Error-correcting codes and cryptography

2008, Applicable Algebra in Engineering, Communication and Computing

visibility

…

description

16 pages

link

1 file

Abstract

In this paper, we give and explain some illustrative examples of research topics where error-correcting codes overlap with cryptography. In some of these examples, error-correcting codes employed in the implementation of secure cryptographic protocols. In the others, the codes are used in attacks against cryptographic schemes. Throughout this paper, we show the interrelation between errorcorrecting codes and cryptography, as well as point out the common features and the differences between these two fields.

Figures (7)

Now we introduce an example of a secret sharing scheme based on error-correcting codes. Assume we would like to share a secret s which is an element of GF(5). The secret s is distributed to five users A, B, C, D, and E. The secret s can be re-constructec if three of the five users join. Additionally we would like to allow a pair of A and B ‘0 re-construct the secret even if another user does not join them. It might be a natura’ requirement under the following situation: A is the president of the user’s company and B is the second president.

SESS SENS gO a ar =F tere ve = ele Let us encode a message, whichis YES or NO, to an element of {0, 1, 2, 3} witha key which is chosen randomly from Keyl, Key2, Key3 or Key4. The rule of encryption follows Table 1. For example, a message YES will be encoded to 0 by Keyl. An encoded message o f A-codes is called an authenticator. At the first glance, A-codes seem to be the same as one-time pad cipher. However, it has a good functionality that is different from one-time pad cipher. Assume the regular sender and the regular receiver shared a sequence of keys K,, K2,..., Kn € {Keyl, Key2, Key3} previously. The sender encrypt a sequence of messages M, M2,...,Mn ©€ {YES, NO}, and i-th cipher text is encoded by a pair of (K;, M;). If Keyl is used, then a cipher text cannot be 1 and 3. For any key in {Key1, Key2, Key3}, by a similar argument, there are symbols that cannot become cipher texts. If an attacker does not know which key is used and changes the cipher text to another symbol, then the attacker may choose the

Authentication code should be robust against the following two attacks: symbol which cannot become a cipher text. By repeating communication, the regular receiver will detect if the sender is regular or not with high probability.

The decoding is the bounded distance decoding.

There is a good reason why LDPC codes are used for biometrics-base dentification. The reason is the design of codes. If the density evolution [27], whic s the design method for a parity-check matrix of a LDPC code, is used, then we cz -onstruct error-correcting codes supposing a channel which changes the bit-error ra or each positions of a codeword. The noise of biological information is influence yy components of the biological information. In the case on the iris, the pattern of tt ‘enter is more complex than one of the outer side. Therefore, the noise often occu it the center. The error rate of biological information depends on its component [he standard decoding method for LDPC codes, called sum-product decoding, cz set a priori probability for each component. Thus a high precision identification vossible.

- transform the cryptographic problem into a suitable decoding one, - apply an appropriate decoding algorithm. Note that the bits of an LFSR output sequence are certain linear replicas of the LFSR initial state, and accordingly appropriate parity checks can be specified over a noisy version of LFSR output sequence. Different constructions of the parity-checks as well as the decoding techniques have been reported including the following ones: list decoding (list and minimum distance decoding) [30], iterative probabilistic decoding, (iterative probabilistic decoding employing belief propagation) [31], decoding based on convolution codes (Viterbi algorithm) [32], decoding based on turbo codes [33], and so on. We suggest an open problem: “Can you attack Matsumoto Imai cryptosystem using the technique of error-correcting code?” [34]. May the attack to Matsumoto Imai

VALUE L UE UID TUDO ULI! UI 1LUW UE Yvan TLIC TIAILIVS. Error-correcting codes for correcting quantum noise on quantum information are salled QECCs (quantum error-correcting codes) [35]. QECCs are useful to construct 1 secure protocol [36,37]. A protocol called quantum teleportation is a good example vhich used the principle of QECC. Quantum teleportation permits to send quantum nformation to far place in a moment. If the quantum information arrived at the recei- ver, then one of bit-flipping error, phase error, combining error or no error happens vith the same probability 1/4. On the other hand, the sender obtains the information vhat quantum error happened. Thus the error can be corrected by the classical com- nunication between the sender and the receiver. Even if an illegitimate party knows he classical information for correcting quantum-error, they cannot access the quan- um information, because it is a teleportation protocol. It implies that the illegitimate yarty cannot know the quantum information. Thus quantum teleportation protocol is 4 secure protocol using the principal of quantum error-correction. However, implemen- ation of quantum teleportation or quantum error-correcting codes is very difficult in he present technology.