LCD codes over F q are as good as linear codes for q at least four - PowerPoint PPT Presentation

LCD codes over F q are as good as linear codes for q at least four Ruud Pellikaan g.r.pellikaan@tue.nl International Conference on Graph Theory and Information Security ICGTIS, August 7, 2017 Universitas Indonesia, Depok, Indonesia Faculteit Wiskunde & Informatica

Content 2/35 1. Error-correcting codes • Parameters of a code • Generator and parity check matrix of a linear code 2. LCD codes • Inner product and dual code • Hull of a code and linear codes with complementary dual (LCD) • Permutational, scalar and monomial equivalence 3. Applications • Two-user binary adder channel (2-BAC) • Side channel attack (SCA) and Fault Injection Attack (FIA) 4. Proof Main Theorem • Theory of Gröbner bases • Proof 5. Conclusion Faculteit Wiskunde & Informatica

3/35 Error-correcting codes Faculteit Wiskunde & Informatica

Error-correcting codes 4/35 Communication: internet, telephone, WiFi, computer Memory: computer, compact disc, DVD, USB stick Barcodes, ISBN, product codes, QR codes ... Faculteit Wiskunde & Informatica

Information theory - Shannon 5/35 message message sender 001... 011... receiver ✲ ✲ ✲ ✲ source target encoding decoding ✻ noise Faculteit Wiskunde & Informatica

Hamming distance 6/35 Q alphabet of q elements Hamming distance d ( x , y ) = |{ i | x i � = y i }| between x = ( x 1 , . . . , x n ) and y = ( y 1 , . . . , y n ) in Q n y ❍❍❍❍❍ ❨ ❍ ❍ � � ✒ ❍ d ( y , z ) � ❍ � ❍ � d ( x , y ) ❥ ❍ ❍ � ✿ z ✘ ✘ ✘✘✘✘✘✘✘✘✘✘✘ ✘ ✘ � ✘ � ✘ ✘ ✘ � ✘ � ✘ ✘ ✘ d ( x , z ) ✾ ✘ � ✠ � x Triangle inequality Faculteit Wiskunde & Informatica

Block codes 7/35 C is called (block) code if it is a subset of Q n The minimum distance of C is: d ( C ) = min { d ( x , y ) | x , y ∈ C , x � = y } parameters of C are ( n , M , d ) q or ( n , M , d ) q = | Q | = size of alphabet Q n = length of C M = | C | = size of C = d ( C ) = minimum distance of C d Faculteit Wiskunde & Informatica

Linear codes and their parameters 8/35 F q the finite field with q = p e elements and p prime F n q is an F q -linear vector space of dimension n A linear code is an F q -linear subspace C of F n q with parameters [ n , k , d ] q or [ n , k , d ] or [ n , k ] q = size finite field n = length of C k = dimension of C d = minimum distance of C r = redundancy of C = n − k Faculteit Wiskunde & Informatica

Generator matrix 9/35 Let C be an [ n , k ] linear code over F q Then G is a generator matrix of C if it is a k × n matrix with entries in F q such that its rows are a basis of C Let m = ( m 1 , . . . , m k ) ∈ F k q be a message Then c = m G is a codeword F k → F n q − q Encoding m �→ m G = c So C is the image of F k q under G Faculteit Wiskunde & Informatica

Parity check matrix 10/35 Let C be an [ n , k ] linear code over F q Then H is called a parity check matrix of C if it is a ( n − k ) × n matrix with entries in F q such that r ∈ C if and only if r H T = 0 F n → F n − k q − q r �→ r H T r ∈ C if and only if syndrome c H T is zero So C is left kernel (null space) of H T Faculteit Wiskunde & Informatica

11/35 LCD codes Faculteit Wiskunde & Informatica

Inner product 12/35 The standard inner product is defined by a · b = a 1 b 1 + · · · + a n b n Is bilinear and non-degenerate but positive definite makes no sense not right picture Vectors a , b ∈ F n q are perpendicular denoted by a ⊥ b if and only if a · b = 0 Faculteit Wiskunde & Informatica

Dual code 13/35 Let C be a linear code in F n q The dual code is defined by C ⊥ = { x ∈ F n q | x · c = 0 for all c ∈ C } PROPOSITION Let C be an [ n , k ] code with generator matrix G Then C ⊥ is an [ n , n − k ] code with G as parity check matrix Faculteit Wiskunde & Informatica

LCD codes - Massey 1992 14/35 The code C is called linear with complementary dual (LCD) if C ∩ C ⊥ = { 0 } PROPOSITION (1992 Massey) LCD codes are asymptotically good (2004 Sendrier) LCD codes meet the Gilbert-Varshamov bound Faculteit Wiskunde & Informatica

Hull of a code 15/35 The hull of an F q -linear code C is defined by H ( C ) = C ∩ C ⊥ Hence C is LCD if and only if H ( C ) = { 0 } Faculteit Wiskunde & Informatica

Dimension of the hull 16/35 PROPOSITION Let C be an F q -linear [ n , k ] code Let h be the dimension of H ( C ) and r = k − h Then C has a generator matrix G 0 such that � O h × h � O h × r G 0 G T 0 = O r × h P , where O l × m is the all zeros l × m matrix and P is an invertible r × r matrix Furthermore the rank of G 1 G T 1 is r for every generator matrix G 1 of C Faculteit Wiskunde & Informatica

LCD 17/35 COROLLARY Let C be an F q -linear [ n , k ] code with generator matrix G Then the following statements are equivalent: ◮ C is LCD ◮ C ∩ C ⊥ = { 0 } ◮ GG T has rank k ◮ GG T is invertible Faculteit Wiskunde & Informatica

Example - Hamming code 18/35 Let C be the binary [ 7 , 4 , 3 ] Hamming code with generator matrix  1 0 0 0 0 1 1  0 1 0 0 1 0 1   G 1 =   0 0 1 0 1 1 0   0 0 0 1 1 1 1 Then   1 1 1 1 1 1 1 1 G 1 G T   1 = has rank 1   1 1 1 1   0 0 0 0 Hence H ( C ) has dimension 3 Faculteit Wiskunde & Informatica

Example - Hamming code 19/35 Now C has another generator matrix   1 1 0 0 1 1 0 0 1 1 0 0 1 1   G 0 =   0 0 0 1 1 1 1   0 0 1 0 1 1 0 with  0 0 0 0  0 0 0 0 G 0 G T   0 =   0 0 0 0   0 0 0 1 Faculteit Wiskunde & Informatica

Permutational, diagonal and monomial matrices 20/35 ◮ A permutation matrix is a square matrix with zeros and ones such that in every row (and in every column) there is exactly one element equal to one ◮ A diagonal matrix is a square matrix with zeros outside its diagonal ◮ A monomial matrix is a square matrix such that in every row (and in every column) there is exactly one nonzero element A permutation matrix and an invertible diagonal matrix are special monomial matrices Faculteit Wiskunde & Informatica

Permutational, scalar and monomial equivalent 21/35 Let C 1 and C 2 be F q -linear codes of length n Then C 1 and C 2 are called ◮ permutational equivalent if there exists a permutation matrix P such that C 1 P = C 2 ◮ diagonal equivalent if there exists an invertible diagonal matrix D such that C 1 D = C 2 ◮ linear equivalent or monomial equivalent if there exists a monomial matrix M such that C 1 M = C 2 Faculteit Wiskunde & Informatica

Dimension of the hull under equivalence 22/35 The dimension of the hull of a code is ◮ invariant under permutational equivalence ◮ also invariant under monomial equivalence if q = 2 , 3 ◮ can be computed with the (extended) weight enumerator ◮ is used to find the permutation in case C 1 and C 2 are permutational equivalent ◮ is not a monomial equivalence invariant if q ≥ 4 Faculteit Wiskunde & Informatica

23/35 Applications Faculteit Wiskunde & Informatica

Two-user binary adder channel (2-BAC) 24/35 Let x , y ∈ F 2 Define x ⊕ y ∈ Z by x y x ⊕ y 0 0 0 1 0 1 0 1 1 1 1 2 Let x , y ∈ F n 2 Define x ⊕ y = ( x 1 ⊕ y 1 , . . . , x n ⊕ y n ) Faculteit Wiskunde & Informatica

Unique decodable 25/35 Let C and D be F q -linear codes of length n Define C × D = { ( c , d ) | c ∈ C , d ∈ D } C ⊕ D = { c ⊕ d | c ∈ C , d ∈ D } C ⊕ D is called unique decodable if the map C × D → C ⊕ D given by ( c , d ) �→ c ⊕ d is injective C ⊕ D is unique decodable if and only if C ∩ D = { 0 } Hence C ⊕ C ⊥ is unique decodable if and only if C is LCD Faculteit Wiskunde & Informatica

Side Channel Attack (SCA) 26/35 Faculteit Wiskunde & Informatica

Fault Injection Attack (FIA) 27/35 Faculteit Wiskunde & Informatica

Orthogonally Direct Sum Masking (ODSM) 28/35 Carlet and Guilley (2014) Let C and D be F q -linear codes of length n Define C + D = { c + d | c ∈ C , d ∈ D } If C ∩ D = { 0 } then C + D is denoted by C ⊎ D Then C ⊎ D = F n q if and only if C ∩ D = { 0 } and dim C + dim D = n Hence C ⊎ C ⊥ = F n q if and only if C is LCD Faculteit Wiskunde & Informatica

29/35 Main Theorem Faculteit Wiskunde & Informatica

Star product 30/35 Let x , y ∈ F n q Then the star product is defined by x ∗ y = ( x 1 y 1 , . . . , x n y n ) Let x ∈ F n q have nonzero entries Define x − 1 = ( x − 1 1 , . . . , x − 1 n ) Let C ⊆ F n q Define x ∗ C = { x ∗ c | c ∈ C } C 1 and C 2 are scalar equivalent if and only if there exists an x with nonzero entries such that C 2 = x ∗ C 1 Faculteit Wiskunde & Informatica

LCD codes are good 31/35 THEOREM (2017 Carlet-Mesnager-Tang-Qi-P) If q ≥ 4 and C is an F q -linear code Then there exits an x ∈ F n q with nonzero entries such that x ∗ C is an LCD code Hence LCD codes over F q are as good as F q -linear codes if q ≥ 4 Faculteit Wiskunde & Informatica