Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CRYPTO
2011
Springer
2011
Springer
Smaller Decoding Exponents: Ball-Collision Decoding
Very few public-key cryptosystems are known that can encrypt and decrypt in time b2+o(1) with conjectured security level 2b against conventional computers and quantum computers. The oldest of these systems is the classic McEliece code-based cryptosystem. The best attacks known against this system are generic decoding attacks that treat McEliece’s hidden binary Goppa codes as random linear codes. A standard conjecture is that the best possible w-error-decoding attacks against random linear codes of dimension k and length n take time 2(α(R,W )+o(1))n if k/n → R and w/n → W as n → ∞. Before this paper, the best upper bound known on the exponent α(R, W) was the exponent of an attack introduced by Stern in 1989. This paper introduces “ball-collision decoding” and shows that it has a smaller exponent for each (R, W): the speedup from Stern’s algorithm to ball-collision decoding is exponential in n.
Real-time Traffic| Added | 18 Dec 2011 |
| Updated | 18 Dec 2011 |
| Type | Journal |
| Year | 2011 |
| Where | CRYPTO |
| Authors | Daniel J. Bernstein, Tanja Lange, Christiane Peters |
Comments (0)
Researcher Info
|
