Notice
3.3. Information Set Decoding: the Power of Linear Algebra
- document 1 document 2 document 3
- niveau 1 niveau 2 niveau 3
Descriptif
In this third session, wewill present the most important concept of the week:Information Set Decoding. The problem of decoding is notonly a combinatorial problem. Because we are dealing with linearcode, we may also use Linear Algebra. In particular, we are ableto transform the Computational Syndrome Decodingproblem by multiplying the matrix by apermutation P on the right and a nonsingular matrix U on the left. This will transform theproblem of syndrome decoding into an equivalent one. It is very easy to prove thatthe following equivalence holds. In fact, this implies thatthe two computational syndrome decoding that arepresented here are equivalent.
If I solve one ofthem, I solve the other. In particular, I canchoose H'in the following form which is calledsystematic form or standard form. If the first n-k columns of matrix H*P areindependent, then I am able to compute such a form. If thisis the case, the last k column of the matrixforms an information set. If I am lucky, thepermutation P will send the w error position inthe left part of the position. If this happens,then the modified syndrome s'will have a weight equalto the weight of the error. And I can check that very easily. I can transformthat into an algorithm. So, I want to solve thecomputational syndrome decoding presented here. I will repeatedly picka permutation P, compute the following systematicform using Gaussian elimination, and check whether thetransformed syndrome s*(U transpose) is a weight w. When this hapens, I canreturn the following vector which is validsolution to the original syndrome decoding problem. Here, each iteration of thisalgorithm will cost n*(n-k) column operations that is thecost of the Gaussian elimination. And I have to repeat thata certain number of times, until one of thesolutions to my problem has all its non-zero coordinates "all left". In the next session, I will present Complexity Analysis of thatalgorithm in particular as long as tools to make thecomplexity analysis of the variance of informationset decoding I will present throughout this course.
Intervention
Dans la même collection
-
3.7. May, Meurer, and Thomae Algorithm
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
So, with the session 7 we are entering the most advanced part of that course. The idea of what I called the Improved Birthday Decoding is to use the so-called "representation technique" introduced
-
3.1. From Generic Decoding to Syndrome Decoding
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
Welcome to the third week of the MOOC on code-based cryptography. This week, we will learn about message attacks. Among the ten sessions of this week, the first six will present the most essential
-
3.10. Decoding One Out of Many
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
The final session of this week is devoted to Decoding One Out of Many. Decoding One Out of Many is interested in solving the following variant of Syndrome Decoding. In this variant, the only
-
3.5. Lee and Brickell Algorithm
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this fifth session, we will study a variant of information set decoding proposed by Lee and Brickell. So, the main idea consists in relaxing the Prange algorithm to amortize the cost of the
-
3.8. Becker, Joux, May, and Meurer Algorithm
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
Now in session 8, we will present yet another evolution of information set decoding. Before presenting this improvement, we will first improve the Birthday Decoding algorithm what I call a Further
-
3.2. Combinatorial Solutions: Exhaustive Search and Birthday Decoding
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, I will detail two combinatorial solutions to the decoding problem. The first one is the Exhaustive Search. To find our w columns, we will simply enumerate all the tuples j1 to jw
-
3.6. Stern/Dumer Algorithm
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we will present the Stern algorithm for decoding. In fact, the idea is to combine two algorithms that we have seen before, the Lee and Brickell algorithm and the Birthday Decoding.
-
3.9. Generalized Birthday Algorithm for Decoding
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
The session nine is devoted to the application of the Generalized Birthday Algorithm to decoding. The Generalized Birthday Algorithm was presented by David Wagner in 2002, in a more general
-
3.4. Complexity Analysis
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, I will present the main technique to make the analysis of the various algorithms presented in this course. So, Information Set Decoding refers to a family of algorithms which is
Avec les mêmes intervenants et intervenantes
-
4.6. Attack against GRS codes
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by
-
5.5. Stern’s Zero-Knowledge Identification Scheme
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove
-
4.9. Goppa codes still resist
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that
-
4.4. Attack against subcodes of GRS codes
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we will talk about using subcodes of a Generalized Reed–Solomon code for the McEliece Cryptosystem. Recall that to avoid the attack of Sidelnikov and Shestakov, Berger and
-
5.3. Attacks against the CFS Scheme
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is
-
4.7. Attack against Reed-Muller codes
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm
-
5.6. An Efficient Provably Secure One-Way Function
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and
-
5.1. Code-Based Digital Signatures
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key
-
4.5. Error-Correcting Pairs
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,
-
5.4. Parallel-CFS
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute
-
4.8. Attack against Algebraic Geometry codes
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n
-
5.7. The Fast Syndrome-Based (FSB) Hash Function
MARQUEZ-CORBELLA Irene
SENDRIER Nicolas
FINIASZ Matthieu
In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a
Sur le même thème
-
Machines algorithmiques, mythes et réalités
MAZENOD Vincent
Vincent Mazenod, informaticien, partage le fruit de ses réflexions sur l'évolution des outils numériques, en lien avec les problématiques de souveraineté, de sécurité et de vie privée...
-
Désassemblons le numérique - #Episode11 : Les algorithmes façonnent-ils notre société ?
SCHWARTZ Arnaud
LIMA PILLA Laércio
ESTéRIE Pierre
SALLET Frédéric
FERBOS Aude
ROUMANOS Rayya
CHRAIBI KADOUD Ikram
Un an après le tout premier hackathon sur les méthodologies d'enquêtes journalistiques sur les algorithmes, ce nouvel épisode part à la rencontre de différents points de vue sur les algorithmes.
-
Les machines à enseigner. Du livre à l'IA...
BRUILLARD Éric
Que peut-on, que doit-on déléguer à des machines ? C'est l'une des questions explorées par Éric Bruillard qui, du livre aux IA génératives, expose l'évolution des machines à enseigner...
-
Quel est le prix à payer pour la sécurité de nos données ?
MINAUD Brice
À l'ère du tout connecté, la question de la sécurité de nos données personnelles est devenue primordiale. Comment faire pour garder le contrôle de nos données ? Comment déjouer les pièges de plus en
-
Désassemblons le numérique - #Episode9 : Bientôt des supercalculateurs dans nos piscines ?
BEAUMONT Olivier
BOUZEL Rémi
Des supercalculateurs feraient-ils bientôt leur apparition dans les piscines municipales pour les chauffer ? Réponses d'Olivier Beaumont, responsable de l'équipe-projet Topal, et Rémi Bouzel,
-
Des systèmes de numération pour le calcul modulaire
BAJARD Jean-Claude
Le calcul modulaire est utilisé dans de nombreuses applications des mathématiques, telles que la cryptographie. La réduction modulaire dans un contexte très général est coûteuse, car elle n
-
Projection methods for community detection in complex networks
LITVAK Nelly
Community detection is one of most prominent tasks in the analysis of complex networks such as social networks, biological networks, and the world wide web. A community is loosely defined as a group
-
Lara Croft. doing fieldwork under surveillance
DALL'AGNOLA Jasmin
Lara Croft. Doing Fieldwork Under Surveillance Intervention de Jasmin Dall'Agnola (The George Washington University), dans le cadre du Colloque coorganisé par Anders Albrechtslund, professeur en
-
Containing predictive tokens in the EU
CZARNOCKI Jan
Containing Predictive Tokens in the EU – Mapping the Laws Against Digital Surveillance, intervention de Jan Czarnocki (KU Leuven), dans le cadre du Colloque coorganisé par Anders Albrechtslund,
-
Inauguration de l'exposition - Vanessa Vitse : Nombres de Sophie Germain et codes secrets
VITSE Vanessa
Exposé de Vanessa Vitse (Institut Fourier) : Nombres de Sophie Germain et codes secrets
-
"Le mathématicien Petre (Pierre) Sergescu, historien des sciences, personnalité du XXe siècle"
HERLéA Alexandre
Alexandre HERLEA est membre de la section « Sciences, histoire des sciences et des techniques et archéologie industrielle » du CTHS. Professeur émérite des universités, membre effectif de l'Académie
-
Ivan Murit - Processus de création d'images
MURIT Ivan
Je vais présenter une manière décalée d'aborder les outils d'impression. Pour cela nous ne partirons pas de l'envie d'imprimer une image préexistante, mais d'avant cela : comment se crée une forme