Faster 2-regular information-set decoding

Authors:
Daniel J. Bernstein;Tanja Lange;Christiane Peters;Peter Schwabe
Affiliations:
Department of Computer Science, University of Illinois at Chicago, Chicago, IL;Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, Eindhoven, The Netherlands;Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, Eindhoven, The Netherlands;Institute of Information Science, Academia Sinica, Taipei, Taiwan
Venue:
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Year:
2011

Citing 9
Cited 1

An observation on the security of McEliece's public-key cryptosystem

Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A method for finding codewords of small weight

Proceedings of the 3rd International Colloquium on Coding Theory and Applications
Attacking and Defending the McEliece Cryptosystem

PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Syndrome Based Collision Resistant Hashing

PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Security Bounds for the Design of Code-Based Cryptosystems

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
FSBday

INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Really fast syndrome-based hashing

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
A family of fast syndrome based cryptographic hash functions

Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
A new algorithm for finding minimum-weight words in a linear code: application to McEliece's cryptosystem and to narrow-sense BCH codes of length 511

IEEE Transactions on Information Theory

Really fast syndrome-based hashing

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa

Quantified Score

Hi-index	0.00

Visualization

Abstract

Fix positive integers B and w. Let C be a linear code over F2 of length Bw. The 2-regular-decoding problem is to find a nonzero code-word consisting of w length-B blocks, each of which has Hamming weight 0 or 2. This problem appears in attacks on the FSB (fast syndrome-based) hash function and related proposals. This problem differs from the usual information-set-decoding problems in that (1) the target code-word is required to have a very regular structure and (2) the target weight can be rather high, so that there are many possible codewords of that weight. Augot, Finiasz, and Sendrier, in the paper that introduced FSB, presented a variant of information-set decoding tuned for 2-regular decoding. This paper improves the Augot-Finiasz-Sendrier algorithm in a way that is analogous to Stern's improvement upon basic information-set decoding. The resulting algorithm achieves an exponential speedup over the previous algorithm.