-
Rank-metric codes over arbitrary Galois extensions and rank analogues of Reed-Muller codes
Authors:
Daniel Augot,
Alain Couvreur,
Julien Lavauzelle,
Alessandro Neri
Abstract:
This paper extends the study of rank-metric codes in extension fields $\mathbb{L}$ equipped with an arbitrary Galois group $G = \mathrm{Gal}(\mathbb{L}/\mathbb{K})$. We propose a framework for studying these codes as subspaces of the group algebra $\mathbb{L}[G]$, and we relate this point of view with usual notions of rank-metric codes in $\mathbb{L}^N$ or in $\mathbb{K}^{N\times N}$, where…
▽ More
This paper extends the study of rank-metric codes in extension fields $\mathbb{L}$ equipped with an arbitrary Galois group $G = \mathrm{Gal}(\mathbb{L}/\mathbb{K})$. We propose a framework for studying these codes as subspaces of the group algebra $\mathbb{L}[G]$, and we relate this point of view with usual notions of rank-metric codes in $\mathbb{L}^N$ or in $\mathbb{K}^{N\times N}$, where $N = [\mathbb{L} : \mathbb{K}]$. We then adapt the notion of error-correcting pairs to this context, in order to provide a non-trivial decoding algorithm for these codes. We then focus on the case where $G$ is abelian, which leads us to see codewords as elements of a multivariate skew polynomial ring. We prove that we can bound the dimension of the vector space of zeroes of these polynomials, depending of their degree. This result can be seen as an analogue of Alon-Füredi theorem -- and by means, of Schwartz-Zippel lemma -- in the rank metric. Finally, we construct the counterparts of Reed-Muller codes in the rank metric, and we give their parameters. We also show the connection between these codes and classical Reed-Muller codes in the case where $\mathbb{L}$ is a Kummer extension.
△ Less
Submitted 25 June, 2020;
originally announced June 2020.
-
On the privacy of a code-based single-server computational PIR scheme
Authors:
Sarah Bordage,
Julien Lavauzelle
Abstract:
We show that the single-server computational PIR protocol proposed by Holzbaur, Hollanti and Wachter-Zeh in 2020 is not private, in the sense that the server can recover in polynomial time the index of the desired file with very high probability. The attack relies on the following observation. Removing rows of the query matrix corresponding to the desired file yields a large decrease of the dimens…
▽ More
We show that the single-server computational PIR protocol proposed by Holzbaur, Hollanti and Wachter-Zeh in 2020 is not private, in the sense that the server can recover in polynomial time the index of the desired file with very high probability. The attack relies on the following observation. Removing rows of the query matrix corresponding to the desired file yields a large decrease of the dimension over $\mathbb{F}_q$ of the vector space spanned by the rows of this punctured matrix. Such a dimension loss only shows up with negligible probability when rows unrelated to the requested file are deleted.
△ Less
Submitted 1 April, 2020;
originally announced April 2020.
-
RAMESSES, a Rank Metric Encryption Scheme with Short Keys
Authors:
Julien Lavauzelle,
Pierre Loidreau,
Ba-Duc Pham
Abstract:
We present a rank metric code-based encryption scheme with key and ciphertext sizes comparable to that of isogeny-based cryptography for an equivalent security level. The system also benefits from efficient encryption and decryption algorithms, which rely on linear algebra operations over finite fields of moderate sizes. The security only relies on rank metric decoding problems, and does not requi…
▽ More
We present a rank metric code-based encryption scheme with key and ciphertext sizes comparable to that of isogeny-based cryptography for an equivalent security level. The system also benefits from efficient encryption and decryption algorithms, which rely on linear algebra operations over finite fields of moderate sizes. The security only relies on rank metric decoding problems, and does not require to hide the structure of a code. Based on the current knowledge, those problems cannot be efficiently solved by a quantum computer. Finally, the proposed scheme admits a failure probability that can be precisely controlled and made as low as possible.
△ Less
Submitted 29 November, 2019;
originally announced November 2019.
-
Cryptanalysis of a System Based on Twisted Reed-Solomon Codes
Authors:
Julien Lavauzelle,
Julian Renner
Abstract:
Twisted Reed-Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed--Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the…
▽ More
Twisted Reed-Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed--Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the fact that a large subfamily of TRS codes is resilient to a direct use of known algebraic key-recovery methods. In this paper, an efficient key-recovery attack on the TRS variant that was used in the McEliece cryptosystem is presented. The algorithm exploits a new approach based on recovering the structure of a well-chosen subfield subcode of the public code. It is proved that the attack always succeeds and breaks the system for all practical parameters in $O(n^4)$ field operations. A software implementation of the algorithm retrieves a valid private key from the public key within a few minutes, for parameters claiming a security level of 128 bits. The success of the attack also indicates that, contrary to common beliefs, subfield subcodes of the public code need to be precisely analyzed when proposing a McEliece-type code-based cryptosystem. Finally, the paper discusses an attempt to repair the scheme and a modification of the attack aiming at Gabidulin-Paramonov-Tretjakov cryptosystems based on twisted Gabidulin codes.
△ Less
Submitted 23 March, 2020; v1 submitted 26 April, 2019;
originally announced April 2019.
-
Weighted Lifted Codes: Local Correctabilities and Application to Robust Private Information Retrieval
Authors:
Julien Lavauzelle,
Jade Nardi
Abstract:
Low degree Reed-Muller codes are known to satisfy local decoding properties which find applications in private information retrieval (PIR) protocols, for instance. However, their practical instantiation encounters a first barrier due to their poor information rate in the low degree regime. This lead the community to design codes with similar local properties but larger dimension, namely the lifted…
▽ More
Low degree Reed-Muller codes are known to satisfy local decoding properties which find applications in private information retrieval (PIR) protocols, for instance. However, their practical instantiation encounters a first barrier due to their poor information rate in the low degree regime. This lead the community to design codes with similar local properties but larger dimension, namely the lifted Reed-Solomon codes.
However, a second practical barrier appears when one requires that the PIR protocol resists collusions of servers. In this paper, we propose a solution to this problem by considering \emph{weighted} Reed-Muller codes. We prove that such codes allow us to build PIR protocols with optimal computation complexity and resisting to a small number of colluding servers.
In order to improve the dimension of the codes, we then introduce an analogue of the lifting process for weigthed degrees. With a careful analysis of their degree sets, we notably show that the weighted lifting of Reed-Solomon codes produces families of codes with remarkable asymptotic parameters.
△ Less
Submitted 18 April, 2019;
originally announced April 2019.
-
Private Information Retrieval Schemes with Regenerating Codes
Authors:
Julien Lavauzelle,
Razane Tajeddine,
Ragnar Freij-Hollanti,
Camilla Hollanti
Abstract:
A private information retrieval (PIR) scheme allows a user to retrieve a file from a database without revealing any information on the file being requested. As of now, PIR schemes have been proposed for several kinds of storage systems, including replicated and MDS-coded data. In this paper, the problem of constructing a PIR scheme on regenerating codes is considered.
A regenerating code is a st…
▽ More
A private information retrieval (PIR) scheme allows a user to retrieve a file from a database without revealing any information on the file being requested. As of now, PIR schemes have been proposed for several kinds of storage systems, including replicated and MDS-coded data. In this paper, the problem of constructing a PIR scheme on regenerating codes is considered.
A regenerating code is a storage code whose codewords are distributed among $n$ nodes, enabling efficient storage of files, as well as low-bandwidth retrieval of files and repair of nodes. In this work, a PIR scheme on regenerating codes is constructed, using the product-matrix (PM) framework of Rashmi, Shah and Kumar. Both the minimum-bandwidth (MBR) and minimum-storage (MSR) settings are considered, and the structure given by the PM framework is used in order to reduce the download communication complexity of our schemes.
△ Less
Submitted 6 December, 2018; v1 submitted 7 November, 2018;
originally announced November 2018.
-
Lifted Projective Reed-Solomon Codes
Authors:
Julien Lavauzelle
Abstract:
Lifted Reed-Solomon codes, introduced by Guo, Kopparty and Sudan in 2013, are known as one of the few families of high-rate locally correctable codes. They are built through the evaluation over the affine space of multivariate polynomials whose restriction along any affine line can be interpolated as a low degree univariate polynomial.
In this work, we give a formal definition of their analogues…
▽ More
Lifted Reed-Solomon codes, introduced by Guo, Kopparty and Sudan in 2013, are known as one of the few families of high-rate locally correctable codes. They are built through the evaluation over the affine space of multivariate polynomials whose restriction along any affine line can be interpolated as a low degree univariate polynomial.
In this work, we give a formal definition of their analogues over projective spaces, and we study some of their parameters and features. Local correcting algorithms are first derived from the very nature of these codes, generalizing the well-known local correcting algorithms for Reed-Muller codes. We also prove that the lifting of both Reed-Solomon and projective Reed-Solomon codes are deeply linked through shortening and puncturing operations. It leads to recursive formulae on their dimension and their monomial bases. We finally emphasize the practicality of lifted projective Reed-Solomon codes by computing their information sets and by providing an implementation of the codes and their local correcting algorithms.
△ Less
Submitted 4 September, 2018;
originally announced September 2018.
-
Private Information Retrieval from Transversal Designs
Authors:
Julien Lavauzelle
Abstract:
Private information retrieval (PIR) protocols allow a user to retrieve entries of a database without revealing the index of the desired item. Information-theoretical privacy can be achieved by the use of several servers and specific retrieval algorithms. Most of known PIR protocols focus on decreasing the number of bits exchanged between the client and the server(s) during the retrieval process. O…
▽ More
Private information retrieval (PIR) protocols allow a user to retrieve entries of a database without revealing the index of the desired item. Information-theoretical privacy can be achieved by the use of several servers and specific retrieval algorithms. Most of known PIR protocols focus on decreasing the number of bits exchanged between the client and the server(s) during the retrieval process. On another side, Fazeli et. al. introduced so-called PIR codes in order to reduce the storage overhead on the servers. However, only a few works address the issue of the computation complexity of the servers.
In this paper, we show that a specific encoding of the database provides PIR protocols with reasonable communication complexity, low storage overhead and optimal computational complexity for the servers. This encoding is based on incidence matrices of transversal designs, from which a natural and efficient recovering algorithm is derived. We also present instances of our construction, making use of finite geometries and orthogonal arrays, and we finally give a generalisation of our main construction for resisting collusions of servers.
△ Less
Submitted 4 September, 2018; v1 submitted 22 September, 2017;
originally announced September 2017.
