Generalized syndrome decoding problem and its application to post-quantum cryptography ; Problème de décodage de syndrome généralisé et son application à la cryptographie post-quantique
Uložené v:
| Názov: | Generalized syndrome decoding problem and its application to post-quantum cryptography ; Problème de décodage de syndrome généralisé et son application à la cryptographie post-quantique |
|---|---|
| Autori: | Etinski, Simona |
| Prispievatelia: | Institut de Recherche en Informatique Fondamentale (IRIF (UMR_8243)), Centre National de la Recherche Scientifique (CNRS)-Université Paris Cité (UPCité), Université Paris Cité, Frédéric Magniez |
| Zdroj: | https://theses.hal.science/tel-04411272 ; Cryptography and Security [cs.CR]. Université Paris Cité, 2023. English. ⟨NNT : 2023UNIP7004⟩. |
| Informácie o vydavateľovi: | CCSD |
| Rok vydania: | 2023 |
| Predmety: | Syndrome decoding problem, Lee metric, Information set decoding, Stern's signature scheme, Problème du décodage du syndrome, Métrique de Lee, Décodage par ensemble d'information, Schéma de signature de Stern, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
| Popis: | In this thesis, we focus on the syndrome decoding problem (SDP), its generalization, cryptanalysis, and its application to digital signature scheme designs. We introduce a new problem, which we refer to as the generalized syndrome decoding problem. In the cryptanalytic part of the thesis, we then focus on the classical and quantum cryptanalysis of the generalized syndrome decoding problem using the information set decoding framework. More precisely, we calculate the running time of three different (classical) information set decoding algorithms, which we refer to as Prange's, Stern's/Dumer's, and Wagner's algorithms. The three algorithms are adapted to solve specific versions of the generalized problem which are given over the Hamming weight, taken as a baseline, and the Lee weight, taken as an alternative to the most commonly used Hamming weight. We then compare the obtained running times with the running time of the hybrid classical-quantum algorithm, obtained by introducing the Grover search and the amplitude amplification in the appropriate step of Wagner's algorithm. In the protocol design part of the paper, we modify Stern's identification protocol, and the corresponding signature scheme, to the newly introduced generalized syndrome decoding problem. To keep the zero-knowledge property of the scheme, we eventually replace the syndrome decoding problem with the permuted kernel one (PKP), for which we show that the average-case SDP reduces to average-case PKP. We then suggest different methods for optimizing the efficiency of the scheme and then provide numerical results that compare the efficiency of the original construction and our newly introduced scheme. The outcome of this work is an analysis of the newly introduced variant of the syndrome decoding problem which provides an estimate of the asymptotic complexity of the problem, as well as of the concrete security of the scheme based on this problem. The results indicate that the proper choice of a weight function introduces a harder version of the ... |
| Druh dokumentu: | doctoral or postdoctoral thesis |
| Jazyk: | English |
| Relation: | NNT: 2023UNIP7004 |
| Dostupnosť: | https://theses.hal.science/tel-04411272 https://theses.hal.science/tel-04411272v1/document https://theses.hal.science/tel-04411272v1/file/va_Etinski_Simona.pdf |
| Rights: | info:eu-repo/semantics/OpenAccess |
| Prístupové číslo: | edsbas.20BE5B14 |
| Databáza: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | In this thesis, we focus on the syndrome decoding problem (SDP), its generalization, cryptanalysis, and its application to digital signature scheme designs. We introduce a new problem, which we refer to as the generalized syndrome decoding problem. In the cryptanalytic part of the thesis, we then focus on the classical and quantum cryptanalysis of the generalized syndrome decoding problem using the information set decoding framework. More precisely, we calculate the running time of three different (classical) information set decoding algorithms, which we refer to as Prange's, Stern's/Dumer's, and Wagner's algorithms. The three algorithms are adapted to solve specific versions of the generalized problem which are given over the Hamming weight, taken as a baseline, and the Lee weight, taken as an alternative to the most commonly used Hamming weight. We then compare the obtained running times with the running time of the hybrid classical-quantum algorithm, obtained by introducing the Grover search and the amplitude amplification in the appropriate step of Wagner's algorithm. In the protocol design part of the paper, we modify Stern's identification protocol, and the corresponding signature scheme, to the newly introduced generalized syndrome decoding problem. To keep the zero-knowledge property of the scheme, we eventually replace the syndrome decoding problem with the permuted kernel one (PKP), for which we show that the average-case SDP reduces to average-case PKP. We then suggest different methods for optimizing the efficiency of the scheme and then provide numerical results that compare the efficiency of the original construction and our newly introduced scheme. The outcome of this work is an analysis of the newly introduced variant of the syndrome decoding problem which provides an estimate of the asymptotic complexity of the problem, as well as of the concrete security of the scheme based on this problem. The results indicate that the proper choice of a weight function introduces a harder version of the ... |
|---|