Papers by Karan Khathuria
arXiv (Cornell University), Dec 28, 2018
In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the bin... more In this paper we generalize the Ball-Collision Algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
arXiv (Cornell University), Oct 14, 2021
The binary k-dimensional simplex code is known to be a 2 k−1-batch code and is conjectured to be ... more The binary k-dimensional simplex code is known to be a 2 k−1-batch code and is conjectured to be a 2 k−1-functional batch code. Here, we offer a simple, constructive proof of a result that is "in between" these two properties. Our approach is to relate these properties to certain (old and new) additive problems in finite abelian groups. We also formulate a conjecture for finite abelian groups that generalizes the abovementioned conjecture.
Information Set Decoding for Lee-Metric Codes Using Restricted Balls
Lecture Notes in Computer Science, 2023
IACR Cryptology ePrint Archive, 2020
In this paper we cryptanalyze a recently proposed signature scheme consisting in a translation of... more In this paper we cryptanalyze a recently proposed signature scheme consisting in a translation of the Lyubashevsky framework to the coding theory, whose security is based on the hardness of decoding low weight errors in the Hamming metric. We show that each produced signature leaks information about the secret key and that, after the observation of a bunch of signatures, the secret key can be fully recovered with simple linear algebra. We conservatively assess the complexity of our proposed attack and show that it grows polynomially in the scheme parameters; numerical simulations are used to confirm our analysis. Our results show that the weakness of the scheme is intrinsic by design, and that security cannot be restored by a mere change in the parameters.
arXiv (Cornell University), Jul 29, 2021
A matroid is a combinatorial structure that captures and generalizes the algebraic concept of lin... more A matroid is a combinatorial structure that captures and generalizes the algebraic concept of linear independence under a broader and more abstract framework. Matroids are closely related with many other topics in discrete mathematics, such as graphs, matrices, codes and projective geometries. In this work, we define cyclic matroids as matroids over a ground set of size n whose automorphism group contains an n-cycle. We study the properties of such matroids, with special focus on the minimum size of their basis sets. For this, we broadly employ two different approaches: the multiple basis exchange property, and an orbit-stabilizer method, developed by analyzing the action of the cyclic group of order n on the set of bases. We further present some applications of our theory to algebra and geometry, presenting connections to cyclic projective planes, cyclic codes and k-normal elements.
Applicable Algebra in Engineering, Communication and Computing, Apr 12, 2021
In this paper, we present a new perspective of single server private information retrieval (PIR) ... more In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. This generic framework provides an appropriate setup to analyze the security of such PIR schemes. In fact, we describe some known PIR schemes with respect to this codebased framework, and present the weaknesses of the broken PIR schemes in a unified point of view.
Coding with Cyclic PAM and Vector Quantization for the RLWE/MLWE Channel
2022 IEEE International Symposium on Information Theory (ISIT), Jun 26, 2022
Advances in Mathematics of Communications, 2021
We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an exten... more We present a code-based public-key cryptosystem, in which we use Reed-Solomon codes over an extension field as secret codes and disguise it by considering its shortened expanded code over the base field. Considering shortened expanded codes provides a safeguard against distinguisher attacks based on the Schur product. Moreover, without using a cyclic or a quasi-cyclic structure we obtain a key size reduction of nearly 45% compared to the classic McEliece cryptosystem proposed by Bernstein et al.
arXiv (Cornell University), Jun 17, 2021
In this paper we focus on modules over a finite chain ring R of size q s. We compute the density ... more In this paper we focus on modules over a finite chain ring R of size q s. We compute the density of free modules of R n , where we separately treat the asymptotics in n, q and s. In particular, we focus on two cases: one where we fix the length of the module and one where we fix the rank of the module. In both cases, the density results can be bounded by the Andrews-Gordon identities. We also study the asymptotic behaviour of modules generated by random matrices over R. Since linear codes over R are submodules of R n we get direct implications for coding theory. For example, we show that random codes achieve the Gilbert-Varshamov bound with high probability.
arXiv (Cornell University), Aug 14, 2020
In this paper, we present a new perspective of single server private information retrieval (PIR) ... more In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. Further, we describe some known PIR schemes with respect to this code-based framework, and present the weaknesses of the broken PIR schemes in a generic point of view.
arXiv (Cornell University), Aug 27, 2020
Recently, Doröz et al. (2017) proposed a new hard problem, called the finite field isomorphism pr... more Recently, Doröz et al. (2017) proposed a new hard problem, called the finite field isomorphism problem, and constructed a fully homomorphic encryption scheme based on this problem. In this paper, we generalize the problem to the case of Galois rings, resulting in the Galois ring isomorphism problem. The generalization is achieved by lifting the isomorphism between the corresponding residue fields. As a result, this generalization allows us to construct cryptographic primitives over the ring of integers modulo a prime power, instead of a large prime number.
arXiv (Cornell University), Oct 6, 2018
arXiv (Cornell University), Nov 16, 2020
We present an attack against a code-based signature scheme based on the Lyubashevsky protocol tha... more We present an attack against a code-based signature scheme based on the Lyubashevsky protocol that was recently proposed by Song, Huang, Mu, Wu and Wang (SHMWW). The private key in the SHMWW scheme contains columns coming in part from an identity matrix and in part from a random matrix. The existence of two types of columns leads to a strong bias in the distribution of set bits in produced signatures. Our attack exploits such a bias to recover the private key from a bunch of collected signatures. We provide a theoretical analysis of the attack along with experimental evaluations, and we show that as few as 10 signatures are enough to be collected for successfully recovering the private key. As for previous attempts of adapting Lyubashevsky's protocol to the case of code-based cryptography, the SHMWW scheme is thus proved unable to provide acceptable security. This confirms that devising secure code-based signature schemes with efficiency comparable to that of other post-quantum solutions (e.g., based on lattices) is still a challenging task.
arXiv (Cornell University), Feb 27, 2020
In this paper we study the hardness of the syndrome decoding problem over finite rings endowed wi... more In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the 3-dimensional matching problem. Then, we study the complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric over finite rings, as well as proposing some novel solutions. For the analyzed algorithms, we assess the computational complexity in the asymptotic regime and compare it to the corresponding algorithms in the Hamming metric.
Lecture Notes in Computer Science, 2018
In this work we analyze the security of cubic cryptographic constructions with respect to rank we... more In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in n variables can be larger than n, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank.
Journal of algebra combinatorics discrete structures and applications, May 7, 2020
In this paper we generalize the ball-collision algorithm by Bernstein, Lange, Peters from the bin... more In this paper we generalize the ball-collision algorithm by Bernstein, Lange, Peters from the binary field to a general finite field. We also provide a complexity analysis and compare the asymptotic complexity to other generalized information set decoding algorithms.
Designs, Codes and Cryptography
The binary k-dimensional simplex code is known to be a 2 k-1 -batch code and is conjectured to be... more The binary k-dimensional simplex code is known to be a 2 k-1 -batch code and is conjectured to be a 2 k-1 -functional batch code. Here, we offer a simple, constructive proof of a result that is "in between" these two properties. Our approach is to relate these properties to certain (old and new) additive problems in finite abelian groups. We also formulate a conjecture for finite abelian groups that generalizes the abovementioned conjecture.
arXiv (Cornell University), Jul 29, 2021
A matroid is a combinatorial structure that captures and generalizes the algebraic concept of lin... more A matroid is a combinatorial structure that captures and generalizes the algebraic concept of linear independence under a broader and more abstract framework. Matroids are closely related with many other topics in discrete mathematics, such as graphs, matrices, codes and projective geometries. In this work, we define cyclic matroids as matroids over a ground set of size n whose automorphism group contains an n-cycle. We study the properties of such matroids, with special focus on the minimum size of their basis sets. For this, we broadly employ two different approaches: the multiple basis exchange property, and an orbit-stabilizer method, developed by analyzing the action of the cyclic group of order n on the set of bases. We further present some applications of our theory to algebra and geometry, presenting connections to cyclic projective planes, cyclic codes and k-normal elements.
arXiv (Cornell University), May 25, 2022
The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have ... more The Lee metric syndrome decoding problem is an NP-hard problem and several generic decoders have been proposed. The observation that such decoders come with a larger cost than their Hamming metric counterparts make the Lee metric a promising alternative for classical code-based cryptography. Unlike in the Hamming metric, an error vector that is chosen uniform at random of a given Lee weight is expected to have only few entries with large Lee weight. Using this expected distribution of entries, we are able to drastically decrease the cost of generic decoders in the Lee metric, by reducing the original problem to a smaller instance, whose solution lives in restricted balls.
Coding with Cyclic PAM and Vector Quantization for the RLWE/MLWE Channel
2022 IEEE International Symposium on Information Theory (ISIT)
Uploads
Papers by Karan Khathuria