Classical and Quantum algorithms for generic Syndrome Decoding problems and applications to the Lee metric

The security of code-based cryptography usually relies on the hardness of the syndrome decoding (SD) problem for the Hamming weight. The best generic algorithms are all improvements of an old algorithm by Prange, and they are known under the name of Information Set Decoding (ISD) algorithms. This work aims to extend ISD algorithms’ scope by changing the underlying weight function and alphabet size of SD. More precisely, we show how to use Wagner’s algorithm in the ISD framework to solve SD for a wide range of weight functions. We also calculate the asymptotic complexities of ISD algorithms, both for the classical and quantum case. We then apply our results to the Lee metric, which is currently receiving a significant amount of attention. By providing the parameters of SD for the Lee weight for which decoding seems to be the hardest, our study could have several applications for designing code-based cryptosystems and their security analysis, especially against quantum adversaries.

[1]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[2]  Danièle Gardy,et al.  Saddle Point Techniques in Asymptotic Coding Theory , 1991, Algebraic Coding.

[3]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[4]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[5]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[6]  Ray A. Perlner,et al.  Improvements of Algebraic Attacks for Solving the Rank Decoding and MinRank Problems , 2020, ASIACRYPT.

[7]  Steve Szabo,et al.  Complexity Issues in Coding Theory , 1997 .

[8]  Jean-Pierre Tillich,et al.  Quantum Information Set Decoding Algorithms , 2017, PQCrypto.

[9]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[10]  Adrien Hauteville,et al.  Durandal: a rank metric based signature scheme , 2019, IACR Cryptol. ePrint Arch..

[11]  Gilles Brassard,et al.  An exact quantum polynomial-time algorithm for Simon's problem , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[12]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[13]  Colin Cooper,et al.  On the distribution of rank of a random matrix over a finite field , 2000, Random Struct. Algorithms.

[14]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[15]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[16]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[17]  Adrish Banerjee,et al.  A method to find the volume of a sphere in the Lee metric, and its applications , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[18]  Jean-Pierre Tillich,et al.  Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes , 2018, ASIACRYPT.

[19]  Thomas Debris-Alazard,et al.  Ternary Syndrome Decoding with Large Weight , 2019, IACR Cryptol. ePrint Arch..

[20]  Violetta Weger,et al.  A New Path to Code-based Signatures via Identification Schemes with Restricted Errors , 2020, ArXiv.

[21]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[22]  Jaakko Astola On the asymptotic behaviour of Lee-codes , 1984, Discret. Appl. Math..

[23]  P. Gaborit,et al.  An Algebraic Attack on Rank Metric Code-Based Cryptosystems , 2019, EUROCRYPT.

[24]  Alexander May,et al.  On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes , 2015, EUROCRYPT.