Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications

A random linear code has good minimal distance with high probability. The conjectured intractability of decoding random linear codes has recently found many applications in cryptography. One disadvantage of random linear codes is that their encoding complexity grows quadratically with the message length. Motivated by this disadvantage, we present a randomized construction of linear error-correcting codes which can be encoded in linear time and yet enjoy several useful features of random linear codes. Our construction is based on a linear-time computable hash function due to Ishai, Kushilevitz, Ostrovsky and Sahai [25]. We demonstrate the usefulness of these new codes by presenting several applications in coding theory and cryptography. These include the first family of linear-time encodable codes meeting the Gilbert-Varshamov bound, the first nontrivial linear-time secret sharing schemes, and plausible candidates for symmetric encryption and identification schemes which can be conjectured to achieve better asymptotic efficiency/security tradeoffs than all current candidates.

[1]  E. Gilbert A comparison of signalling alphabets , 1952 .

[2]  J. Bordewijk Inter-reciprocity applied to electrical networks , 1957 .

[3]  Jørn Justesen,et al.  Class of constructive asymptotically good algebraic codes , 1972, IEEE Trans. Inf. Theory.

[4]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[7]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[8]  Oded Goldreich,et al.  The Bit Extraction Problem of t-Resilient Functions (Preliminary Version) , 1985, FOCS.

[9]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[10]  Ravi B. Boppana,et al.  The Complexity of Finite Functions , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[11]  Noam Nisan,et al.  The computational complexity of universal hashing , 1990, STOC '90.

[12]  Noga Alon,et al.  Construction of asymptotically good low-rate error-correcting codes through pseudo-random graphs , 1992, IEEE Trans. Inf. Theory.

[13]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[14]  Daniel A. Spielman,et al.  Expander codes , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[15]  Hugo Krawczyk,et al.  LFSR-based Hashing and Authentication , 1994, CRYPTO.

[16]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[17]  James L. Massey,et al.  Minimal Codewords and Secret Sharing , 1999 .

[18]  Venkatesan Guruswami,et al.  Expander-based constructions of efficiently decodable codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[19]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[20]  Avi Wigderson,et al.  Randomness conductors and constant-degree lossless expanders , 2002, STOC '02.

[21]  JM Jeroen Doumen,et al.  Some applications of coding theory in cryptography , 2003 .

[22]  Adam Tauman Kalai,et al.  Noise-tolerant learning, the parity problem, and the statistical query model , 2000, STOC '00.

[23]  Venkatesan Guruswami,et al.  List Decoding of Error-Correcting Codes (Winning Thesis of the 2002 ACM Doctoral Dissertation Competition) , 2005, Lecture Notes in Computer Science.

[24]  Venkatesan Guruswami,et al.  Efficiently decodable codes meeting Gilbert-Varshamov bound for low rates , 2004, SODA '04.

[25]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[26]  Venkatesan Guruswami,et al.  Linear-time encodable/decodable codes with near-optimal rate , 2005, IEEE Transactions on Information Theory.

[27]  Vadim Lyubashevsky,et al.  The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem , 2005, APPROX-RANDOM.

[28]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[29]  Avi Wigderson,et al.  Computational Hardness and Explicit Constructions of Error Correcting Codes , 2006 .

[30]  Bernard Chazelle,et al.  Approximate nearest neighbors and the fast Johnson-Lindenstrauss transform , 2006, STOC '06.

[31]  Hao Chen,et al.  Secure Computation from Random Error Correcting Codes , 2007, EUROCRYPT.

[32]  Yannick Seurin,et al.  How to Encrypt with the LPN Problem , 2008, ICALP.

[33]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[34]  Yehuda Lindell Introduction to Coding Theory Lecture Notes , 2009 .

[35]  C. Papadimitriou,et al.  The Complexity of Computing a , 2009 .

[36]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[37]  Shubhangi Saraf,et al.  Local list-decoding and testing of random linear codes from high error , 2010, STOC '10.

[38]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, Journal of Cryptology.

[39]  Krzysztof Pietrzak,et al.  Cryptography from Learning Parity with Noise , 2012, SOFSEM.

[40]  Vadim Lyubashevsky,et al.  Man-in-the-Middle Secure Authentication Schemes from LPN and Weak PRFs , 2013, IACR Cryptol. ePrint Arch..

[41]  Rafail Ostrovsky,et al.  On linear-size pseudorandom generators and hardcore functions , 2013, Theor. Comput. Sci..