Statistical Decoding of Codes over Fq - Post-Quantum Cryptography

Cryptography Reference

In-Depth Information

In addition to that, we briefly describe two techniques how additional struc-

ture of the underlying code or the solution can be exploited to increase the

algorithm eciency.

Organization of the paper. We recall some preliminaries and notations from

code-based cryptography in Section 2. In the subsequent Section 3 we present our

generalized algorithm and the corresponding statistical properties. Experimental

results are given in Section 4, and we conclude in Section 5.

2 Preliminaries and Notation

In this section, we recall standard definitions from code-based cryptography.

Definition 1 (Linear code). Alinearcode

of length n and dimension k

over a finite field

F q

is defined as a k -dimensional subspace of the n -dimensional

F q

vector space

is denoted a ( n,k ) code over

F q .

Definition 2 (Generator and parity check matrix). Amatrix G ∈ F k × n

{ mG : m ∈ F q }

of full if rank is call if generator matrix for an ( n,k ) code

( n − k ) × n

A parity check matrix for

is any full l rank matrix H ∈ F

such that

{ x ∈ F q

: Hx T =0

}

. A parity check matrix H is a generator matrix for the

C ⊥ .

dual code

Definition 3 (Hamming distance). The Hamming weight wt( x ) of a vector

x is defined as the number of non-zero entries, and the Hamming distance d ( x,y )

between two vectors x and y is wt( x − y ) . The minimum distance d of a code

is given by d := min x ∈C\{ 0 } wt( x ) .Let t :=

( d −

1) / 2

,then

is also denoted

an ( n,k,t ) code.

Definition 4 (General decoding problem). The general decoding problem

is defined as fol lows: Given a vector c ∈ F q

and an ( n,k,t ) code

over

F q , find

x ∈C

such that d ( c,x ) is minimal. If d ( c,x )

≤ t , then this decoding is unique.

For any vector h , the entry at position i is denoted by h i .Wewrite H · i

for the

i i-th column of a matrix H .Let I ⊆{

,then H · I denotes the submatrix

of H consisting of the columns indexed by I . Similarly, h I

1 ,...,n }

denotes the vector

consisting of the corresponding entries of h .

3 Statistical Decoding

The idea of statistical decoding is as follows: After receiving a codeword with

error c = mG + e ,where m and e are unknown, a precomputed set H w ⊆C ⊥ is

used as a mask to obtain information about e .Since GH w =0,wehave

H w c T = H w e T .

Post-Quantum Cryptography

Search WWH ::

Custom Search

Home