Cryptographic Hardness Based on the Decoding of Reed–Solomon Codes

In this paper, we investigate the decoding problem of Reed-Solomon (RS) codes, also known as the polynomial reconstruction problem (PR), from a cryptographic hardness perspective. Namely, we deal with samplable PR instances over parameter choices for which decoding is not known to be feasibly solvable and where part of the solution polynomial is the hidden input. We put forth a natural decisional intractability assumption that relates to this decoding problem: distinguishing between a single randomly chosen error location and a single randomly chosen nonerror location for a given corrupted RS codeword with random noise. We prove that under this assumption, PR instances are entirely pseudorandom, i.e., they are indistinguishable from random vectors over the underlying finite field. Moreover, under the same assumption, we show that it is hard to extract any partial information related to the hidden input encoded by the corrupted PR instance, i.e., PR instances hide their message polynomial solution in the semantic security sense. The above results lay a framework for the exploitation of PR as an intractability assumption for provable security of cryptographic primitives. Based on this framework, we present provably secure cryptographic constructions for (1) a pseudorandom number generator, (2) a semantically secure version of the oblivious polynomial evaluation (OPE) protocol, and (3) a stateful cipher with a set of interesting properties that include: semantic security, forward secrecy, error-correcting decryption and an array of random self-reducibility properties with respect to the plaintext choice, key choice, and partial domain choice.

[1]  Madhu Sudan,et al.  Reconstructing curves in three (and higher) dimensional space from noisy data , 2003, STOC '03.

[2]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[3]  Shafi Goldmer An Eflcient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985 .

[4]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[5]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[6]  Oded Goldreich,et al.  A uniform-complexity treatment of encryption and zero-knowledge , 1993, Journal of Cryptology.

[7]  Aggelos Kiayias,et al.  Decoding interleaved Reed-Solomon codes over noisy channels , 2007, Theor. Comput. Sci..

[8]  Moni Naor,et al.  Oblivious Polynomial Evaluation , 2006, SIAM J. Comput..

[9]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[10]  Ronitt Rubinfeld,et al.  Learning polynomials with queries: The highly noisy case , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[11]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 1999, CCS '99.

[12]  Phong Q. Nguyen,et al.  Noisy Polynomial Interpolation and Noisy Chinese Remaindering , 2000, EUROCRYPT.

[13]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[14]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[15]  Gilles Brassard,et al.  Strengths and Weaknesses of Quantum Computing , 1997, SIAM J. Comput..

[16]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[17]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[18]  Madhu Sudan,et al.  Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..

[19]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[20]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[21]  A. Kiayias,et al.  Directions in Polynomial Reconstruction Based Cryptography , 2004 .

[22]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[23]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[24]  Alexander Vardy,et al.  Correcting errors beyond the Guruswami-Sudan radius in polynomial time , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[25]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[26]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[27]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[28]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[29]  Aggelos Kiayias,et al.  Decoding of Interleaved Reed Solomon Codes over Noisy Data , 2003, ICALP.

[30]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[31]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[32]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[33]  Oded Goldreich,et al.  A Note on Computational Indistinguishability , 1990, Inf. Process. Lett..

[34]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[35]  Aggelos Kiayias,et al.  Cryptographic Hardness Based on the Decoding of Reed-Solomon Codes , 2008, IEEE Trans. Inf. Theory.