-
On the Security of a Code-Based PIR Scheme
Authors:
Svenja Lage,
Hannes Bartz
Abstract:
Private Information Retrieval (PIR) schemes allow clients to retrieve files from a database without disclosing the requested file's identity to the server. In the pursuit of post-quantum security, most recent PIR schemes rely on hard lattice problems. In contrast, the so called CB-cPIR scheme stands out as a pioneering effort to base PIR schemes on hard problems in coding theory, thereby contribut…
▽ More
Private Information Retrieval (PIR) schemes allow clients to retrieve files from a database without disclosing the requested file's identity to the server. In the pursuit of post-quantum security, most recent PIR schemes rely on hard lattice problems. In contrast, the so called CB-cPIR scheme stands out as a pioneering effort to base PIR schemes on hard problems in coding theory, thereby contributing significantly to the diversification of security foundations. However, our research reveals a critical vulnerability in CB-cPIR, substantially diminishing its security levels. Moreover, a comparative analysis with state-of-the-art PIR schemes shows that CB-cPIR's advantages are reduced, making it less competitive in terms of the communication cost. Nevertheless, our findings highlight the importance of continued research into code-based PIR schemes, as they have the potential to provide a valuable alternative to lattice-based approaches.
△ Less
Submitted 25 July, 2025;
originally announced July 2025.
-
Syndrome-Based Error-Erasure Decoding of Interleaved Linearized Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
Linearized Reed--Solomon (LRS) codes are sum-rank-metric codes that generalize both Reed--Solomon and Gabidulin codes. We study vertically and horizontally interleaved LRS (VILRS and HILRS) codes whose codewords consist of a fixed number of stacked or concatenated codewords of a chosen LRS code. Our unified presentation of results for horizontal and vertical interleaving is novel and simplifies th…
▽ More
Linearized Reed--Solomon (LRS) codes are sum-rank-metric codes that generalize both Reed--Solomon and Gabidulin codes. We study vertically and horizontally interleaved LRS (VILRS and HILRS) codes whose codewords consist of a fixed number of stacked or concatenated codewords of a chosen LRS code. Our unified presentation of results for horizontal and vertical interleaving is novel and simplifies the recognition of resembling patterns.
This paper's main results are syndrome-based decoders for both VILRS and HILRS codes. We first consider an error-only setting and then present more general error-erasure decoders, which can handle full errors, row erasures, and column erasures simultaneously. Here, an erasure means that parts of the row space or the column space of the error are already known before decoding. We incorporate this knowledge directly into Berlekamp--Massey-like key equations and thus decode all error types jointly. The presented error-only and error-erasure decoders have an average complexity in $O(sn^2)$ and $\widetilde{O}(sn^2)$ in most scenarios, where $s$ is the interleaving order and $n$ denotes the length of the component code.
Errors of sum-rank weight $τ=t_{\mathcal{F}}+t_{\mathcal{R}}+t_{\mathcal{C}}$ consist of $t_{\mathcal{F}}$ full errors, $t_{\mathcal{R}}$ row erasures, and $t_{\mathcal{C}}$ column erasures. Their successful decoding can be guaranteed for $t_{\mathcal{F}}\leq\tfrac{1}{2}(n-k-t_{\mathcal{R}}-t_{\mathcal{C}})$, where $n$ and $k$ represent the length and the dimension of the component LRS code. Moreover, probabilistic decoding beyond the unique-decoding radius is possible with high probability when $t_{\mathcal{F}}\leq\tfrac{s}{s+1}(n-k-t_{\mathcal{R}}-t_{\mathcal{C}})$ holds for interleaving order $s$. We give an upper bound on the failure probability for probabilistic unique decoding and showcase its tightness via Monte Carlo simulations.
△ Less
Submitted 28 November, 2024;
originally announced November 2024.
-
Support-Guessing Decoding Algorithms in the Sum-Rank Metric
Authors:
Thomas Jerkovits,
Hannes Bartz,
Antonia Wachter-Zeh
Abstract:
The sum-rank metric generalizes the Hamming and rank metric by partitioning vectors into blocks and defining the total weight as the sum of the rank weights of these blocks, based on their matrix representation.
In this work, we explore support-guessing algorithms for decoding sum-rank-metric codes. Support-guessing involves randomly selecting candidate supports and attempting to decode the erro…
▽ More
The sum-rank metric generalizes the Hamming and rank metric by partitioning vectors into blocks and defining the total weight as the sum of the rank weights of these blocks, based on their matrix representation.
In this work, we explore support-guessing algorithms for decoding sum-rank-metric codes. Support-guessing involves randomly selecting candidate supports and attempting to decode the error under the assumption that it is confined to these supports. While previous works have focused on worst-case scenarios, we analyze the average case and derive an optimal support-guessing distribution in the asymptotic regime. We show that this distribution also performs well for finite code lengths. Our analysis provides exact complexity estimates for unique decoding scenarios and establishes tighter bounds beyond the unique decoding radius.
Additionally, we introduce a randomized decoding algorithm for Linearized Reed--Solomon (LRS) codes. This algorithm extends decoding capabilities beyond the unique decoding radius by leveraging an efficient error-and-erasure decoder. Instead of requiring the entire error support to be confined to the guessed support, the algorithm succeeds as long as there is sufficient overlap between the guessed support and the actual error support. As a result, the proposed method improves the success probability and reduces computational complexity compared to generic decoding algorithms.
Our contributions offer more accurate complexity estimates than previous works, which are essential for understanding the computational challenges involved in decoding sum-rank-metric codes. This improved complexity analysis, along with optimized support-guessing distributions, provides valuable insights for the design and evaluation of code-based cryptosystems using the sum-rank metric. This is particularly important in the context of quantum-resistant cryptography.
△ Less
Submitted 21 October, 2024;
originally announced October 2024.
-
An Error-Code Perspective on Metzner--Kapturowski-like Decoders
Authors:
Thomas Jerkovits,
Felicitas Hörmann,
Hannes Bartz
Abstract:
In this paper we consider a Metzner-Kapturowski-like decoding algorithm for high-order interleaved sum-rank-metric codes, offering a novel perspective on the decoding process through the concept of an error code. The error code, defined as the linear code spanned by the vectors forming the error matrix, provides a more intuitive understanding of the decoder's functionality and new insights.
The…
▽ More
In this paper we consider a Metzner-Kapturowski-like decoding algorithm for high-order interleaved sum-rank-metric codes, offering a novel perspective on the decoding process through the concept of an error code. The error code, defined as the linear code spanned by the vectors forming the error matrix, provides a more intuitive understanding of the decoder's functionality and new insights.
The proposed algorithm can correct errors of sum-rank weight up to $d-2$, where $d$ is the minimum distance of the constituent code, given a sufficiently large interleaving order. The decoder's versatility is highlighted by its applicability to any linear constituent code, including unstructured or random codes. The computational complexity is $O(\max\{n^3, n^2 s\})$ operations over $\mathbb{F}_{q^m}$, where $n$ is the code length and $s$ is the interleaving order.
We further explore the success probability of the decoder for random errors, providing an efficient algorithm to compute an upper bound on this probability. Additionally, we derive bounds and approximations for the success probability when the error weight exceeds the unique decoding radius, showing that the decoder maintains a high success probability in this regime.
Our findings suggest that this decoder could be a valuable tool for the design and security analysis of code-based cryptosystems using interleaved sum-rank-metric codes. The new insights into the decoding process and the high success probability of the algorithm even beyond the unique decoding radius underscore its potential to contribute to various coding-related applications.
△ Less
Submitted 27 September, 2024;
originally announced September 2024.
-
Error-Correction Performance of Regular Ring-Linear LDPC Codes over Lee Channels
Authors:
Jessica Bariffi,
Hannes Bartz,
Gianluigi Liva,
Joachim Rosenthal
Abstract:
Most low-density parity-check (LDPC) code constructions are considered over finite fields. In this work, we focus on regular LDPC codes over integer residue rings and analyze their performance with respect to the Lee metric. Their error-correction performance is studied over two channel models, in the Lee metric. The first channel model is a discrete memoryless channel, whereas in the second chann…
▽ More
Most low-density parity-check (LDPC) code constructions are considered over finite fields. In this work, we focus on regular LDPC codes over integer residue rings and analyze their performance with respect to the Lee metric. Their error-correction performance is studied over two channel models, in the Lee metric. The first channel model is a discrete memoryless channel, whereas in the second channel model an error vector is drawn uniformly at random from all vectors of a fixed Lee weight. It is known that the two channel laws coincide in the asymptotic regime, meaning that their marginal distributions match. For both channel models, we derive upper bounds on the block error probability in terms of a random coding union bound as well as sphere packing bounds that make use of the marginal distribution of the considered channels. We estimate the decoding error probability of regular LDPC code ensembles over the channels using the marginal distribution and determining the expected Lee weight distribution of a random LDPC code over a finite integer ring. By means of density evolution and finite-length simulations, we estimate the error-correction performance of selected LDPC code ensembles under belief propagation decoding and a low-complexity symbol message passing decoding algorithm and compare the performances. The analysis developed in this paper may serve to design regular LDPC codes over integer residue rings for storage and cryptographic application.
△ Less
Submitted 31 July, 2024; v1 submitted 22 December, 2023;
originally announced December 2023.
-
Fast Gao-like Decoding of Horizontally Interleaved Linearized Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
Both horizontal interleaving as well as the sum-rank metric are currently attractive topics in the field of code-based cryptography, as they could mitigate the problem of large key sizes. In contrast to vertical interleaving, where codewords are stacked vertically, each codeword of a horizontally $s$-interleaved code is the horizontal concatenation of $s$ codewords of $s$ component codes. In the c…
▽ More
Both horizontal interleaving as well as the sum-rank metric are currently attractive topics in the field of code-based cryptography, as they could mitigate the problem of large key sizes. In contrast to vertical interleaving, where codewords are stacked vertically, each codeword of a horizontally $s$-interleaved code is the horizontal concatenation of $s$ codewords of $s$ component codes. In the case of horizontally interleaved linearized Reed-Solomon (HILRS) codes, these component codes are chosen to be linearized Reed-Solomon (LRS) codes.
We provide a Gao-like decoder for HILRS codes that is inspired by the respective works for non-interleaved Reed-Solomon and Gabidulin codes. By applying techniques from the theory of minimal approximant bases, we achieve a complexity of $\tilde{\mathcal{O}}(s^{2.373} n^{1.635})$ operations in $\mathbb{F}_{q^m}$, where $\tilde{\mathcal{O}}(\cdot)$ neglects logarithmic factors, $s$ is the interleaving order and $n$ denotes the length of the component codes. For reasonably small interleaving order $s \ll n$, this is subquadratic in the component-code length $n$ and improves over the only known syndrome-based decoder for HILRS codes with quadratic complexity. Moreover, it closes the performance gap to vertically interleaved LRS codes for which a decoder of complexity $\tilde{\mathcal{O}}(s^{2.373} n^{1.635})$ is already known.
We can decode beyond the unique-decoding radius and handle errors of sum-rank weight up to $\frac{s}{s + 1} (n - k)$ for component-code dimension $k$. We also give an upper bound on the failure probability in the zero-derivation setting and validate its tightness via Monte Carlo simulations.
△ Less
Submitted 22 August, 2023;
originally announced August 2023.
-
Fast Decoding of Lifted Interleaved Linearized Reed-Solomon Codes for Multishot Network Coding
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
Mart{\'ı}nez-Pe{ñ}as and Kschischang (IEEE Trans.\ Inf.\ Theory, 2019) proposed lifted linearized Reed--Solomon codes as suitable codes for error control in multishot network coding. We show how to construct and decode \ac{LILRS} codes. Compared to the construction by Mart{\'ı}nez-Pe{ñ}as--Kschischang, interleaving allows to increase the decoding region significantly and decreases the overhead due…
▽ More
Mart{\'ı}nez-Pe{ñ}as and Kschischang (IEEE Trans.\ Inf.\ Theory, 2019) proposed lifted linearized Reed--Solomon codes as suitable codes for error control in multishot network coding. We show how to construct and decode \ac{LILRS} codes. Compared to the construction by Mart{\'ı}nez-Pe{ñ}as--Kschischang, interleaving allows to increase the decoding region significantly and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. We propose two decoding schemes for \ac{LILRS} that are both capable of correcting insertions and deletions beyond half the minimum distance of the code by either allowing a list or a small decoding failure probability. We propose a probabilistic unique {\LOlike} decoder for \ac{LILRS} codes and an efficient interpolation-based decoding scheme that can be either used as a list decoder (with exponential worst-case list size) or as a probabilistic unique decoder. We derive upper bounds on the decoding failure probability of the probabilistic-unique decoders which show that the decoding failure probability is very small for most channel realizations up to the maximal decoding radius. The tightness of the bounds is verified by Monte Carlo simulations.
△ Less
Submitted 12 July, 2023;
originally announced July 2023.
-
Randomized Decoding of Linearized Reed-Solomon Codes Beyond the Unique Decoding Radius
Authors:
Thomas Jerkovits,
Hannes Bartz,
Antonia Wachter-Zeh
Abstract:
In this paper we address the problem of decoding linearized Reed-Solomon (LRS) codes beyond their unique decoding radius. We analyze the complexity in order to evaluate if the considered problem is of cryptographic relevance, i.e., can be used to design cryptosystems that are computationally hard to break. We show that our proposed algorithm improves over other generic algorithms that do not take…
▽ More
In this paper we address the problem of decoding linearized Reed-Solomon (LRS) codes beyond their unique decoding radius. We analyze the complexity in order to evaluate if the considered problem is of cryptographic relevance, i.e., can be used to design cryptosystems that are computationally hard to break. We show that our proposed algorithm improves over other generic algorithms that do not take into account the underlying code structure.
△ Less
Submitted 7 June, 2023;
originally announced June 2023.
-
Distinguishing and Recovering Generalized Linearized Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz,
Anna-Lena Horlemann
Abstract:
We study the distinguishability of linearized Reed-Solomon (LRS) codes by defining and analyzing analogs of the square-code and the Overbeck distinguisher for classical Reed-Solomon and Gabidulin codes, respectively. Our main results show that the square-code distinguisher works for generalized linearized Reed-Solomon (GLRS) codes defined with the trivial automorphism, whereas the Overbeck-type di…
▽ More
We study the distinguishability of linearized Reed-Solomon (LRS) codes by defining and analyzing analogs of the square-code and the Overbeck distinguisher for classical Reed-Solomon and Gabidulin codes, respectively. Our main results show that the square-code distinguisher works for generalized linearized Reed-Solomon (GLRS) codes defined with the trivial automorphism, whereas the Overbeck-type distinguisher can handle LRS codes in the general setting. We further show how to recover defining code parameters from any generator matrix of such codes in the zero-derivation case. For other choices of automorphisms and derivations simulations indicate that these distinguishers and recovery algorithms do not work. The corresponding LRS and GLRS codes might hence be of interest for code-based cryptography.
△ Less
Submitted 2 April, 2023;
originally announced April 2023.
-
On Decoding High-Order Interleaved Sum-Rank-Metric Codes
Authors:
Thomas Jerkovits,
Felicitas Hörmann,
Hannes Bartz
Abstract:
We consider decoding of vertically homogeneous interleaved sum-rank-metric codes with high interleaving order $s$, that are constructed by stacking $s$ codewords of a single constituent code.
We propose a Metzner--Kapturowski-like decoding algorithm that can correct errors of sum-rank weight $t <= d-2$, where $d$ is the minimum distance of the code, if the interleaving order $s > t$ and the erro…
▽ More
We consider decoding of vertically homogeneous interleaved sum-rank-metric codes with high interleaving order $s$, that are constructed by stacking $s$ codewords of a single constituent code.
We propose a Metzner--Kapturowski-like decoding algorithm that can correct errors of sum-rank weight $t <= d-2$, where $d$ is the minimum distance of the code, if the interleaving order $s > t$ and the error matrix fulfills a certain rank condition.
The proposed decoding algorithm generalizes the Metzner--Kapturowski(-like) decoders in the Hamming metric and the rank metric and has a computational complexity of $\tilde{O}(\max(n^3, n^2 s))$ operations in $\mathbb{F}_{q^m}$, where $n$ is the length of the code.
The scheme performs linear-algebraic operations only and thus works for any interleaved linear sum-rank-metric code.
We show how the decoder can be used to decode high-order interleaved codes in the skew metric.
Apart from error control, the proposed decoder allows to determine the security level of code-based cryptosystems based on interleaved sum-rank metric codes.
△ Less
Submitted 30 March, 2023;
originally announced March 2023.
-
Interpolation-Based Decoding of Folded Variants of Linearized and Skew Reed-Solomon Codes
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
The sum-rank metric is a hybrid between the Hamming metric and the rank metric and suitable for error correction in multishot network coding and distributed storage as well as for the design of quantum-resistant cryptosystems. In this work, we consider the construction and decoding of folded linearized Reed-Solomon (FLRS) codes, which are shown to be maximum sum-rank distance (MSRD) for appropriat…
▽ More
The sum-rank metric is a hybrid between the Hamming metric and the rank metric and suitable for error correction in multishot network coding and distributed storage as well as for the design of quantum-resistant cryptosystems. In this work, we consider the construction and decoding of folded linearized Reed-Solomon (FLRS) codes, which are shown to be maximum sum-rank distance (MSRD) for appropriate parameter choices. We derive an efficient interpolation-based decoding algorithm for FLRS codes that can be used as a list decoder or as a probabilistic unique decoder. The proposed decoding scheme can correct sum-rank errors beyond the unique decoding radius with a computational complexity that is quadratic in the length of the unfolded code. We show how the error-correction capability can be optimized for high-rate codes by an alternative choice of interpolation points. We derive a heuristic upper bound on the decoding failure probability of the probabilistic unique decoder and verify its tightness by Monte Carlo simulations. Further, we study the construction and decoding of folded skew Reed-Solomon codes in the skew metric. Up to our knowledge, FLRS codes are the first MSRD codes with different block sizes that come along with an efficient decoding algorithm.
△ Less
Submitted 27 March, 2023;
originally announced March 2023.
-
Fast Kötter-Nielsen-Høholdt Interpolation over Skew Polynomial Rings and its Application in Coding Theory
Authors:
Hannes Bartz,
Thomas Jerkovits,
Johan Rosenkilde
Abstract:
Skew polynomials are a class of non-commutative polynomials that have several applications in computer science, coding theory and cryptography. In particular, skew polynomials can be used to construct and decode evaluation codes in several metrics, like e.g. the Hamming, rank, sum-rank and skew metric. We propose a fast divide-and-conquer variant of Kötter-Nielsen-Høholdt (KNH) interpolation algor…
▽ More
Skew polynomials are a class of non-commutative polynomials that have several applications in computer science, coding theory and cryptography. In particular, skew polynomials can be used to construct and decode evaluation codes in several metrics, like e.g. the Hamming, rank, sum-rank and skew metric. We propose a fast divide-and-conquer variant of Kötter-Nielsen-Høholdt (KNH) interpolation algorithm: it inputs a list of linear functionals on skew polynomial vectors, and outputs a reduced Gröbner basis of their kernel intersection. We show, that the proposed KNH interpolation can be used to solve the interpolation step of interpolation-based decoding of interleaved Gabidulin codes in the rank-metric, linearized Reed-Solomon codes in the sum-rank metric and skew Reed-Solomon codes in the skew metric requiring at most $\tilde{O}(s^ω M(n))$ operations in $\mathbb{F}_{q^m}$ , where $n$ is the length of the code, $s$ the interleaving order, $M(n)$ the complexity for multiplying two skew polynomials of degree at most $n$, $ω$ the matrix multiplication exponent and $\tilde{O}(\cdot)$ the soft-O notation which neglects log factors. This matches the previous best speeds for these tasks, which were obtained by top-down minimal approximant bases techniques, and complements the theory of efficient interpolation over free skew polynomial modules by the bottom-up KNH approach. In contrast to the top-down approach the bottom-up KNH algorithm has no requirements on the interpolation points and thus does not require any pre-processing.
△ Less
Submitted 4 July, 2022;
originally announced July 2022.
-
Rank-Metric Codes and Their Applications
Authors:
Hannes Bartz,
Lukas Holzbaur,
Hedongliang Liu,
Sven Puchinger,
Julian Renner,
Antonia Wachter-Zeh
Abstract:
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size.…
▽ More
The rank metric measures the distance between two matrices by the rank of their difference. Codes designed for the rank metric have attracted considerable attention in recent years, reinforced by network coding and further motivated by a variety of applications. In code-based cryptography, the hardness of the corresponding generic decoding problem can lead to systems with reduced public-key size. In distributed data storage, codes in the rank metric have been used repeatedly to construct codes with locality, and in coded caching, they have been employed for the placement of coded symbols. This survey gives a general introduction to rank-metric codes, explains their most important applications, and highlights their relevance to these areas of research.
△ Less
Submitted 23 March, 2022;
originally announced March 2022.
-
Fast Kötter-Nielsen-Høholdt Interpolation over Skew Polynomial Rings
Authors:
Hannes Bartz,
Thomas Jerkovits
Abstract:
Skew polynomials are a class of non-commutative polynomials that have several applications in computer science, coding theory and cryptography. In particular, skew polynomials can be used to construct and decode evaluation codes in several metrics, like e.g. the Hamming, rank, sum-rank and skew metric. In this paper we propose a fast divide-and-conquer variant of the Kötter-Nielsen-Høholdt (KNH) i…
▽ More
Skew polynomials are a class of non-commutative polynomials that have several applications in computer science, coding theory and cryptography. In particular, skew polynomials can be used to construct and decode evaluation codes in several metrics, like e.g. the Hamming, rank, sum-rank and skew metric. In this paper we propose a fast divide-and-conquer variant of the Kötter-Nielsen-Høholdt (KNH) interpolation over free modules over skew polynomial rings. The proposed KNH interpolation can be used to solve the interpolation step of interpolation-based decoding of (interleaved) Gabidulin, linearized Reed-Solomon and skew Reed-Solomon codes efficiently, which have various applications in coding theory and code-based quantum-resistant cryptography.
△ Less
Submitted 18 February, 2022;
originally announced February 2022.
-
Error-Erasure Decoding of Linearized Reed-Solomon Codes in the Sum-Rank Metric
Authors:
Felicitas Hörmann,
Hannes Bartz,
Sven Puchinger
Abstract:
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their ful…
▽ More
Codes in the sum-rank metric have various applications in error control for multishot network coding, distributed storage and code-based cryptography. Linearized Reed-Solomon (LRS) codes contain Reed-Solomon and Gabidulin codes as subclasses and fulfill the Singleton-like bound in the sum-rank metric with equality. We propose the first known error-erasure decoder for LRS codes to unleash their full potential for multishot network coding. The presented syndrome-based Berlekamp-Massey-like error-erasure decoder can correct $t_F$ full errors, $t_R$ row erasures and $t_C$ column erasures up to $2t_F + t_R + t_C \leq n-k$ in the sum-rank metric requiring at most $\mathcal{O}(n^2)$ operations in $\mathbb{F}_{q^m}$, where $n$ is the code's length and $k$ its dimension. We show how the proposed decoder can be used to correct errors in the sum-subspace metric that occur in (noncoherent) multishot network coding.
△ Less
Submitted 2 September, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
Fast Decoding of Interleaved Linearized Reed-Solomon Codes and Variants
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
We construct $s$-interleaved linearized Reed--Solomon (ILRS) codes and variants and propose efficient decoding schemes that can correct errors beyond the unique decoding radius in the sum-rank metric. The proposed interpolation-based scheme for ILRS codes can be used as a list decoder or as a probabilistic unique decoder that corrects errors of sum-rank up to $t\leq\frac{s}{s+1}(n-k)$, where $s$ i…
▽ More
We construct $s$-interleaved linearized Reed--Solomon (ILRS) codes and variants and propose efficient decoding schemes that can correct errors beyond the unique decoding radius in the sum-rank metric. The proposed interpolation-based scheme for ILRS codes can be used as a list decoder or as a probabilistic unique decoder that corrects errors of sum-rank up to $t\leq\frac{s}{s+1}(n-k)$, where $s$ is the interleaving order, $n$ the length and $k$ the dimension of the code. Upper bounds on the list size and the decoding failure probability are given where the latter is based on a novel Loidreau--Overbeck-like decoder for ILRS codes. We show how the proposed decoding schemes can be used to decode errors beyond the unique decoding radius in the skew metric by using an isometry between the sum-rank metric and the skew metric.
We generalize fast minimal approximant basis interpolation techniques to obtain efficient decoding schemes for ILRS codes (and variants) with subquadratic complexity in the code length.
Up to our knowledge, the presented decoding schemes are the first being able to correct errors beyond the unique decoding region in the sum-rank and skew metric. The performance of the proposed decoding schemes and the tightness of the upper bound on the decoding failure probability are validated via Monte Carlo simulations.
△ Less
Submitted 9 September, 2025; v1 submitted 4 January, 2022;
originally announced January 2022.
-
On the Properties of Error Patterns in the Constant Lee Weight Channel
Authors:
Jessica Bariffi,
Hannes Bartz,
Gianluigi Liva,
Joachim Rosenthal
Abstract:
The problem of scalar multiplication applied to vectors is considered in the Lee metric. Unlike in other metrics, the Lee weight of a vector may be increased or decreased by the product with a nonzero, nontrivial scalar. This problem is of particular interest for cryptographic applications, like for example Lee metric code-based cryptosystems, since an attacker may use scalar multiplication to red…
▽ More
The problem of scalar multiplication applied to vectors is considered in the Lee metric. Unlike in other metrics, the Lee weight of a vector may be increased or decreased by the product with a nonzero, nontrivial scalar. This problem is of particular interest for cryptographic applications, like for example Lee metric code-based cryptosystems, since an attacker may use scalar multiplication to reduce the Lee weight of the error vector and thus to reduce the complexity of the corresponding generic decoder. The scalar multiplication problem is analyzed in the asymptotic regime. Furthermore, the construction of a vector with constant Lee weight using integer partitions is analyzed and an efficient method for drawing vectors of constant Lee weight uniformly at random from the set of all such vectors is given.
△ Less
Submitted 9 February, 2022; v1 submitted 5 October, 2021;
originally announced October 2021.
-
Efficient Decoding of Folded Linearized Reed-Solomon Codes in the Sum-Rank Metric
Authors:
Felicitas Hörmann,
Hannes Bartz
Abstract:
Recently, codes in the sum-rank metric attracted attention due to several applications in e.g. multishot network coding, distributed storage and quantum-resistant cryptography. The sum-rank analogs of Reed-Solomon and Gabidulin codes are linearized Reed-Solomon codes. We show how to construct $h$-folded linearized Reed-Solomon (FLRS) codes and derive an interpolation-based decoding scheme that is…
▽ More
Recently, codes in the sum-rank metric attracted attention due to several applications in e.g. multishot network coding, distributed storage and quantum-resistant cryptography. The sum-rank analogs of Reed-Solomon and Gabidulin codes are linearized Reed-Solomon codes. We show how to construct $h$-folded linearized Reed-Solomon (FLRS) codes and derive an interpolation-based decoding scheme that is capable of correcting sum-rank errors beyond the unique decoding radius. The presented decoder can be used for either list or probabilistic unique decoding and requires at most $\mathcal{O}(sn^2)$ operations in $\mathbb{F}_{q^m}$, where $s \leq h$ is an interpolation parameter and $n$ denotes the length of the unfolded code. We derive a heuristic upper bound on the failure probability of the probabilistic unique decoder and verify the results via Monte Carlo simulations.
△ Less
Submitted 3 September, 2022; v1 submitted 30 September, 2021;
originally announced September 2021.
-
Analysis of Low-Density Parity-Check Codes over Finite Integer Rings for the Lee Channel
Authors:
Jessica Bariffi,
Hannes Bartz,
Gianluigi Liva,
Joachim Rosenthal
Abstract:
We study the performance of nonbinary low-density parity-check (LDPC) codes over finite integer rings over two channels that arise from the Lee metric. The first channel is a discrete memory-less channel (DMC) matched to the Lee metric. The second channel adds to each codeword an error vector of constant Lee weight, where the error vector is picked uniformly at random from the set of vectors of co…
▽ More
We study the performance of nonbinary low-density parity-check (LDPC) codes over finite integer rings over two channels that arise from the Lee metric. The first channel is a discrete memory-less channel (DMC) matched to the Lee metric. The second channel adds to each codeword an error vector of constant Lee weight, where the error vector is picked uniformly at random from the set of vectors of constant Lee weight. It is shown that the marginal conditional distributions of the two channels coincide, in the limit of large block length. Random coding union bounds on the block error probability are derived for both channels. Moreover, the performance of selected LDPC code ensembles is analyzed by means of density evolution and finite-length simulations, with belief propagation decoding and with a low-complexity symbol message passing algorithm and it is compared to the derived bounds.
△ Less
Submitted 18 October, 2022; v1 submitted 18 May, 2021;
originally announced May 2021.
-
Decoding of Interleaved Linearized Reed-Solomon Codes with Applications to Network Coding
Authors:
Hannes Bartz,
Sven Puchinger
Abstract:
Recently, Martinez-Penas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martinez-Penas-Kschischang, interleaving allows to increase the decoding region significantly…
▽ More
Recently, Martinez-Penas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martinez-Penas-Kschischang, interleaving allows to increase the decoding region significantly (especially w.r.t. the number of insertions) and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. The proposed decoder is a list decoder that can also be interpreted as a probabilistic unique decoder. Although our best upper bound on the list size is exponential, we present a heuristic argument and simulation results that indicate that the list size is in fact one for most channel realizations up to the maximal decoding radius.
△ Less
Submitted 27 May, 2021; v1 submitted 14 January, 2021;
originally announced January 2021.
-
Fast Decoding of Codes in the Rank, Subspace, and Sum-Rank Metric
Authors:
Hannes Bartz,
Thomas Jerkovits,
Sven Puchinger,
Johan Rosenkilde
Abstract:
We speed up existing decoding algorithms for three code classes in different metrics: interleaved Gabidulin codes in the rank metric, lifted interleaved Gabidulin codes in the subspace metric, and linearized Reed-Solomon codes in the sum-rank metric. The speed-ups are achieved by new algorithms that reduce the cores of the underlying computational problems of the decoders to one common tool: compu…
▽ More
We speed up existing decoding algorithms for three code classes in different metrics: interleaved Gabidulin codes in the rank metric, lifted interleaved Gabidulin codes in the subspace metric, and linearized Reed-Solomon codes in the sum-rank metric. The speed-ups are achieved by new algorithms that reduce the cores of the underlying computational problems of the decoders to one common tool: computing left and right approximant bases of matrices over skew polynomial rings. To accomplish this, we describe a skew-analogue of the existing PM-Basis algorithm for matrices over ordinary polynomials. This captures the bulk of the work in multiplication of skew polynomials, and the complexity benefit comes from existing algorithms performing this faster than in classical quadratic complexity. The new algorithms for the various decoding-related computational problems are interesting in their own and have further applications, in particular parts of decoders of several other codes and foundational problems related to the remainder-evaluation of skew polynomials.
△ Less
Submitted 10 March, 2021; v1 submitted 20 May, 2020;
originally announced May 2020.
-
White Paper on Critical and Massive Machine Type Communication Towards 6G
Authors:
Nurul Huda Mahmood,
Stefan Böcker,
Andrea Munari,
Federico Clazzer,
Ingrid Moerman,
Konstantin Mikhaylov,
Onel Lopez,
Ok-Sun Park,
Eric Mercier,
Hannes Bartz,
Riku Jäntti,
Ravikumar Pragada,
Yihua Ma,
Elina Annanperä,
Christian Wietfeld,
Martin Andraud,
Gianluigi Liva,
Yan Chen,
Eduardo Garro,
Frank Burkhardt,
Hirley Alves,
Chen-Feng Liu,
Yalcin Sadi,
Jean-Baptiste Dore,
Eunah Kim
, et al. (6 additional authors not shown)
Abstract:
The society as a whole, and many vertical sectors in particular, is becoming increasingly digitalized. Machine Type Communication (MTC), encompassing its massive and critical aspects, and ubiquitous wireless connectivity are among the main enablers of such digitization at large. The recently introduced 5G New Radio is natively designed to support both aspects of MTC to promote the digital transfor…
▽ More
The society as a whole, and many vertical sectors in particular, is becoming increasingly digitalized. Machine Type Communication (MTC), encompassing its massive and critical aspects, and ubiquitous wireless connectivity are among the main enablers of such digitization at large. The recently introduced 5G New Radio is natively designed to support both aspects of MTC to promote the digital transformation of the society. However, it is evident that some of the more demanding requirements cannot be fully supported by 5G networks. Alongside, further development of the society towards 2030 will give rise to new and more stringent requirements on wireless connectivity in general, and MTC in particular. Driven by the societal trends towards 2030, the next generation (6G) will be an agile and efficient convergent network serving a set of diverse service classes and a wide range of key performance indicators (KPI). This white paper explores the main drivers and requirements of an MTC-optimized 6G network, and discusses the following six key research questions:
- Will the main KPIs of 5G continue to be the dominant KPIs in 6G; or will there emerge new key metrics?
- How to deliver different E2E service mandates with different KPI requirements considering joint-optimization at the physical up to the application layer?
- What are the key enablers towards designing ultra-low power receivers and highly efficient sleep modes?
- How to tackle a disruptive rather than incremental joint design of a massively scalable waveform and medium access policy for global MTC connectivity?
- How to support new service classes characterizing mission-critical and dependable MTC in 6G?
- What are the potential enablers of long term, lightweight and flexible privacy and security schemes considering MTC device requirements?
△ Less
Submitted 4 May, 2020; v1 submitted 29 April, 2020;
originally announced April 2020.
-
Protograph-Based Decoding of LDPC Codes with Hamming Weight Amplifiers
Authors:
Hannes Bartz,
Emna Ben Yacoub,
Lorenza Bertarelli,
Gianluigi Liva
Abstract:
A new protograph-based framework for message passing (MP) decoding of low density parity-check (LDPC) codes with Hamming weight amplifiers (HWAs), which are used e.g. in the NIST post-quantum crypto candidate LEDAcrypt, is proposed. The scheme exploits the correlations in the error patterns introduced by the HWA using a turbo-like decoding approach where messages between the decoders for the outer…
▽ More
A new protograph-based framework for message passing (MP) decoding of low density parity-check (LDPC) codes with Hamming weight amplifiers (HWAs), which are used e.g. in the NIST post-quantum crypto candidate LEDAcrypt, is proposed. The scheme exploits the correlations in the error patterns introduced by the HWA using a turbo-like decoding approach where messages between the decoders for the outer code given by the HWA and the inner LDPC code are exchanged. Decoding thresholds for the proposed scheme are computed using density evolution (DE) analysis for belief propagation (BP) and ternary message passing (TMP) decoding and compared to existing decoding approaches. The proposed scheme improves upon the basic approach of decoding LDPC code from the amplified error and has a similar performance as decoding the corresponding moderate-density parity-check (MDPC) code but with a significantly lower computational complexity.
△ Less
Submitted 7 February, 2020;
originally announced February 2020.
-
Randomized Decoding of Gabidulin Codes Beyond the Unique Decoding Radius
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz,
Sven Puchinger,
Pierre Loidreau,
Antonia Wachter-Zeh
Abstract:
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm.…
▽ More
We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.
△ Less
Submitted 10 February, 2020; v1 submitted 29 November, 2019;
originally announced November 2019.
-
Efficient Decoding of Interleaved Low-Rank Parity-Check Codes
Authors:
Julian Renner,
Thomas Jerkovits,
Hannes Bartz
Abstract:
An efficient decoding algorithm for horizontally u-interleaved LRPC codes is proposed and analyzed. Upper bounds on the decoding failure rate and the computational complexity of the algorithm are derived. It is shown that interleaving reduces the decoding failure rate exponentially in the interleaving order u whereas the computational complexity grows linearly.
An efficient decoding algorithm for horizontally u-interleaved LRPC codes is proposed and analyzed. Upper bounds on the decoding failure rate and the computational complexity of the algorithm are derived. It is shown that interleaving reduces the decoding failure rate exponentially in the interleaving order u whereas the computational complexity grows linearly.
△ Less
Submitted 28 August, 2019;
originally announced August 2019.
-
Protograph-based Quasi-Cyclic MDPC Codes for McEliece Cryptosystems
Authors:
Gianluigi Liva,
Hannes Bartz
Abstract:
In this paper, ensembles of quasi-cyclic moderate-density parity-check (MDPC) codes based on protographs are introduced and analyzed in the context of a McEliece-like cryptosystem. The proposed ensembles significantly improve the error correction capability of the regular MDPC code ensembles that are currently considered for post-quantum cryptosystems without increasing the public key size. The pr…
▽ More
In this paper, ensembles of quasi-cyclic moderate-density parity-check (MDPC) codes based on protographs are introduced and analyzed in the context of a McEliece-like cryptosystem. The proposed ensembles significantly improve the error correction capability of the regular MDPC code ensembles that are currently considered for post-quantum cryptosystems without increasing the public key size. The proposed ensembles are analyzed in the asymptotic setting via density evolution, both under the sum-product algorithm and a low-complexity (error-and-erasure) message passing algorithm. The asymptotic analysis is complemented at finite block lengths by Monte Carlo simulations. The enhanced error correction capability remarkably improves the scheme robustness with respect to (known) decoding attacks.
△ Less
Submitted 23 January, 2018;
originally announced January 2018.
-
On Decoding Schemes for the MDPC-McEliece Cryptosystem
Authors:
Hannes Bartz,
Gianluigi Liva
Abstract:
Recently, it has been shown how McEliece public-key cryptosystems based on moderate-density parity-check (MDPC) codes allow for very compact keys compared to variants based on other code families. In this paper, classical (iterative) decoding schemes for MPDC codes are considered. The algorithms are analyzed with respect to their error-correction capability as well as their resilience against a re…
▽ More
Recently, it has been shown how McEliece public-key cryptosystems based on moderate-density parity-check (MDPC) codes allow for very compact keys compared to variants based on other code families. In this paper, classical (iterative) decoding schemes for MPDC codes are considered. The algorithms are analyzed with respect to their error-correction capability as well as their resilience against a recently proposed reaction-based key-recovery attack on a variant of the MDPC-McEliece cryptosystem by Guo, Johansson and Stankovski (GJS). New message-passing decoding algorithms are presented and analyzed. Two proposed decoding algorithms have an improved error-correction performance compared to existing hard-decision decoding schemes and are resilient against the GJS reaction-based attack for an appropriate choice of the algorithm's parameters. Finally, a modified belief propagation decoding algorithm that is resilient against the GJS reaction-based attack is presented.
△ Less
Submitted 17 January, 2018;
originally announced January 2018.
-
Improved Decoding and Error Floor Analysis of Staircase Codes
Authors:
Lukas Holzbaur,
Hannes Bartz,
Antonia Wachter-Zeh
Abstract:
Staircase codes play an important role as error-correcting codes in optical communications. In this paper, a low-complexity method for resolving stall patterns when decoding staircase codes is described. Stall patterns are the dominating contributor to the error floor in the original decoding method. Our improvement is based on locating stall patterns by intersecting non-zero syndromes and flippin…
▽ More
Staircase codes play an important role as error-correcting codes in optical communications. In this paper, a low-complexity method for resolving stall patterns when decoding staircase codes is described. Stall patterns are the dominating contributor to the error floor in the original decoding method. Our improvement is based on locating stall patterns by intersecting non-zero syndromes and flipping the corresponding bits. The approach effectively lowers the error floor and allows for a new range of block sizes to be considered for optical communications at a certain rate or, alternatively, a significantly decreased error floor for the same block size. Further, an improved error floor analysis is introduced which provides a more accurate estimation of the contributions to the error floor.
△ Less
Submitted 3 December, 2018; v1 submitted 6 April, 2017;
originally announced April 2017.
-
List and Probabilistic Unique Decoding of Folded Subspace Codes
Authors:
Hannes Bartz,
Vladimir Sidorenko
Abstract:
A new class of folded subspace codes for noncoherent network coding is presented. The codes can correct insertions and deletions beyond the unique decoding radius for any code rate $R\in[0,1]$. An efficient interpolation-based decoding algorithm for this code construction is given which allows to correct insertions and deletions up to the normalized radius $s(1-((1/h+h)/(h-s+1))R)$, where $h$ is t…
▽ More
A new class of folded subspace codes for noncoherent network coding is presented. The codes can correct insertions and deletions beyond the unique decoding radius for any code rate $R\in[0,1]$. An efficient interpolation-based decoding algorithm for this code construction is given which allows to correct insertions and deletions up to the normalized radius $s(1-((1/h+h)/(h-s+1))R)$, where $h$ is the folding parameter and $s\leq h$ is a decoding parameter. The algorithm serves as a list decoder or as a probabilistic unique decoder that outputs a unique solution with high probability. An upper bound on the average list size of (folded) subspace codes and on the decoding failure probability is derived. A major benefit of the decoding scheme is that it enables probabilistic unique decoding up to the list decoding radius.
△ Less
Submitted 21 April, 2015;
originally announced April 2015.
-
Efficient Interpolation-Based Decoding of Interleaved Subspace and Gabidulin Codes
Authors:
Hannes Bartz,
Antonia Wachter-Zeh
Abstract:
An interpolation-based decoding scheme for interleaved subspace codes is presented. The scheme can be used as a (not necessarily polynomial-time) list decoder as well as a probabilistic unique decoder. Both interpretations allow to decode interleaved subspace codes beyond half the minimum subspace distance. Further, an efficient interpolation procedure for the required linearized multivariate poly…
▽ More
An interpolation-based decoding scheme for interleaved subspace codes is presented. The scheme can be used as a (not necessarily polynomial-time) list decoder as well as a probabilistic unique decoder. Both interpretations allow to decode interleaved subspace codes beyond half the minimum subspace distance. Further, an efficient interpolation procedure for the required linearized multivariate polynomials is presented and a computationally- and memory-efficient root-finding algorithm for the probabilistic unique decoder is proposed. These two efficient algorithms can also be applied for accelerating the decoding of interleaved Gabidulin codes.
△ Less
Submitted 6 August, 2014;
originally announced August 2014.
