Learn More
We propose a family of fast and provably secure cryptographic hash functions. The security of these functions relies directly on the well-known syndrome decoding problem for linear codes. Attacks on this problem are well identified and their complexity is known. This enables us to study precisely the practical security of the hash functions and propose(More)
—The key step of syndrome-based decoding of Reed– Solomon codes up to half the minimum distance is to solve the so-called Key Equation. List decoding algorithms, capable of decoding beyond half the minimum distance, are based on interpolation and factorization of multivariate polynomials. This article provides a link between syndrome-based decoding(More)
We study the list-decoding problem of alternant codes, with the notable case of classical Goppa codes. The major consideration here is to take into account the size of the alphabet, which shows great influence on the list-decoding radius. This amounts to compare the generic Johnson bound to the q-ary Johnson bound. This difference is important when q is(More)
Recently, some collisions have been exposed for a variety of cryptographic hash functions [20, 21] including some of the most widely used today. Many other hash functions using similar constructions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. In this article is presented a family(More)
We consider only primitive binary cyclic codes of length n = 2 m ? 1. A BCH-code with designed distance is denoted B(n;). A BCH-code is always a narrow-sense BCH-code. A codeword is identiied with its locator polynomial, whose coeecients are the symmetric functions of the locators. The deenition of the code by its zeros-set involves some properties for the(More)
This paper presents an algorithmic improvement to Sudan's list-decoding algorithm for Reed-Solomon codes and its generalization to algebraic-geometric codes from Shokrollahi and Wasserman. Instead of completely factoring the interpolation polynomial over the function field of the curve, we compute sufficiently many coefficients of a Hensel development to(More)
A Group Key Agreement (GKA) protocol is a mechanism to establish a cryptographic key for a group of participants , based on each one's contribution, over a public network. The key, thus derived, can be used to establish a secure channel between the participants. When the group composition changes (or otherwise), one can employ supplementary GKA protocols to(More)
—This article presents a new algorithm to find MDS matrices that are well suited for use as a diffusion layer in lightweight block ciphers. Using an recursive construction, it is possible to obtain matrices with a very compact description. Classical field multiplications can also be replaced by simple F2-linear transformations (combinations of XORs and(More)
We consider primitive cyclic codes of length p m − 1 over F p. The codes of interest here are duals of BCH codes. For these codes, a lower bound on their minimum distance can be found via the adaptation of the Weil bound to cyclic codes (see [10]). However, this bound is of no significance for roughly half of these codes. We shall fill this gap by giving,(More)
The Polynomial Reconstruction problem (PR) has been introduced in 1999 as a new hard problem. Several cryptographic prim-itives established on this problem have been constructed, for instance Naor and Pinkas have proposed a protocol for oblivious polynomial evaluation. Then it has been studied from the point of view of robustness, and several important(More)