Performance bounds for QC-MDPC codes decoders

Quasi-Cyclic Moderate-Density Parity-Check (QC-MDPC) codes are receiving increasing attention for their advantages in the context of post-quantum asymmetric cryptography based on codes. However, a fundamentally open question concerns modeling the performance of their decoders in the region of a low decoding failure rate (DFR). We provide two approaches for bounding the performance of these decoders, and study their asymptotic behavior. We first consider the well-known Maximum Likelihood (ML) decoder, which achieves optimal performance and thus provides a lower bound on the performance of any sub-optimal decoder. We provide lower and upper bounds on the performance of ML decoding of QC-MDPC codes and show that the DFR of the ML decoder decays polynomially in the QC-MDPC code length when all other parameters are fixed. Secondly, we analyze some hard to decode error patterns for Bit-Flipping (BF) decoding algorithms, from which we derive some lower bounds on the DFR of BF decoders applied to QC-MDPC codes.

[1]  Marco Baldi,et al.  Hard-Decision Iterative Decoding of LDPC Codes with Bounded Error Rate , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[2]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[3]  Gregory Poltyrev,et al.  Bounds on the decoding error probability of binary linear codes via their spectra , 1994, IEEE Trans. Inf. Theory.

[4]  Leif Both,et al.  Decoding Linear Codes with High Error Rate and its Impact for LPN Security , 2017, IACR Cryptol. ePrint Arch..

[5]  Alain Couvreur,et al.  Distinguisher-based attacks on public-key cryptosystems using Reed–Solomon codes , 2013, Des. Codes Cryptogr..

[6]  Marco Baldi,et al.  QC-LDPC Code-Based Cryptography , 2014, Springer Briefs in Electrical and Computer Engineering.

[7]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[8]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[9]  Mohammad Reza Aref,et al.  Squaring attacks on McEliece public-key cryptosystems using quasi-cyclic codes of even dimension , 2016, Des. Codes Cryptogr..

[10]  Paulo S. L. M. Barreto,et al.  BIKE: Bit Flipping Key Encapsulation , 2017 .

[11]  Nicolas Sendrier,et al.  Analysis of Information Set Decoding for a Sub-linear Error Weight , 2016, PQCrypto.

[12]  Thomas Johansson,et al.  A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors , 2016, ASIACRYPT.

[13]  Daniel Apon,et al.  Cryptanalysis of LEDAcrypt , 2020, IACR Cryptol. ePrint Arch..

[14]  Daniel J. Bernstein,et al.  conservative code-based cryptography , 2017 .

[15]  Nicolas Sendrier,et al.  On the Decoding Failure Rate of QC-MDPC Bit-Flipping Decoders , 2019, IACR Cryptol. ePrint Arch..

[16]  Alessandro Barenghi,et al.  A Failure Rate Model of Bit-flipping Decoders for QC-LDPC and QC-MDPC Code-based Cryptosystems , 2020, ICETE.

[17]  Alessandro Barenghi,et al.  LEDAcrypt: Low-dEnsity parity-check coDe-bAsed cryptographic systems , 2019 .

[18]  Edward Eaton,et al.  QC-MDPC: A Timing Attack and a CCA2 KEM , 2018, IACR Cryptol. ePrint Arch..

[19]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[20]  Nicolas Sendrier,et al.  On the Existence of Weak Keys for QC-MDPC Decoding , 2020, IACR Cryptol. ePrint Arch..

[21]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[22]  Shay Gueron,et al.  A toolbox for software optimization of QC-MDPC code-based cryptosystems , 2019, IACR Cryptol. ePrint Arch..

[23]  Alexander Vardy,et al.  The intractability of computing the minimum distance of a code , 1997, IEEE Trans. Inf. Theory.

[24]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[25]  Alessandro Barenghi,et al.  A Finite Regime Analysis of Information Set Decoding Algorithms , 2019, Algorithms.

[26]  Eike Kiltz,et al.  A Modular Analysis of the Fujisaki-Okamoto Transformation , 2017, TCC.

[27]  Jean-Pierre Tillich,et al.  Speeding up decoding a code with a non-trivial automorphism group up to an exponential factor , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[28]  Nicolas Sendrier,et al.  Decoding One Out of Many , 2011, PQCrypto.

[29]  Joachim Rosenthal,et al.  Security of generalised Reed-Solomon code-based cryptosystems , 2019, IET Inf. Secur..

[30]  Ming-Shing Chen,et al.  Optimizing BIKE for the Intel Haswell and ARM Cortex-M4 , 2021, IACR Cryptol. ePrint Arch..

[31]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[32]  Marco Baldi,et al.  Analysis of reaction and timing attacks against cryptosystems based on sparse parity-check codes , 2019, CBC.

[33]  Nicolas Sendrier,et al.  About Low DFR for QC-MDPC Decoding , 2020, IACR Cryptol. ePrint Arch..

[34]  Jean-Pierre Tillich,et al.  The Decoding Failure Probability of MDPC Codes , 2018, 2018 IEEE International Symposium on Information Theory (ISIT).

[35]  Shay Gueron,et al.  QC-MDPC decoders with several shades of gray , 2020, IACR Cryptol. ePrint Arch..

[36]  Joachim Rosenthal,et al.  Encryption Scheme Based on Expanded Reed-Solomon Codes , 2021, Adv. Math. Commun..

[37]  Franco Chiaraluce,et al.  Analysis of the Error Correction Capability of LDPC and MDPC Codes Under Parallel Bit-Flipping Decoding and Application to Cryptography , 2019, IEEE Transactions on Communications.

[38]  Shagnik Das A brief note on estimates of binomial coefficients , 2015 .