code-based cryptography - error-correcting codes and ... · introduction to coding theory “a...
TRANSCRIPT
Code-Based CryptographyError-Correcting Codes and Cryptography
0I. Márquez-Corbella
1. Error-Correcting Codes and Cryptography
1. Introduction I - Cryptography2. Introduction II - Coding Theory3. Encoding (Linear Transformation)4. Parity Checking5. Error Correcting Capacity6. Decoding (A Difficult Problem)7. Reed-Solomon Codes8. Goppa Codes9. McEliece Cryptosystem
I. Márquez-Corbella CODE-BASED CRYPTOGRAPHY
Introduction to Coding Theory
“A Mathematical Theory of Communication”(Claude Shannon, 1948)
Coding Theory Information Theory
“ Efficient transfer reliable information”
1
Introduction to Coding Theory
“A Mathematical Theory of Communication”(Claude Shannon, 1948)
Coding Theory Information Theory
“ Efficient transfer reliable information”
1
Introduction to Coding Theory
“A Mathematical Theory of Communication”(Claude Shannon, 1948)
Coding Theory Information Theory
“ Efficient transfer reliable information”
1
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication SystemAlphabet: A
Message Encoder Decoder ReceiverChannel
Message Encoder Decoder ReceiverChannel
m = (m1 . . . , mk) œ Ak
Message Encoder Decoder ReceiverChannel
Add n ≠ kredundant symbols
Encoderk information
digitsn encoded
digits
Message Encoder Decoder ReceiverChannel
Noise
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original message
Message Encoder Decoder ReceiverChannel
NoiseRecover the
original messageAdd n ≠ k
redundant symbols
Decoder( Encoder ( Message )¸ ˚˙ ˝
codeword
+ Noise ) = Message
2
Communication System - Repetition codeMessage Encoder Decoder Receiver
Channel
Noise
1. Alphabet: A = English Alphabet
Yes
YYYeeesss Y*Yeeess* Yes
2. Alphabet: A = F2
1
111 101
1
3
Communication System - Repetition codeMessage Encoder Decoder Receiver
Channel
Noise
1. Alphabet: A = English Alphabet
Yes YYYeeesss
Y*Yeeess* Yes
2. Alphabet: A = F2
1 111
101
1
3
Communication System - Repetition codeMessage Encoder Decoder Receiver
Channel
Noise
1. Alphabet: A = English Alphabet
Yes YYYeeesss Y*Yeeess*
Yes
2. Alphabet: A = F2
1 111 101
1
3
Communication System - Repetition codeMessage Encoder Decoder Receiver
Channel
Noise
1. Alphabet: A = English Alphabet
Yes YYYeeesss Y*Yeeess* Yes
2. Alphabet: A = F2
1 111 101
13
Claude Shannon
‹ Definition of Information
‹ “Channel Coding Theorems”
“For any communication channel it is possible tocommunicate discrete data nearly error free up to a
maximum rate (channel capacity)”
4
Claude Shannon
‹ Definition of Information
‹ “Channel Coding Theorems”
“For any communication channel it is possible tocommunicate discrete data nearly error free up to a
maximum rate (channel capacity)”
4
Claude Shannon
‹ Definition of Information
‹ “Channel Coding Theorems”
“For any communication channel it is possible tocommunicate discrete data nearly error free up to a
maximum rate (channel capacity)”
4
Claude Shannon
‹ Definition of Information
‹ “Channel Coding Theorems”
“For any communication channel it is possible tocommunicate discrete data nearly error free up to a
maximum rate (channel capacity)”
4
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600 FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI3250004699350600
FI1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI
3250004699350600 FI
1518 © 1 mod 97
1. Rearrange
2. Convert to Integer 3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI
3250004699350600
FI
1518
© 1 mod 97
1. Rearrange 2. Convert to Integer
3. Validate
5
Check DigitA check digit is a redundancy bit used for detecting one error
International Bank Account Number (IBAN)The IBAN is used for identifying bank account across national borders.It consist of 4 elements:
FICountry
code
32
Checkdigit
5000
Bank
4699350600Accountnumber
Basic Bank Account
FI
3250004699350600
FI
1518 © 1 mod 971. Rearrange 2. Convert to Integer 3. Validate
5
Error correcting codes in our daily life
6
Coding Theory vs. Cryptography
Coding Theory
Cryptography
Code-Based Cryptography
7
Coding Theory vs. Cryptography
Coding Theory Cryptography
Code-Based Cryptography
7
Coding Theory vs. Cryptography
Coding Theory Cryptography
Code-Based Cryptography
7
Trapdoor one-way functions - Decoder
EASYEncoder = Matrix Multiplication Message
Linea
r
Encod
er
= Codeword
HARDDecoding is NP-complete
E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg.On the Inherent Intractability of Certain Coding Problems.IEEE Trans. Inf. Theory. Vol. 24, pp. 384-386, 1978.
A. Barg.Complexity Issues in Coding Theory.Chapter 7, in Handbock of Coding Theory, 1998.
EASY(with TRAPDOOR information)Efficient decoder for certain families of codes
8
Trapdoor one-way functions - Decoder
EASYEncoder = Matrix Multiplication Message
Linea
r
Encod
er
= Codeword
HARDDecoding is NP-complete
E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg.On the Inherent Intractability of Certain Coding Problems.IEEE Trans. Inf. Theory. Vol. 24, pp. 384-386, 1978.
A. Barg.Complexity Issues in Coding Theory.Chapter 7, in Handbock of Coding Theory, 1998.
EASY(with TRAPDOOR information)Efficient decoder for certain families of codes
8
Trapdoor one-way functions - Decoder
EASYEncoder = Matrix Multiplication Message
Linea
r
Encod
er
= Codeword
HARDDecoding is NP-complete
E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg.On the Inherent Intractability of Certain Coding Problems.IEEE Trans. Inf. Theory. Vol. 24, pp. 384-386, 1978.
A. Barg.Complexity Issues in Coding Theory.Chapter 7, in Handbock of Coding Theory, 1998.
EASY(with TRAPDOOR information)Efficient decoder for certain families of codes
8
How to use Coding Theory in Cryptography?
Adds errorsin the message
Knows an efficientdecoding method
Alice Bobmessage
C*DE-*ASEC**PTO
CODE-BASEDCRYPTO
9
How to use Coding Theory in Cryptography?
Adds errorsin the message
Knows an efficientdecoding method
Alice Bobmessage
C*DE-*ASEC**PTO
CODE-BASEDCRYPTO
9
How to use Coding Theory in Cryptography?
Adds errorsin the message
Knows an efficientdecoding method
Alice Bobmessage
C*DE-*ASEC**PTO
CODE-BASEDCRYPTO
9
1. Error-Correcting Codes and Cryptography
1. Introduction I - Cryptography2. Introduction II - Coding Theory3. Encoding (Linear Transformation)4. Parity Checking5. Error Correcting Capacity6. Decoding (A Difficult Problem)7. Reed-Solomon Codes8. Goppa Codes9. McEliece Cryptosystem
I. Márquez-Corbella CODE-BASED CRYPTOGRAPHY
Pictures Licenses
• p. 4: Claude Shannon / This image is used courtesy of MIT Museum - more images available at: MIT Museum Collections - People.
• p. 6: Rights Reserved