ebook img

Coding Theory, Cryptography and Related Areas: Proceedings of an International Conference on Coding Theory, Cryptography and Related Areas, held in Guanajuato, Mexico, in April 1998 PDF

268 Pages·2000·11.79 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Coding Theory, Cryptography and Related Areas: Proceedings of an International Conference on Coding Theory, Cryptography and Related Areas, held in Guanajuato, Mexico, in April 1998

Coding Theory) Cryptography and RelatedAreas SSpprriinnggeerr--VVeerrllaagg BBeerrlliinn HHeeiiddeellbbeerrgg GGmmbbHH JJoohhaannnneess BBuucchhmmaannnn TToomm HH00hhoollddtt HHeennnniinngg SSttiicchhtteennootthh HHoorraacciioo TTaappiiaa --RReecciillllaass EEddiittoorrss CCooddiinngg TThheeoorryy,, CCrryyppttooggrraapphhyy aanndd RReellaatteedd AArreeaass PPrroocceeeeddiinnggss ooff aann IInntteerrnnaattiioonnaall CCoonnffeerreennccee oonn CCooddiinngg TThheeoorryy,, CCrryyppttooggrraapphhyy aanndd RReellaatteedd AArreeaass,, hheelldd iinn GGuuaannaajjuuaattoo,, MMeexxiiccoo,, iinn AApprriill 11999988 ,, SSpprriinnggeerr JJoohhaannnneess BBuucchhmmaannnn FFaacchhbbeerreeiicchh IInnffoorrmmaattiikk TTeecchhnniisscchhee UUnniivveerrssiittäätt DDaarrmmssttaaddtt AAlleexxaannddeerrssttrraassssee 1100 6644228833 DDaarrmmssttaaddtt,, GGeerrmmaannyy TToomm HH00hhoollddtt DDeeppaarrttmmeenntt ooff MMaatthheemmaattiiccss,, BBllddgg.. 330033 TTeecchhnniiccaall UUnniivveerrssiittyy ooff DDeennmmaarrkk 22880000 LLyynnggbbyy,, DDeennmmaarrkk HHeennnniinngg SSttiicchhtteennootthh FFaacchhbbeerreeiicchh 66,, MMaatthheemmaattiikk uunndd IInnffoorrmmaattiikk UUnniivveerrssiittäätt GGeessaammtthhoocchhsscchhuullee EEsssseenn 4455111177 EEsssseenn,, GGeerrmmaannyy HHoorraacciioo TTaappiiaa--RReecciillllaass DDeeppaarrttaammeennttoo ddee MMaatteemmaattiiccaass UUnniivveerrssiiddaadd AAuutt66nnoommaa MMeettrrooppoolliittaannaa--IIzzttaappaallaappaa AAppaarrttaaddoo PPoossttaall5555--553322,, cc..PP.. 0099334400 MMeexxiiccoo,, DD.. FF..,, MMeexxiiccoo LLiibbrraarryy ooff CCoonnggrreessss CCaattaallooggiinngg--iinn--PPuubblliiccaattiioonn DDaattaa aapppplliieedd ffoorr DDiiee DDeeuuttsscchhee BBiibblliiootthheekk·· CC11PP--EEiinnbbeeiittssaauuCCnnaabbmmee CCooddiinngg tthhOOOO''ll'',, CC''ll''ppttooggrraapphhyy BBnndd rreellaallccdd aarree..ss :: pprroocc::eeeeddiinn~~ ooff ..nn IInntteerrnnaattiioonnaall CCooooffeerreeooccee oonn CCooddiinngg TThheeoorryy,, CCrryyppttooggrraapphhyy aanndd RReellaatteedd AArree.. .... hheelldd iinn GGuuaaooaajjuuaattoo.. MMeexxiiccoo.. iinn AApprriill 11999988 II lloohhaaooooeess BBuucchhmmaaDDDD ...... ((eedd..)).. •• BBeerrlliinn ;; HHeeiiddeellhheerrgg ;; NNeeww yyoo,,kk ;; BBaarrcceelloonnaa ;; HHoonngg KKoooogg;; LLooooddoonn ;; MMiillaann;; PPaarriiss;; SSiinnggaappoorree ;; TTookkyyoo :: SSpp,,iinnggee"" 22000000 ISBN 978-3-540-66248-8 ISBN 978-3-642-57189-3 (eBook) DOI 10.1007/978-3-642-57189-3 MMaatthheemmaattiiccss SSuubbjjeecctt CCllaassssiiffiiccaattiioonn ((11999911)):: 1111TT7711,, nnYY1166,, 1144CC4400,, 9944AA6600,, 6688PP2255,,1122FFxxxx TThhiiss wwoorrkk iiss ssuubbjjeecctt ttoo ccooppyyrriigghhtt.. AAllll rriigghhttss aarree rreesseerrvveedd,, wwhheetthheerr tthhee wwhhoollee oorr ppaarrtt ooff tthhee mmaatteerriiaall iiss ccoonncceerrnneedd,, ssppeecciiffiiccaallllyy tthhee rriigghhttss ooff ttrraannssllaattiioonn,, rreepprriinnttiinngg,, rreeuussee ooff iilllluussttrraattiioonnss,, rreecciittaattiioonn,, bbrrooaaddccaassttiinngg,, rreepprroodduuccttiioonn oonn mmiiccrrooffIIllmm oorr iinn aannyy ootthheerr wwaayy,, aanndd ssttoorraaggee iinn ddaattaa bbaannkkss.. DDuupplliiccaattiioonn ooff tthhiiss ppuubblliiccaattiioonn oorr ppaarrttss tthheerreeooff iiss ppeerrmmiitttteedd oonnllyy uunnddeerr tthhee pprroovviissiioonnss ooff tthhee GGeerrmmaann CCooppyyrriigghhtt LLaaww ooff SSeepptteemmbbeerr 99,, 11996655,, iinn iittss ccuurrrreenntt vveerrssiioonn,, aanndd ppeerrmmiissssiioonn ffoorr uussee mmuusstt aallwwaayyss bbee oobbttaaiinneedd ffrroomm SSpprriinnggeerr--VVeerrllaagg.. VViioollaattiioonnss aarree lliiaabbllee ffoorr pprroosseeccuuttiioonn uunnddeerr tthhee GGeerrmmaann CCooppyyrriigghhtt LLaaww.. ©© SSpprriinnggeerr--VVeerrllaagg BBeerrlliinn HHeeiiddeellbbeerrgg 22000000 TThhee uussee ooff ggeenneerraall ddeessccrriippttiivvee nnaammeess,, rreeggiisstteerreedd nnaammeess,, ttrraaddeemmaarrkkss,, eettcc.. iinn tthhiiss ppuubblliiccaattiioonn ddooeess nnoott iimmppllyy,, eevveenn iinn tthhee aabbsseennccee ooff aa ssppeecciiffiicc ssttaatteemmeenntt,, tthhaatt ssuucchh nnaammeess aarree eexxeemmpptt ffrroomm tthhee rreelleevvaanntt pprrootteeccttiivvee llaawwss aanndd rreegguullaattiioonnss aanndd tthheerreeffoorree ffrreeee ffoorr ggeenneerraall uussee.. CCoovveerr ddeessiiggnn:: ddeessiiggnn && pprroodduuccttiioonn GGmmbbHH,, HHeeiiddeellbbeerrgg TTyyppeesseett bbyy tthhee aauutthhoorrss.. RReeffoorrmmaatttteedd bbyy KKuurrtt MMaatttteess,, HHeeiiddeellbbeerrgg PPrriinntteedd oonn aacciidd--ffrreeee ppaappeerr SSPPIINN 1100771166221133 4466//33114433//LLKK -- 554433 221100 Preface The corruption by noise of information transmitted over a particular channel is addressed by error-correcting codes which systematically use the redundance inherent inthe messagestoallow recoveryoftheoriginalinformation. Many new developments in this field, boththeoretical and applied, haveappeared sincethe seminal work ofShannonover a halfcentury ago. Coding theory has become an integralcomponentofmanyroutineprocedures,rangingfromdynamicmemories (Hamming codes) to compact discs (Reed-Solomon codes) and the transmission ofinformation from satellites to ground stations (convolutional codes). Noise is not the only form ofinterference that occurs in the transmission of information, however. The rapid worldwidegrowthofelectronic communications that has led to ourdigitalsociety implies enormous risks, including catastrophic failures or break-ins, with potential damage to those who depend upon such transmissions. Thesecurityofthesesystemsiscrucialfor thesmoothfunctioning ofour world. Today, efficient and satisfactory protection mechanisms are being developedto providediverse informationsecurityservices, mostly basedoncryp tographic techniques. Research incryptographyisinherentlyan interdisciplinary endeavor in which areas from pure mathematics (number theory, algebraic ge ometry), computer sciences (design and analysis of algorithms, protocols), and electrical engineering (software and hardware implementations) converge. Following a meeting on coding theory that took place in 1996 at the Uni versite des Antilles et de la Guyane, Guadeloupe, it was suggested that a fu ture meeting be held in Mexico. The relationship between coding theory and cryptography, and the need for further applications of these areas in modern society, led us to organize the International Conference on Coding The ory, Cryptography and Related Areas (ICCC) which took place in the city ofGuanajuato, Mexico from 20-24 April, 1998. Several well-known researchers in both fields participated in the conference, including colleagues from Latin America, the Caribbean, Europe, and the USA. Invited speakers included: J. Buchmann (Tech. U. Darmstadt, Germany), R. Calderbank (AT&T Lab. Re search, USA), T. H¢holdt (Tech. Univ. of Denmark, Denmark), G. Lachaud (CNRS, Luminy, France), A.K. Lenstra (Citibank, USA), A. Odlyzko (AT&T Lab. Research, USA), R. Pellikaan (Eindhoven U. ofTech., The Netherlands), H. Stichtenoth (U. Essen, Germany). This conference also provided an opportunity to link the development of these areas in Mexico with the international com munity and to establish contacts between the new generations ofstudents and researchers workingonthefront line. As a part ofthe conferenceprogram, mini courses on cryptography (N. Koblitz) and algebraic coding theory (C. Moreno), as well as a workshop on combinatorial cryptography for high school students (also conducted by N. Koblitz) were included. VI Preface It was a policyofthe Editorial Committee ofthe Proceedings to maintain a high scientific standard, comparable to that of a journal, thanks to the cooper ation ofnumerous referees, who willingly contributed to thiseffort. The conferencewas organized bythe Universidad Aut6noma Metropolitana IztapalapaandtheInstitutoPolitecnicoNacional. Sponsorsincludetheabovein stitutions as well as theConsejo Nacional de CienciayTecnologia (CONACyT); Sociedad Matematica Mexicana; International Centre for Theoretical Physics (ICTP), Trieste, Italy; Oficina Regional de Ciencia y Tecnologia para America Latina, UNESCO; Banco de Mexico; Citibank de Mexico; Silicon Graphics de Mexico S.A. de C.V.; SeguriDataPrivadaS.A. de C.V., Mexico; and Infosel S.A. de C.V., Mexico. We express our thanks to the staff and to all of those who helped in the organizationoftheConference, particularlytoBeatrizArceandEmilyMcClung, as well as to the Centrode Investigaci6nen Matematicas (CIMAT, Guanajuato, Mexico) and the Tourism Office ofthe StateofGuanajuato for their help in the local arrangements ofthe conference. We would also like to thank the Springer Verlag stafffor the preparation ofthese Proceedings. Conference Committee J.P. Cherdieu (U. Antilles et Guyane, Guadeloupe), T. H0holdt (Tech. Dniv.of Denmark), N. Koblitz (D. ofWashington, USA), G. Lachaud (CNRS, Luminy, France),D. LeBrigand (ParisVI, France),A. Menezes (D. Waterloo,Canada),O. Moreno (U. Puerto Rico, P.R.), C. Renteria (ESFM-IPN, Mexico), R. Rolland (CNRS, Luminy, France), J. Stern (ENS, France), H. Tapia-Recillas (DAM-I, Mexico), S. Vanstone (U. Waterloo, Canada). Editorial Committee J. Buchmann (Germany), T. H0holdt (Denmark), H. Stichtenoth (Germany), H. Tapia-Recillas (Mexico) Mexico, D.F., April, 1999 Table of Contents Modifications ofthe Rao-Nam Cryptosystem ........ 1 Angela 1. Barbero and 0yvind Ytrehus Efficient Reduction on the Jacobian VarietyofPicard Curves 13 Ernesto Reinaldo Barreiro, Jorge Estrada Sarlabous, and Jean-Pierre Cherdieu Continued Fractions in Hyperelliptic Function Fields 29 T.G. Berry Discrete Logarithms: Recent Progress. ................................ 42 Johannes Buchmann and Damian Weber One-weight Z4-linear Codes. ........................................ 57 Claude Carlet Efficient Algorithms for the Jacobian VarietyofHyperelliptic Curves y2 = xP - x +lOver a Finite Field ofOdd Characteristic p ............. 73 Iwan Duursma and Kouichi Sakurai On Weierstrass Semigroups and One-point Algebraic Geometry Codes .... 90 J.I. Farran On the Undetected Error Probability ofm-out-of-n Codes on the Binary Symmetric Channel 102 Fang-Wei Fu, Torleiv Klf/ve, and Shu-Tao Xia Skew Pyramids ofFunction Fields Are Asymptotically Bad III Arnaldo Garcia and Henning Stichtenoth A Public Key Cryptosystem Based on Sparse Polynomials 114 D. Grant, K. Krastev, D. Lieman, and 1. Shparlinski Higher Weights ofGrassmann Codes 122 Sudhir R. Ghorpade and Gilles Lachaud Toric Surfaces and Error-correcting Codes 132 Johan P. Hansen Decoding Spherical Codes Generated by Binary Partitions ofSymmetric Pointsets 143 John K. Karlofand Guodong Liu Worst-Case Analysis ofan Algorithm for Computing the Greatest Common Divisor ofn Inputs 156 Charles Lam, Jeffrey Shallit, and Scott Vanstone VIII Table ofContents Zeta Functions ofCurves over Finite Fields with Many Rational Points ... 167 Kristin Lauter Codes on Drinfeld Modular Curves 175 Bartolome Lopez and Ignacio Luengo Elliptic Curves, Pythagorean Triples and Applications 184 J. Miret, J. Tena, and M. Valls Exponential Sums and Stationary Phase (1) 195 Carlos Julio Moreno Exponential Sums in Several Variables over Finite Fields 209 Oscar Moreno, Francis N. Castro, and Alberto Caceres Decoding Reed-Solomon Codes Beyond Halfthe Minimum Distance 221 R. Refslund Nielsen and T. HrJholdt Reed-Muller Type Codes on the Veronese Variety over Finite Fields 237 C. Renteria and H. Tapia-Recillas Cryptography Primitives Based on a Cellular Automaton 244 Jesus Urias Factoring the Semigroup Determinant ofa Finite Commutative Chain Ring 249 Jay A. Wood Modifications of the Rao-Nam Cryptosystem Angela I. Barberol and 0yvind Ytrehus2 1 University ofValladolid, Dept. ofMathematics Applied to Engineering, 47011 Valladolid, Spain angbar~wmatem.eis.uva.es, WWW home page: http://www.wmatem.eis.uva.esrangbar 2 UniversityofBergen, Dept. ofInformatics, N-5020 Bergen, Norway 0yvind~ii.uib.no, WWW home page: http://www.ii.uib.noroyvind Abstract. Rao and Nam [7] proposed a secret-keycryptosystem based onerrorcorrectingcodes. Afterbreakingtheoriginalsystembyachosen plaintextattack,StruikandvanTilburg[8] improvedtheRao-Namcryp tosystem. However, the size ofthe key remains a practical problem also for their improved scheme. We discuss several modifications of the im proved Rao-Nam system. The goal of these modifications is to reduce the amount ofsecret key that needs to beexchanged, while maintaining thesecurity ofthesystem.1 1 Introduction In 1978, McEliece [6] presented a public-key cryptosystem that was based on error-correcting codes. The private keys ofthe McEliece system are - a generator matrix G ofan In,k] t-error correcting binary Goppa code, - a binary k x k invertible scrambler matrix S, and - a binary n x n permutation matrix P. The public key is the matrix product G' = SGP. A sender who wants to send a k-bit message m will transmit the cryptogram c = mG' +e, where e is a random n-dimensional vector ofHamming weight at most t. Due to the error correctingcapabilityoftheGoppacodeandtotheexistenceofefficientdecoding algorithms for the Goppa code, the legitimate receiver can successfully remove the random vector e. On the other hand, an intruder without knowledge ofthe secret key faces the problem of decoding a general linear error-correcting code; a problem which is known to be NP-hard [1]. The best known attack on the McEliece system consists basically of guessing a subset of k error-free bits [5]. Leeand Brickell [5] deviseda waytocheckwhethersucha subsetindeed consists oferror-free bits. The work factor (which is a rough estimate ofthe number of guesses, onaverage, beforeamessagecan befound inthis way, times the number 1 Thisworkwassupported by NFR, Grants107542/410and 107623/420, by Juntade Castillay Leon under project VA 22/96, and by DGICYT, PB95-063-0002-02 J. Buchmann et al. (eds.), Coding Theory, Cryptography and Related Areas © Springer-Verlag Berlin Heidelberg 2000 2 A.I. Barbero and 0. Ytrehus of basic operations needed for each try) is approximately 269.6 ::;:: 1021 for the case of n = 1024, k chosen (= 644) to maximize the work factor. (Recently, Berson [2] gavea much moreefficient attack basedon a weakness in the protocol inwhich the McEliecesystemisapplied: Inessence, ifthe intrudercanget access to multiple cryptograms of the same message m and different error vectors e, then for the code parametersgiven abovethe numberofguesses are typicallyon the order often or less.) Roo and Nam [7] proposed a secret-key cryptosystem which resembles the McEliece system. We will refer to this original scheme as the RN scheme, to distinguishitfrom the modifiedschemesdescribed later. TheMcEliecesystemis public-key and the RN scheme is secret-key. In compensation for this difference, the RN scheme should be expected to offer better security with smaller keys andjor highercoderates. However, withsmallerparameters, ifthesenderselects an error vector which is correctable (in thesense ofan ordinary error-correcting code), then the scheme is vulnerable to an attack based on majority voting on each coordinate of several cryptograms corresponding to the same message. If the error vectors are random but with average weight different from n(q- 1)jq, whereqisthesizeofthefield used, thenthenon-correctvaluesineachcoordinate will beoutvoted bythe correct ones. Thusfor the RN schemeoneshouldemploy error vectors ofweight approximately nj2, or n(q-l)jq ifa q-ary code is used. Such error vectors are not decodable in the ordinary sense, thus we need to represent the set oferror vectors explicitly in the system. A description ofthe RN scheme follows. Two parties, Alice and Bob, share a secret key consisting of - a secret parity check matrix H of a (binary) [n,k] error correcting code C (and, implicitly, a corresponding generator matrix G (which can be derived from H by some deterministic algorithm) ofthe code), and - a predetermined set E of error vectors of length n, each lying in a unique coset ofC. Alice will map a k-bit message m into a cryptogram c by calculating c=mG+e, (1) wheree isa randomvectorfrom E. Inorder to retrieve the message m, Bob will - calculate the syndrome 5 = cHT, - obtain mG by subtracting from c the error vector e which is identified by 5, and - invert the encoding process. This paper is organized as follows. In the next section, we explain why the originalRao-Namschemedoesnotworkinpractice. Section3introducesthis pa per's modifications to the cryptosystem. In Section4wediscuss possible attacks on the system. Section 5 contains a small toy example.

Description:
This book contains 23 contributions presented at the "International Conference on Coding Theory, Cryptography and Related Areas (ICCC)", held in Guanajuato, Mexico, in April 1998.It comprises a series of research papers on various aspects of coding theory (geometric-algebraic, decoding, exponential
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.