Blockwise Rank Decoding Problem and LRPC Codes: Cryptosystems with Smaller Sizes
Saved in:
| Title: | Blockwise Rank Decoding Problem and LRPC Codes: Cryptosystems with Smaller Sizes |
|---|---|
| Authors: | Song, Yongcheng, Zhang, Jiang, Huang, Xinyi, Wu, Wei |
| Publisher Information: | Springer Science and Business Media Deutschland GmbH |
| Publication Year: | 2023 |
| Collection: | The Hong Kong University of Science and Technology: HKUST Institutional Repository |
| Subject Terms: | LRPC Codes, NIST PQC Candidates, Post-Quantum Cryptography, Rank Decoding Problem, Rank Metric Code-Based Cryptography |
| Description: | In this paper, we initiate the study of the Rank Decoding (RD) problem and LRPC codes with blockwise structures in rank-based cryptosystems. First, we introduce the blockwise errors (ℓ -errors) where each error consists of ℓ blocks of coordinates with disjoint supports, and define the blockwise RD (ℓ -RD) problem as a natural generalization of the RD problem whose solutions are ℓ -errors (note that the standard RD problem is actually a special ℓ -RD problem with ℓ= 1 ). We adapt the typical attacks on the RD problem to the ℓ -RD problem, and find that the blockwise structures do not ease the problem too much: the ℓ -RD problem is still exponentially hard for appropriate choices of ℓ> 1. Second, we introduce blockwise LRPC (ℓ -LRPC) codes as generalizations of the standard LPRC codes whose parity-check matrices can be divided into ℓ sub-matrices with disjoint supports, i.e., the intersection of two subspaces generated by the entries of any two sub-matrices is a null space, and investigate the decoding algorithms for ℓ -errors. We find that the gain of using ℓ -errors in decoding capacity outweighs the complexity loss in solving the ℓ -RD problem, which makes it possible to design more efficient rank-based cryptosystems with flexible choices of parameters. As an application, we show that the two rank-based cryptosystems submitted to the NIST PQC competition, namely, RQC and ROLLO, can be greatly improved by using the ideal variants of the ℓ -RD problem and ℓ -LRPC codes. Concretely, for 128-bit security, our RQC has total public key and ciphertext sizes of 2.5 KB, which is not only about 50% more compact than the original RQC, but also smaller than the NIST Round 4 code-based submissions HQC, BIKE, and Classic McEliece. |
| Document Type: | conference object |
| Language: | English |
| Relation: | http://gateway.isiknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=LinksAMR&SrcApp=PARTNER_APP&DestLinkType=FullRecord&DestApp=WOS&KeyUT=001157420100010 |
| DOI: | 10.1007/978-981-99-8739-9_10 |
| Availability: | http://repository.hkust.edu.hk/ir/Record/1783.1-136502 https://doi.org/10.1007/978-981-99-8739-9_10 http://lbdiscover.ust.hk/uresolver?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rfr_id=info:sid/HKUST:SPI&rft.genre=article&rft.issn=0302-9743&rft.volume=14444&rft.issue=&rft.date=2023&rft.spage=284&rft.aulast=Song&rft.aufirst=Yongcheng&rft.atitle=Blockwise+Rank+Decoding+Problem+and+LRPC+Codes%3A+Cryptosystems+with+Smaller+Sizes&rft.title=ADVANCES+IN+CRYPTOLOGY,+ASIACRYPT+2023,+PT+VII http://www.scopus.com/record/display.url?eid=2-s2.0-85180627639&origin=inward http://gateway.isiknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=LinksAMR&SrcApp=PARTNER_APP&DestLinkType=FullRecord&DestApp=WOS&KeyUT=001157420100010 |
| Accession Number: | edsbas.51EA798 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | In this paper, we initiate the study of the Rank Decoding (RD) problem and LRPC codes with blockwise structures in rank-based cryptosystems. First, we introduce the blockwise errors (ℓ -errors) where each error consists of ℓ blocks of coordinates with disjoint supports, and define the blockwise RD (ℓ -RD) problem as a natural generalization of the RD problem whose solutions are ℓ -errors (note that the standard RD problem is actually a special ℓ -RD problem with ℓ= 1 ). We adapt the typical attacks on the RD problem to the ℓ -RD problem, and find that the blockwise structures do not ease the problem too much: the ℓ -RD problem is still exponentially hard for appropriate choices of ℓ> 1. Second, we introduce blockwise LRPC (ℓ -LRPC) codes as generalizations of the standard LPRC codes whose parity-check matrices can be divided into ℓ sub-matrices with disjoint supports, i.e., the intersection of two subspaces generated by the entries of any two sub-matrices is a null space, and investigate the decoding algorithms for ℓ -errors. We find that the gain of using ℓ -errors in decoding capacity outweighs the complexity loss in solving the ℓ -RD problem, which makes it possible to design more efficient rank-based cryptosystems with flexible choices of parameters. As an application, we show that the two rank-based cryptosystems submitted to the NIST PQC competition, namely, RQC and ROLLO, can be greatly improved by using the ideal variants of the ℓ -RD problem and ℓ -LRPC codes. Concretely, for 128-bit security, our RQC has total public key and ciphertext sizes of 2.5 KB, which is not only about 50% more compact than the original RQC, but also smaller than the NIST Round 4 code-based submissions HQC, BIKE, and Classic McEliece. |
|---|---|
| DOI: | 10.1007/978-981-99-8739-9_10 |