Code-Based Cryptography - Error-Correcting Codes and ... · Introduction to Coding Theory “A Mathematical Theory of Communication” (Claude Shannon, 1948) Coding Theory Information

Code-Based CryptographyError-Correcting Codes and Cryptography

0I. Márquez-Corbella

1. Error-Correcting Codes and Cryptography

1. Introduction I - Cryptography2. Introduction II - Coding Theory3. Encoding (Linear Transformation)4. Parity Checking5. Error Correcting Capacity6. Decoding (A Difficult Problem)7. Reed-Solomon Codes8. Goppa Codes9. McEliece Cryptosystem

I. Márquez-Corbella CODE-BASED CRYPTOGRAPHY

Introduction to Coding Theory

“A Mathematical Theory of Communication”(Claude Shannon, 1948)

Coding Theory Information Theory

“ Efficient transfer reliable information”

1





1





1

Communication SystemAlphabet: A

Message Encoder Decoder ReceiverChannel


m = (m1 . . . , mk) œ Ak


Add n ≠ kredundant symbols

Encoderk information

digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the

original messageAdd n ≠ k

redundant symbols

Decoder( Encoder ( Message )¸ ˚˙ ˝

codeword

+ Noise ) = Message

2




m = (m1 . . . , mk) œ Ak




digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the


redundant symbols


codeword

+ Noise ) = Message

2




m = (m1 . . . , mk) œ Ak




digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the


redundant symbols


codeword

+ Noise ) = Message

2




m = (m1 . . . , mk) œ Ak




digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the


redundant symbols


codeword

+ Noise ) = Message

2




m = (m1 . . . , mk) œ Ak




digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the


redundant symbols


codeword

+ Noise ) = Message

2




m = (m1 . . . , mk) œ Ak




digitsn encoded

digits


Noise


NoiseRecover the

original message


NoiseRecover the


redundant symbols


codeword

+ Noise ) = Message

2

Communication System - Repetition codeMessage Encoder Decoder Receiver

Channel

Noise

1. Alphabet: A = English Alphabet

Yes

YYYeeesss Y*Yeeess* Yes

2. Alphabet: A = F2

1

111 101

1

3


Channel

Noise


Yes YYYeeesss

Y*Yeeess* Yes

2. Alphabet: A = F2

1 111

101

1

3


Channel

Noise


Yes YYYeeesss Y*Yeeess*

Yes

2. Alphabet: A = F2

1 111 101

1

3


Channel

Noise


Yes YYYeeesss Y*Yeeess* Yes

2. Alphabet: A = F2

1 111 101

13

Claude Shannon

‹ Definition of Information

‹ “Channel Coding Theorems”

“For any communication channel it is possible tocommunicate discrete data nearly error free up to a

maximum rate (channel capacity)”

4

Claude Shannon





4

Claude Shannon





4

Claude Shannon





4

Check DigitA check digit is a redundancy bit used for detecting one error

International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:

FICountry

code

32

Checkdigit

5000

Bank

4699350600Accountnumber

Basic Bank Account

FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate

5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account


5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account

FI3250004699350600

FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate

5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account

FI

3250004699350600 FI

1518 © 1 mod 97

1. Rearrange

2. Convert to Integer 3. Validate

5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account

FI

3250004699350600

FI

1518

© 1 mod 97

1. Rearrange 2. Convert to Integer

3. Validate

5



FICountry

code

32

Checkdigit

5000

Bank


Basic Bank Account

FI

3250004699350600

FI

1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate

5

Error correcting codes in our daily life

6

Coding Theory vs. Cryptography

Coding Theory

Cryptography

Code-Based Cryptography

7


Coding Theory Cryptography


7


Coding Theory Cryptography


7

Trapdoor one-way functions - Decoder

EASYEncoder = Matrix Multiplication Message

Linea

r

Encod

er

= Codeword

HARDDecoding is NP-complete

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg.On the Inherent Intractability of Certain Coding Problems.IEEE Trans. Inf. Theory. Vol. 24, pp. 384-386, 1978.

A. Barg.Complexity Issues in Coding Theory.Chapter 7, in Handbock of Coding Theory, 1998.

EASY(with TRAPDOOR information)Efficient decoder for certain families of codes

8



Linea

r

Encod

er

= Codeword





8



Linea

r

Encod

er

= Codeword





8

How to use Coding Theory in Cryptography?

Adds errorsin the message

Knows an efficientdecoding method

Alice Bobmessage

C*DE-*ASEC**PTO

CODE-BASEDCRYPTO

9




Alice Bobmessage

C*DE-*ASEC**PTO

CODE-BASEDCRYPTO

9




Alice Bobmessage

C*DE-*ASEC**PTO

CODE-BASEDCRYPTO

9

1. Error-Correcting Codes and Cryptography

1. Introduction I - Cryptography2. Introduction II - Coding Theory3. Encoding (Linear Transformation)4. Parity Checking5. Error Correcting Capacity6. Decoding (A Difficult Problem)7. Reed-Solomon Codes8. Goppa Codes9. McEliece Cryptosystem

I. Márquez-Corbella CODE-BASED CRYPTOGRAPHY

Pictures Licenses

•  p. 4: Claude Shannon / This image is used courtesy of MIT Museum - more images available at: MIT Museum Collections - People.

•  p. 6: Rights Reserved

Documents

Code-Based Cryptography - Error-Correcting Codes and ... · Introduction to Coding Theory “A Mathematical Theory of Communication” (Claude Shannon, 1948) Coding Theory Information