3.4. Complexity Analysis
- document 1 document 2 document 3
- niveau 1 niveau 2 niveau 3
- audio 1 audio 2 audio 3
Descriptif
In this session, I willpresent the main technique to make the analysis of thevarious algorithms presented in this course. So, Information SetDecoding refers to a family of algorithms which issimilar to the Prange algorithm that we have just seen. All variants of InformationSet Decoding repeat a large number of independentiterations which all have a constant cost K and a success probability P. This means that thisiteration has to be repeated an expected number oftimes N where N = 1/P. And the totalworkfactor of the algorithm will simply be N multipliedby K, the cost of the iteration. First, do we want one solution to the CSD problem or all solutions? So, we consider theCSD(H,s,w) problem. We will assume, as Isaid, it is the case for most cryptanalysis, thatthe problem we are considering has at least one solution,that is CSD(H,s,w) is not empty. There are two possibilities for the weight. Either the weight issmaller than the Gilbert-Varshamov radius, then there isexactly one solution, either the weight wis larger than the Gilbert-Varshamov radius. In that case, there areseveral solutions (n,w)/2^(n-k) on average. The first caseis the most common and of course, there is nodifference between one or all solutions becausethere is only one solution. In the second case, weexpect that finding only one solution instead of allsolutions will be less expensive. Intuitively, it isreasonable to assume that we may make the economy of afactor equal to the number of solutions. So, some probabilities. Recall that Information SetDecoding will perform many independent iterations. Forone iteration, we denote P∞ the probability to find onespecific solution to our problem. And we denote P1 theprobability to find any one solution to our problem. If N is the number ofsolutions then we may write P1, as given in the slide. The exact formulawill produce a value which is the minimum of 1 and N*P∞. In practice, most of thetime, we will have P1 = N*P∞ when N is not too large at least. For the complexity analysis, we willhave to distinguish two situations.
Intervenant
Thème
Notice
Documentation
Dans la même collection
-
3.9. Generalized Birthday Algorithm for DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
The session nine is devoted to the application of the Generalized Birthday Algorithm to decoding. The Generalized Birthday Algorithm was presented by David Wagner in 2002, in a more general
-
3.10. Decoding One Out of ManyMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
The final session of this week is devoted to Decoding One Out of Many. Decoding One Out of Many is interested in solving the following variant of Syndrome Decoding. In this variant, the only
-
3.7. May, Meurer, and Thomae AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
So, with the session 7 we are entering the most advanced part of that course. The idea of what I called the Improved Birthday Decoding is to use the so-called "representation technique" introduced
-
3.8. Becker, Joux, May, and Meurer AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Now in session 8, we will present yet another evolution of information set decoding. Before presenting this improvement, we will first improve the Birthday Decoding algorithm what I call a Further
-
3.6. Stern/Dumer AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will present the Stern algorithm for decoding. In fact, the idea is to combine two algorithms that we have seen before, the Lee and Brickell algorithm and the Birthday Decoding.
-
3.5. Lee and Brickell AlgorithmMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this fifth session, we will study a variant of information set decoding proposed by Lee and Brickell. So, the main idea consists in relaxing the Prange algorithm to amortize the cost of the
-
3.3. Information Set Decoding: the Power of Linear AlgebraMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this third session, we will present the most important concept of the week: Information Set Decoding. The problem of decoding is not only a combinatorial problem. Because we are dealing with
-
3.2. Combinatorial Solutions: Exhaustive Search and Birthday DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will detail two combinatorial solutions to the decoding problem. The first one is the Exhaustive Search. To find our w columns, we will simply enumerate all the tuples j1 to jw
-
3.1. From Generic Decoding to Syndrome DecodingMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the third week of the MOOC on code-based cryptography. This week, we will learn about message attacks. Among the ten sessions of this week, the first six will present the most essential
Avec les mêmes intervenants
-
5.7. The Fast Syndrome-Based (FSB) Hash FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a
-
5.4. Parallel-CFSMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute
-
5.5. Stern’s Zero-Knowledge Identification SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove
-
5.6. An Efficient Provably Secure One-Way FunctionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and
-
5.3. Attacks against the CFS SchemeMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is
-
5.2. The Courtois-Finiasz-Sendrier (CFS) ConstructionMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document
-
5.1. Code-Based Digital SignaturesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key
-
4.8. Attack against Algebraic Geometry codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n
-
4.9. Goppa codes still resistMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that
-
4.7. Attack against Reed-Muller codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm
-
4.5. Error-Correcting PairsMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,
-
4.6. Attack against GRS codesMarquez-CorbellaIreneSendrierNicolasFiniaszMatthieu
In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by
Sur le même thème
-
"Le mathématicien Petre (Pierre) Sergescu, historien des sciences, personnalité du XXe siècle"HerléaAlexandre
Alexandre HERLEA est membre de la section « Sciences, histoire des sciences et des techniques et archéologie industrielle » du CTHS. Professeur émérite des universités, membre effectif de l'Académie
-
Retour d'expérience sur l'utilisation croisée de plusieurs archives de fouillesTufféryChristophe
Dans le cadre d'une thèse de doctorat engagée depuis 2019, une étude historiographique et épistémologique des effets des dispositifs numériques sur l'archéologie et sur les archéologues au cours des
-
Information Structures for Privacy and FairnessPalamidessiCatuscia
Information Structures for Privacy and Fairness
-
Le Creativ’Lab, au cœur de la robotique et de l’intelligence artificielle (ASR N°18 - LORIA)HénaffPatrickLefebvreSylvain
Le LORIA, laboratoire phare de la Grande Région dans le domaine de l’informatique, propose de rendre la recherche plus ouverte, plus collaborative, plus ambitieuse… en un mot, plus créative, à travers
-
AI and Human Decision-Making: An Interdisciplinary PerspectiveCastellucciaClaude
This seminar will talk about some of the privacy risks of these systems and will describe some recent attacks. It will also discuss why they sometimes fail to deliver. Finally, we will also show that
-
Webinaire sur la rédaction des PGDLouvetViolaine
Rédaction des Plans de Gestion de Données (PGD) sous l’angle des besoins de la communauté mathématique.
-
Les algorithmes de Parcoursup
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Algorithmes d'aide à la décision publique / Ouverture
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Quelques enjeux autour des algorithmes d'aide à la décision publique
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Un nouveau système de répartition des greffons cardiaques utilisant un algorithme
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Règles, calcul et politique : investigation des choix de programmation inaperçus pour les aides au …
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l
-
Algorithmes de décision publique : élaboration, évaluation et évolutions
L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l