique dans les effets spéciaux et les jeux vidéoNeyretFabrice
La synthèse d’images (parfois appelée « la 3D ») permet de créer dans l’ordinateur des mondes fictifs, ultra-réalistes ou de style cartoon selon l’envie des graphistes, des réalisateurs, des
-
Caches, montrez-vous !DurandMarie
Les processeurs actuels permettent de l'ordre de quelques tera-opérations par seconde. Puissance nécessaire pour soutenir les besoins en simulation numérique, qui constitue, après la théorie et l
-
Théorie de l’appariement et applications actuelles
Pourquoi y a-t-il tant de personnes sans emploi alors qu’au même moment un grand nombre de postes sont disponibles ? La théorie de l’appariement analyse ces problèmes où un certain nombre de
-
Self-Supervised Visual Learning and SynthesisEfrosAlexei A.
Computer vision has made impressive gains through the use of deep learning models, trained with large-scale labeled data. However, labels require expertise and curation and are expensive to collect.
-
Theoretical Foundations for Runtime MonitoringAcetoLuca
Runtime monitoring/verification is a lightweight technique that complements other verification methods in a multi-pronged approach towards ensuring software correctness. The technique poses novel