le (7m19s)

# Résultats de recherche

**6492**

le (4m15s)

## 1.3. Encoding (Linear Transformation)

In this session, we will talk about the easy map of the - one-way trapdoor functions based on error-correcting codes. We suppose that the set of all messages that we wish to transmit is the set of k-tuples having elements from the field Fq. There are qk possible messages and we referred to it as the message space. In order to detect and possibly correct errors, we add some redundancy, thus the k tuples will be embedded into n-tuples with n greater than k. In this MOOC, we will focus on linear ... Voir la vidéole (8m26s)

## 1.5. Error Correcting Capacity

This sequence will be about the error-correcting capacity of a linear code. We describe the way of considering the space Fq^n as a metric space. This metric is necessary to justify the principle of decoding that is returning the nearest codeword to the received vector. The metric principle is based on the following concept: the Hamming distance between two vectors is the number of coordinates in which they differ. The Hamming weight of a vector is the number of non-zero coordinates. Here we give some examples. So, the Hamming distance ... Voir la vidéole (8m14s)

## 1.6. Decoding (A Difficult Problem)

The process of correcting errors and obtaining back the message is called decoding. In this sequence, we will focus on this process, the decoding. We would like that the decoder of the received vector, which is the encoding of the original message plus a certain vector, is again the original message, for every message and every reasonable noisy pattern. The basis of decoding is the following principle, called Minimum Distance Decoding. Given a received vector, we look for a codeword that minimizes the Hamming distance with the received vector One of ... Voir la vidéole (5m35s)

*2.1.* Formal Definition

Welcome to the second week of this MOOC entitled Code-Based Cryptography. This week, we will talk in detail about the McEliece cryptosystem. First, in this session, we will describe formally the McEliece and the Niederreiter systems, which are the principal public-key schemes, based on error-correcting code. Let K be a security parameter. An encryption scheme is defined by the following spaces: the space of all possible messages, the space of all ciphertexts, the space of the public-keys, and the space of the secret-keys.Then, we need to define the ...
Voir la vidéo
le (4m43s)

## 2.2. Security-Reduction Proof

Welcome to the second session. We will talk about the security-reduction proof. The security of a given cryptographic algorithm is reduced to the security of a known hard problem. To prove that a cryptosystem is secure, we select a problem which we know is hard to solve, and we reduce the problem to the security of the cryptosystem. Since the problem is hard to solve, the cryptosystem is hard to break. A security reduction is a proof that an adversary able to attack the scheme is able to solve some presumably hard ... Voir la vidéole (3m15s)

## 2.3. McEliece Assumptions

In this session, we will talk about McEliece assumptions. The security of the McEliece scheme is based on two assumptions as we have already seen: the hardness of decoding a random linear code and the problem of distinguishing a code with a prescribed structure from a random one. In this sequence, we will study in detail these two assumptions. The first assumption claims that decoding a random linear code is difficult. First, notice that the general decoding problem is basically a re-writing of the Syndrome Decoding problem. And both are equivalent ... Voir la vidéole (5m32s)

## 2.4. Notions of Security

In this session, we will study the notion of security of public-key scheme. A public-key scheme is one-way if the probability of success of any adversary running in polynomial time is negligible. That is, without the private key, it is computationally impossible to recover the plaintext. For the McEliece, if we assume that the general decoding problem of a linear code is on average a difficult problem and there exists no efficient distinguisher for Goppa codes, then the McEliece scheme has the One-Wayness property. However, McEliece is vulnerable to many ... Voir la vidéole (5m5s)

## 2.5. Critical Attacks - Semantic Secure Conversions

In this session, we will study critical attacks against the public-key cryptosystem. The partial knowledge on the plaintext reduces drastically the computational cost of the attack to the McEliece cryptosystem. For example, suppose that the adversary knows r bits of the plaintext. Then the difficulty of recovering the remaining k - r bits in the complete McEliece with parameters [n, k] is equivalent to that of recovering the full plaintext in the McEliece with parameters [n, k - r]. This is given by this formula. You just ... Voir la vidéole (3m45s)