le (6m21s)

# Résultats de recherche

**17755**

le (5m19s)

## 4.3. Distinguisher for GRS codes

In this session we will see that generalized Reed-Solomon codes behave differently than random codes with respect to the star operation. Thus we can define a distinguisher for Generalized Reed-Solomon codes. Let us recall the definition of Generalized Reed-Solomon codes. We will need an n-tuple of mutually distinct elements of Fq. We need a vector b which is an n-tuple of nonzero elements of Fq. We need to define the vector space of all polynomials of degree at most k and we also need to define a evaluation map. Then the ... Voir la vidéole (3m57s)

## 4.4. Attack against subcodes of GRS codes

In this session, we will talk about using subcodes of a Generalized Reed–Solomon code for the McEliece Cryptosystem. Recall that to avoid the attack of Sidelnikov and Shestakov, Berger and Loidreau proposed to replace Generalized Reed–Solomon codes by some random subcodes of small codimension. However, this attack has been broken by Wieschebrink in 2006 using square code considerations. The idea of the attack is very simple. The public key is a subcode of large dimension, otherwise a generic attack could be applied. And we also know the error-correcting capacity ... Voir la vidéole (5m32s)

## 4.5. Error-Correcting Pairs

We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then, its dual is again a generalized Reed-Solomon code with the same locator and another column multiplier we will denote by d^ (d dual). Now, consider the codes A and B. These codes have not been chosen at random. First, notice that the star product of these two codes is the dual of C. Suppose that these codes ... Voir la vidéole (5m28s)

## 4.6. Attack against GRS codes

In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by Niederreiter. Recall that these codes are MDS, that is, they attain the maximum error correcting capacity which is interpreted as shorter keys for the same level of security. Moreover, these codes have efficient decoding algorithms so they are suitable candidates for code-based cryptography. But this proposal is subject to a polynomial attack by Sidelnikov-Shestakov. Take notice that if we know ... Voir la vidéole (5m48s)

## 4.7. Attack against Reed-Muller codes

In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm for these codes. Reed-Muller are just a generalization of generalized Reed-Solomon codes. Generalized Reed-Solomon codes are evaluation of univariate polynomials, and Reed-Muller codes are evaluation of multivariate polynomials. We will study binary Reed-Muller codes. The binary Reed-Muller consists of the set of codewords obtained by evaluating all the Boolean functions of degree r with m variables. Thus, the block length of ... Voir la vidéole (6m46s)

## 4.8. Attack against Algebraic Geometry codes

In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n-tuple of rational points and then a divisor which has disjoint support from the n-tuple P. Then, the Algebraic Geometry code is obtained by evaluating at P all functions that belong to the vector space associated to the divisor E. Some properties of these codes are nearly optimal codes, that is, their designed minimum distance is nearly the optimal ... Voir la vidéole (4m4s)

## 4.9. Goppa codes still resist

All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that it is assumed that Goppa codes are pseudorandom, that is there exist no efficient distinguisher for Goppa code. An efficient distinguisher was built for the case of high rate codes, where the rate is very close to 1, but no generalization of this distinguisher is known. The best known attacks are based on the ... Voir la vidéole (4m33s)

## 5.1. Code-Based Digital Signatures

Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key encryption and now we will see other kind of constructions. This first sequence we'll be having a look at digital signatures and how to design code-based digital signatures. So, what is digital signature? A digital signature is meant to replace a paper signature on a digital document. Exactly like a paper signature, only one person should be able to ... Voir la vidéole (4m22s)