We consider access structures over a set of n participants, defined by a parameter k with \(1 \le k \le n\) in the following way: a subset is authorized if it contains at least k consecutive participants. Depending on whether we consider the participants placed in a line (that is, participant 1 is not next to participant n) or in a circle, we obtain two different families, that we call (k, n)-line-consecutive

In this paper, we analyze the algebraic invariants for two classes of multivariate quadratic systems: systems made by oil and vinegar quadratic polynomials and systems made by both oil and vinegar polynomials and fully-quadratic ones. For such systems, we explicitly compute the Hilbert series in the homogeneous case, and we also give bounds on the degree of regularity, solving degree and first fall

We consider a subclass of p-ary self-reversible generalized (L, G) codes with a locator set \(L=\{ \frac{2x-\alpha }{x^2-\alpha x +1},\alpha \in \mathbb {F}_q \setminus \{0\}, q=p^m \} \cup \{\frac{1}{x+1}\}\), where p is a prime number. The numerator \(2x-\alpha \) of a rational function is the formal derivative of the denominator \(x^2-\alpha x +1\). The Goppa polynomial \(G(x) \in \mathbb {F}_q[x]\)

Let G be a primitive rank 3 permutation group acting on a set of size v. Binary codes of length v globally invariant under G are well-known to hold PBIBDs in their \(A_w\) codewords of weight w. The parameters of these designs are \(\bigg (A_w,v,w,\frac{wA_w}{v},\lambda _1,\lambda _2\bigg ).\) When \(\lambda _1=\lambda _2=\lambda ,\) the PBIBD becomes a 2-\((v,w,\lambda )\) design. We obtain computationally

In this paper, we present a framework for generic decoding of convolutional codes, which allows us to do cryptanalysis of code-based systems that use convolutional codes as public keys. We then apply this framework to information set decoding, study success probabilities and give tools to choose variables. Finally, we use this to attack two cryptosystems based on convolutional codes. In the case of

In this paper, we focus on constructing unique-decodable and list-decodable codes for the recently studied (t, e)-composite-asymmetric error-correcting codes ((t, e)-CAECCs). Let \(\mathcal {X}\) be an \(m \times n\) binary matrix in which each row has Hamming weight w. If at most t rows of \(\mathcal {X}\) contain errors, and in each erroneous row, there are at most e occurrences of \(1 \rightarrow

Bit Flipping Key Encapsulation (BIKE) is a code-based cryptosystem that was considered in Round 4 of the NIST Post-Quantum Cryptography Standardization process. It is based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes paired with an iterative decoder. While (low-density) parity-check codes have been shown to perform well in practice, their capabilities are governed by the code’s graphical

Datta and Johnsen (Des Codes Cryptogr 91:747–761, 2023) introduced a new family of evaluation codes in an affine space of dimension \(\ge 2\) over a finite field \({\mathbb {F}}_q\) where linear combinations of elementary symmetric polynomials are evaluated on the set of all points with pairwise distinct coordinates. In this paper, we propose a generalization by taking low dimensional linear systems

In this paper, we study nontrivial symmetric (v, k, 4) designs admitting a flag-transitive and point-primitive affine automorphism group. In conclusion, all symmetric (v, k, 4) designs admitting flag-transitive automorphism groups are known apart from those admitting one-dimensional automorphisms, and hence the classification of flag-transitive symmetric (v, k, 4) designs reduces to the case of one-dimensional

We continue the study of blockcipher-based (tweakable) correlation robust hash functions, which are central building blocks of circuit garbling and oblivious-transfer extension schemes. Motivated by Roy (CRYPTO 2022), we first enhance the multi-user tweakable correlation robust notion of Guo et al. (CRYPTO 2020) with a key leaking oracle that tells the adversary whether a certain user key satisfies

The concept of minimal linear codes was introduced by Ashikhmin and Barg in 1998, leading to the development of various methods for constructing these codes over finite fields. In this context, minimality is defined as a codeword u in a linear code \(\mathcal {C}\) is considered minimal if u covers the codeword cu for all c in the finite field \(\mathbb {F}_{q}\) of order q but no other codewords in

We derive the coding capacity for duplication-correcting codes capable of correcting any number of duplications. We do so both for reverse-complement duplications, as well as palindromic (reverse) duplications. We show that except for duplication-length 1, the coding capacity is 0. When the duplication length is 1, the coding capacity depends on the alphabet size, and we construct optimal codes.

Recently, Baudrin et al. analyzed a special case of Wagner’s commutative diagram cryptanalysis, referred to as commutative cryptanalysis. For a family \((E_k)_k\) of permutations on a finite vector space G, commutative cryptanalysis exploits the existence of affine permutations \(A,B :G \rightarrow G\), \(I \notin \{A,B\}\) such that \(E_k \circ A (x) = B \circ E_k(x)\) holds with high probability

The trace representation of sequences is useful for implementing the generator of sequences and analyzing their cryptographic properties. In this paper, we focus on investigating the trace representation for a family of generalized cyclotomic binary sequences with period \(p^n\). On the basis of the properties of the generalized cyclotomic classes, a trace representation of this family of sequences

In 2021, Sterner proposed a commitment scheme based on supersingular isogenies. For this scheme to be binding, one relies on a trusted party to generate a starting supersingular elliptic curve of unknown endomorphism ring. In fact, the knowledge of the endomorphism ring allows one to compute an endomorphism of degree a power of a given small prime. Such an endomorphism can then be split into two to

This paper describes a constant-time lattice encoder for the National Institute of Standards and Technology (NIST) recommended post-quantum encryption algorithm: Kyber. The first main contribution of this paper is to refine the analysis of Kyber decoding noise and prove that Kyber decoding noise can be bounded by a sphere. This result shows that the Kyber encoding problem is essentially a sphere packing

A \(\delta \)-colouring of the point set of a block design is said to be weak if no block is monochromatic. The chromatic number \(\chi (S)\) of a block design S is the smallest integer \(\delta \) such that S has a weak \(\delta \)-colouring. It has previously been shown that any Steiner triple system has chromatic number at least 3 and that for each \(v\equiv 1\) or \(3\pmod {6}\) there exists a

Rational transformations play an important role in the construction of irreducible polynomials over finite fields. Usually, the methods involve fixing a rational function Q and deriving conditions on polynomials \(F\in \mathbb {F}_q[x]\) such that the rational transformation of F with Q is irreducible. Here we want to change the perspective and study rational functions with which the rational transformation

We characterize the permutations of \(\mathbb {F}_q\) whose graph minimizes the number of collinear triples and describe the lexicographically-least one, confirming a conjecture of Cooper-Solymosi. This question is connected to Dudeney’s No-3-in-a-Line problem, the Heilbronn triangle problem, and the structure of finite plane Kakeya sets. We discuss a connection with complete sets of mutually orthogonal

This paper builds a novel bridge between algebraic coding theory and mathematical knot theory, with applications in both directions. We give methods to construct error-correcting codes starting from the colorings of a knot, describing through a series of results how the properties of the knot translate into code parameters. We show that knots can be used to obtain error-correcting codes with prescribed

Frameproof codes are used to fingerprint digital data. It can prevent copyrighted materials from unauthorized use. To determine the maximum size of the frameproof codes is a crucial problem in this research area. In this paper, we study the upper bounds for frameproof codes under Boneh-Shaw descendant (wide-sense descendant). First, we give new upper bounds for wide-sense 2-frameproof codes to improve

Distinguishing Goppa codes or alternant codes from generic linear codes (Faugère et al. in Proceedings of the IEEE Information Theory Workshop—ITW 2011, Paraty, Brasil, October 2011, pp. 282–286, 2011) has been shown to be a first step before being able to attack McEliece cryptosystem based on those codes (Bardet et al. in IEEE Trans Inf Theory 70(6):4492–4511, 2024). Whereas the distinguisher of Faugère

Twisted generalized Reed–Solomon (TGRS) codes as a generalization of generalized Reed–Solomon (GRS) codes have attracted a lot of attention from many researchers in recent years. In this paper, we investigate the conditions for the equality of two classes of TGRS codes with different parameters. Moreover, we construct the permutation automorphism groups of two classes of TGRS codes and show they are

The hardness of discrete logarithm problem (DLP) over finite fields forms the security foundation of many cryptographic schemes. When the characteristic is not small, the state-of-the-art algorithms for solving the DLP are the number field sieve (NFS) and its variants. NFS first computes the logarithms of the factor base, which consists of elements of small norms. Then, for a target element, its logarithm

We introduce the concept of a sum–rank saturating system and outline its correspondence to covering properties of a sum–rank metric code. We consider the problem of determining the shortest length of a sum–rank-\(\rho \)-saturating system of a fixed dimension, which is equivalent to the covering problem in the sum–rank metric. We obtain upper and lower bounds on this quantity. We also give constructions

We prove the equivalence between the Ring Learning With Errors (RLWE) and the Polynomial Learning With Errors (PLWE) problems for the maximal totally real subfield of the \(2^r 3^s\)th cyclotomic field for \(r \ge 3\) and \(s \ge 1\). Moreover, we describe a fast algorithm for computing the product of two elements in the ring of integers of these subfields. This multiplication algorithm has quasilinear

Cyclic codes are an interesting type of linear codes and have wide applications in communication and storage systems due to their efficient encoding and decoding algorithms. Constructing binary cyclic codes with parameters \([n, \frac{n+1}{2}, d \ge \sqrt{n}]\) is an interesting topic in coding theory, as their minimum distances have a square-root bound. Let \(n=2^\lambda -1\), where \(\lambda \) has

In a recent paper, we defined a type of weighted unitary design called a twisted unitary 1-group and showed that such a design automatically induced error-detecting quantum codes. We also showed that twisted unitary 1-groups correspond to irreducible products of characters thereby reducing the problem of code-finding to a computation in the character theory of finite groups. Using a combination of

Let p be a prime number, m be a positive integer, and \(q=p^m\). For any fixed locality r such that \(p\not \mid r(r+1)\), we construct infinite families of locally recoverable codes with availabilty of nodes lower bounded by \(q/r!+O(\sqrt{q})\) and number of locality sets equal to \(q^2/(r+1)!+O(q^{3/2})\).

In this paper, we propose a new erasure decoding algorithm for convolutional codes using the generator matrix. This implies that our decoding method also applies to catastrophic convolutional codes in opposite to the classic approach using the parity-check matrix. We compare the performance of both decoding algorithms. Moreover, we enlarge the family of optimal convolutional codes (complete-MDP) based

The Generalized Hamming weights and their relative version, which generalize the minimum distance of a linear code, are relevant to numerous applications, including coding on the wire-tap channel of type II, t-resilient functions, bounding the cardinality of the output in list decoding algorithms, ramp secret sharing schemes, and quantum error correction. The generalized Hamming weights have been determined

Nonlinear feedback shift registers (NFSRs) are widely used in the design of stream ciphers and the cycle structure of an NFSR is a fundamental problem still open. In this paper, a new configuration of Galois NFSRs, called F-Ring NFSRs, is proposed. It is shown that an n-bit F-Ring NFSR generates n sequences with the same period simultaneously, that is, sequences from all bit registers have the same

Nonlinear feedback shift registers (NFSRs) are used in many recent stream ciphers as their main building blocks. Two NFSRs are said to be isomorphic if their state diagrams are isomorphic, and to be equivalent if their sets of output sequences are equal. So far, numerous work has been done on the equivalence of NFSRs with same bit number, but much less has been done on their isomorphism. Actually,

A De Bruijn cycle is a cyclic sequence in which every word of length n over an alphabet \(\mathcal {A}\) appears exactly once. De Bruijn tori are a two-dimensional analogue. Motivated by recent progress on universal partial cycles and words, which shorten De Bruijn cycles using a wildcard character, we introduce universal partial tori and matrices. We find them computationally and construct infinitely

In this paper, for an odd prime power q and an integer \(m\ge 2\), let \(\mathcal {C}(q,m)\) be a one-weight irreducible cyclic code with parameters \([q^m-1,m,(q-1)q^{m-1}]\), we consider the complete weight enumerator and the weight distribution of the square \(\big (\mathcal {C}(q,m)\big )^2\), whose dual has \(\lfloor \frac{m}{2}\rfloor +1\) zeros. Using the character sums method and the known

The learning parity with noise (LPN) problem underlines several classic cryptographic primitives. Researchers have attempted to show the algorithmic difficulty of this problem by finding a reduction from the decoding problem of linear codes, for which several hardness results exist. Earlier studies used code smoothing as a technical tool to achieve such reductions for codes with vanishing rate. This

In this paper, we introduce and study the problem of binary stretch embedding of edge-weighted graphs in both integer and fractional settings. Roughly speaking, the binary stretch embedding problem for a weighted graph G is to find a mapping from the vertex set of G, to the vertices of a hypercube graph such that the distance between every pair of the vertices is not reduced under the mapping, hence

A \(2-(v, k, \lambda )\) design is additive if, up to isomorphism, the point set is a subset of an abelian group G and every block is zero-sum. This definition was introduced in Caggegi et al. (J Algebr Comb 45:271-294, 2017) and was the starting point of an interesting new theory. Although many additive designs have been constructed and known designs have been shown to be additive, these structures

Lattices have many significant applications in cryptography. In 2021, the p-adic signature scheme and public-key encryption cryptosystem were introduced. They are based on the Longest Vector Problem (LVP) and the Closest Vector Problem (CVP) in p-adic lattices. These problems are considered to be challenging and there are no known deterministic polynomial time algorithms to solve them. In this paper

Homomorphic encryption (HE) is one of the mainstream cryptographic tools used to enable secure outsourced computation. A typical task is secure matrix computation, which is a fundamental operation used in various outsourced computing applications such as statistical analysis and machine learning. In this paper, we present a new framework for secure multiplication of two matrices with size \(r \times

A function \(f: {\mathbb {F}}_q \rightarrow {\mathbb {F}}_q\), is called an almost perfect nonlinear (APN) if \(f(X+a)-f(X) =b\) has at most 2 solutions for every \(b,a \in {\mathbb {F}}_q\), with a nonzero. Furthermore, it is called an exceptional APN if it is an APN on infinitely many extensions of \({\mathbb {F}}_q\). These problems are equivalent to finding rational points on the corresponding

Impossible differential cryptanalysis is a crucial cryptanalytical method for symmetric ciphers. Given an impossible differential, the key recovery attack typically proceeds in two steps: generating pairs of data and then identifying wrong keys using the guess-and-filtering method. At CRYPTO 2023, Boura et al. first proposed a new key recovery technique—the differential meet-in-the-middle attack, which

A problem of current interest, also motivated by applications to Coding theory, is to find explicit equations for maximal curves, that are projective, geometrically irreducible, non-singular curves defined over a finite field \(\mathbb {F}_{q^2}\) whose number of \(\mathbb {F}_{q^2}\)-rational points attains the Hasse-Weil upper bound \(q^2+2\mathfrak {g}q+1\) where \(\mathfrak {g}\) is the genus of

Multivariate public key cryptography (MPKC) is one of the most promising alternatives to build quantum-resistant signature schemes, as evidenced in NIST’s call for additional post-quantum signature schemes. The main assumption in MPKC is the hardness of the Multivariate Quadratic (MQ) problem, which seeks for a common root to a system of quadratic polynomials over a finite field. Although the Crossbred

The Internet of Things (IoT) has become a necessary part of modern technology, enabling devices to connect and interact with each other. Unless applicable cryptographic components have adequate security protection, the IoT could easily leak private data. Impossible differential cryptanalysis (IDC) is one of the best-known techniques for cryptanalysis of block ciphers. Several papers are aimed at formalizing

We present a new result on the nonexistence of generalized bent functions (GBFs) from \((\mathbb {Z}/t\mathbb {Z})^n\) to \(\mathbb {Z}/t\mathbb {Z}\) (called type [n, t]) for a large class. Assume p is an odd prime number. By showing certain quadratic norm form equations having no integral points, we obtain a universal result on the nonexistence of GBFs with type \([n, 2p^e]\) when p and n satisfy

This paper provides new bounds on the size of spheres in any coordinate-additive metric with a particular focus on improving existing bounds in the sum-rank metric. We derive improved upper and lower bounds based on the entropy of a distribution related to the Boltzmann distribution, which work for any coordinate-additive metric. Additionally, we derive new closed-form upper and lower bounds specifically

Let \(\ell ^m\) be a power with \(\ell \) a prime greater than 3 and \(m\) a positive integer such that 3 is a primitive root modulo \(2\ell ^m\). Let \(\mathbb {F}_3\) be the finite field of order 3, and let \(\mathbb {F}\) be the \(\ell ^{m-1}(\ell -1)\)-th extension field of \(\mathbb {F}_3\). Denote by \(\text {Tr}\) the absolute trace map from \(\mathbb {F}\) to \(\mathbb {F}_3\). For any \(\alpha

We study the hardness of the Syndrome Decoding problem, the base of most code-based cryptographic schemes, such as Classic McEliece, in the presence of side-channel information. We use ChipWhisperer equipment to perform a template attack on Classic McEliece running on an ARM Cortex-M4, and accurately classify the Hamming weights of consecutive 32-bit blocks of the secret error vector \(\textbf{e}\in

We compute the weight distribution of the binary Reed–Muller code \({\mathcal {R}} (4,9)\) by combining the methodology described in D. V. Sarwate’s Ph.D. thesis from 1973 with newer results on the affine equivalence classification of Boolean functions. More specifically, to address this problem posed, e.g., in the book of MacWilliams and Sloane, we apply an enhanced approach based on the classification

Given two linear codes, the code equivalence problem asks to find an isometry mapping one code into the other. The problem can be described in terms of group actions and, as such, finds a natural application in signatures derived from a Zero-Knowledge Proof system. A recent paper, presented at Asiacrypt 2023, showed how a proof of equivalence can be significantly compressed by describing how the isometry

This paper focuses on the study of triple-twisted generalized Reed–Solomon (TTGRS) codes over a finite field \({\mathbb {F}}_q\), having twists \(\varvec{t} = (1, 2, 3)\) and hooks \(\varvec{h} = (0, 1, 2)\). We have obtained the necessary and sufficient conditions for such TTGRS codes to be MDS, AMDS, and AAMDS via algebraic techniques. We have also enumerated these codes for some particular values

An orientable sequence of order n over an alphabet\(\{0,1,\ldots , k{-}1\}\) is a cyclic sequence such that each length-n substring appears at most once in either direction. When \(k= 2\), efficient algorithms are known to construct binary orientable sequences, with asymptotically optimal length, by applying the classic cycle-joining technique. The key to the construction is the definition of a parent

SCARF, an ultra low-latency tweakable block cipher, is the first cipher designed for cache randomization. The block cipher design is significantly different from other common tweakable block ciphers; with a block size of only 10 bits, and yet the input key size is a whopping 240 bits. Notably, the majority of the round key in its round function is absorbed into the data path through AND operations

Let p be any prime number such that \(p\equiv 1 \pmod 4\), and let \({\mathbb {F}}_p\) be the finite field of p elements. In this paper, we first construct a new AMDS symbol-pair cyclic code of length 4p and of symbol-pair distance 9 by examining its generator polynomial. We then use the generator polynomial to obtain a family of \((p-1)/2\) AMDS symbol-pair constacyclic codes of the same length and

In 1999, Xing, Niederreiter and Lam introduced a generalization of AG codes (GAG codes) using the evaluation at non-rational places of a function field. In this paper, we show that one can obtain a locality parameter r in such codes by using only non-rational places of degree at most r. This is, up to the author’s knowledge, a new way to construct locally recoverable codes (LRCs). We give an example

Symbol-pair codes introduced by Cassuto and Blaum in 2010 are designed to protect against pair errors in symbol-pair read channels. This special channel structure is motivated by the limitations of the reading process in high density data storage systems, where it is no longer possible to read individual symbols. In this work, we study bounds and constructions of codes in symbol-pair metric. By using

Two-dimensional multilength optical orthogonal codes (2D MLOOCs) were proposed as a means of simultaneously reducing the chip rate and accommodating multimedia services with multiple bit rates and quality of service (QoS) requirements in OCDMA networks. This paper considers two-dimensional multilength optical orthogonal codes with inter-cross-correlation of \(\lambda =2\). New upper bounds on the size

Non-overlapping codes over a given alphabet are defined as a set of words satisfying the property that no prefix of any length of any word is a suffix of any word in the set, including itself. When the word lengths are variable, it is additionally required that no word is contained as a subword within any other word. In this paper, we present a new construction of variable-length non-overlapping codes

Anemoi is a family of compression and hash functions over finite fields \(\mathbb {F}_q\) for efficient Zero-Knowledge applications. Its round function is based on a novel permutation \(\mathcal {H}: \mathbb {F}_q^2 \rightarrow \mathbb {F}_q^2\), called the open Flystel, which is parametrized by a permutation \(E: \mathbb {F}_q \rightarrow \mathbb {F}_q\) and two functions \(Q_\gamma , Q_\delta : \mathbb