Decoding Square-Free Goppa Codes Over $\BBF_{p}$

We propose a new, efficient nondeterministic decoding algorithm for square-free Goppa codes over Fp for any prime p. If the code in question has degree t and the average distance to the closest codeword is at least (4/p)t + 1, the proposed decoder can uniquely correct up to (2/p)t errors with high probability. The correction capability is higher if the distribution of error magnitudes is not uniform, approaching or reaching t errors when any particular error value occurs much more often than others or exclusively. This makes the method interesting for (semantically secure) cryptosystems based on the decoding problem for permuted and punctured Goppa codes.

[1]  T. Muldersa,et al.  On lattice reduction for polynomial matrices , 2003 .

[2]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[3]  Carlos R. P. Hartmann,et al.  On the minimum distance of certain reversible cyclic codes (Corresp.) , 1970, IEEE Trans. Inf. Theory.

[4]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[5]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[6]  Arne Storjohann,et al.  On lattice reduction for polynomial matrices , 2000 .

[7]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[8]  Masao Kasahara,et al.  Further results on Goppa codes and their applications to constructing efficient binary codes , 1976, IEEE Trans. Inf. Theory.

[9]  Carlos R. P. Hartmann,et al.  Generalizations of the BCH Bound , 1972, Inf. Control..

[10]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[11]  V. Popov Some properties of the control systems with irreducible matrix — Transfer functions , 1970 .

[12]  Robert T. Chien,et al.  Cyclic decoding procedures for Bose- Chaudhuri-Hocquenghem codes , 1964, IEEE Trans. Inf. Theory.

[13]  Kenneth K. Tzeng,et al.  The new minimum distance bounds of Goppa codes and their decoding , 1996 .

[14]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, CRYPTO.

[15]  Kwankyu Lee,et al.  List decoding of Reed-Solomon codes from a Gröbner basis perspective , 2008, J. Symb. Comput..

[16]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[17]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[18]  Tanja Lange,et al.  Wild McEliece , 2010, IACR Cryptol. ePrint Arch..

[19]  Masao Kasahara,et al.  A Method for Solving Key Equation for Decoding Goppa Codes , 1975, Inf. Control..

[20]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[21]  Chang-Seop Park,et al.  The New Minimum Distance Bounds of Goppa Codes and Their Decoding , 1996, Des. Codes Cryptogr..

[22]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[23]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[24]  Daniele Micciancio The Shortest Vector in a Lattice is Hard to Approximate to within Some Constant , 2000, SIAM J. Comput..

[25]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[26]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[27]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[28]  E. Berlekamp Factoring polynomials over large finite fields* , 1971, SYMSAC '71.

[29]  Daniel J. Bernstein List Decoding for Binary Goppa Codes , 2011, IWCC.

[30]  Daniel Augot,et al.  List-decoding of binary Goppa codes up to the binary Johnson bound , 2010, 2011 IEEE Information Theory Workshop.