Quantum Information Set Decoding Algorithms

The security of code-based cryptosystems such as the McEliece cryptosystem relies primarily on the difficulty of decoding random linear codes. The best decoding algorithms are all improvements of an old algorithm due to Prange: they are known under the name of information set decoding techniques. It is also important to assess the security of such cryptosystems against a quantum computer. This research thread started in [23] and the best algorithm to date has been Bernstein’s quantising [5] of the simplest information set decoding algorithm, namely Prange’s algorithm. It consists in applying Grover’s quantum search to obtain a quadratic speed-up of Prange’s algorithm. In this paper, we quantise other information set decoding algorithms by using quantum walk techniques which were devised for the subset-sum problem in [6]. This results in improving the worst-case complexity of \(2^{0.06035n}\) of Bernstein’s algorithm to \(2^{0.05869n}\) with the best algorithm presented here (where n is the codelength).

[1]  Nicolas Sendrier Code-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[2]  Alexander May,et al.  On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes , 2015, EUROCRYPT.

[3]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[4]  D. Cvetkovic,et al.  Spectra of graphs : theory and application , 1995 .

[5]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[6]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[7]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[8]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[9]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[10]  Ghazal Kachigar Étude et conception d'algorithmes quantiques pour le décodage de codes linéaires , 2016 .

[11]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[12]  Nicolas Sendrier,et al.  Analysis of Information Set Decoding for a Sub-linear Error Weight , 2016, PQCrypto.

[13]  Frédéric Magniez,et al.  Search via quantum walk , 2006, STOC '07.

[14]  Adi Shamir,et al.  A T=O(2n/2), S=O(2n/4) Algorithm for Certain NP-Complete Problems , 1981, SIAM J. Comput..

[15]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[16]  Andris Ambainis,et al.  Quantum walk algorithm for element distinctness , 2003, 45th Annual IEEE Symposium on Foundations of Computer Science.

[17]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[18]  Antoine Joux,et al.  New Generic Algorithms for Hard Knapsacks , 2010, EUROCRYPT.

[19]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[20]  Steve Szabo,et al.  Complexity Issues in Coding Theory , 1997 .

[21]  Tanja Lange,et al.  Quantum Algorithms for the Subset-Sum Problem , 2013, PQCrypto.

[22]  Lov K. Grover Quantum computers can search arbitrarily large databases by a single query , 1997 .

[23]  Anja Becker,et al.  The representation technique : application to hard problems in cryptography , 2012 .

[24]  M. Szegedy,et al.  Quantum Walk Based Search Algorithms , 2008, TAMC.