San Ling

Yang Li, Zhenliang Lu, San Ling et al.

Maximum distance separable (MDS) codes and near MDS (NMDS) codes are of particular interest in coding theory due to their optimal error-correcting capabilities and wide applications in communication, cryptography, and storage systems. A family of linear codes is called a family of non-GRS MDS-NMDS codes if for each $[n,k]_q$ code in the family, it is either an $[n,k,n-k+1]_q$ MDS code that is not monomially equivalent to any GRS code or extended GRS code, or an $[n,k,n-k]_q$ NMDS code. This paper develops a unified framework for constructing new families of non-GRS MDS-NMDS codes via deep holes. We show that, starting from a family of $[n,k]_q$ non-GRS MDS-NMDS codes with covering radius $n-k$, one can systematically obtain more $[n+1,k+1]_q$ non-GRS MDS-NMDS codes. The proposed framework is further reformulated in terms of the second kind of extended codes. This reformulation recovers a main result of Wu, Ding, and Chen (IEEE Trans. Inf. Theory, 71(1): 263-272, 2025), provides a provable reduction in the computational complexity compared with the approach of Ma, Kai, and Zhu (Finite Fields Appl., 114, 102844, 2026), and reveals additional structural properties of the resulting codes. As an application, we determine the covering radius and characterize two classes of deep holes of extended subcodes of GRS codes. By applying our framework, we obtain three new families of non-GRS MDS-NMDS codes and investigate the monomial equivalence between the resulting codes and Roth-Lempel codes.

Alfred Marcel Bruckstein, Martianus Frederic Ezerman, Adamas Aqsa Fahreza et al.

Holographic representations of data enable distributed storage with progressive refinement when the stored packets of data are made available in any arbitrary order. In this paper, we propose and test patch-based transform coding holographic sensing of image data. Our proposal is optimized for progressive recovery under random order of retrieval of the stored data. The coding of the image patches relies on the design of distributed projections ensuring best image recovery, in terms of the $\ell_2$ norm, at each retrieval stage. The performance depends only on the number of data packets that has been retrieved thus far. Several possible options to enhance the quality of the recovery while changing the size and number of data packets are discussed and tested. This leads us to examine several interesting bit-allocation and rate-distortion trade offs, highlighted for a set of natural images with ensemble estimated statistical properties.

Martianus Frederic Ezerman, Hyung Tae Lee, San Ling et al.

We solve an open question in code-based cryptography by introducing two provably secure group signature schemes from code-based assumptions. Our basic scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. The construction produces smaller key and signature sizes than the previous group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed $2^{24}$, which is roughly comparable to the current population of the Netherlands. We develop the basic scheme further to achieve the strongest anonymity notion, i.e., CCA-anonymity, with a small overhead in terms of efficiency. The feasibility of two proposed schemes is supported by implementation results. Our two schemes are the first in their respective classes of provably secure groups signature schemes. Additionally, the techniques introduced in this work might be of independent interest. These are a new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem.

San Ling, Khoa Nguyen, Huaxiong Wang et al.

Group signatures allow users of a group to sign messages anonymously in the name of the group, while incorporating a tracing mechanism to revoke anonymity and identify the signer of any message. Since its introduction by Chaum and van Heyst (EUROCRYPT 1991), numerous proposals have been put forward, yielding various improvements on security, efficiency and functionality. However, a drawback of traditional group signatures is that the opening authority is given too much power, i.e., he can indiscriminately revoke anonymity and there is no mechanism to keep him accountable. To overcome this problem, Kohlweiss and Miers (PoPET 2015) introduced the notion of accountable tracing signatures (ATS) - an enhanced group signature variant in which the opening authority is kept accountable for his actions. Kohlweiss and Miers demonstrated a generic construction of ATS and put forward a concrete instantiation based on number-theoretic assumptions. To the best of our knowledge, no other ATS scheme has been known, and the problem of instantiating ATS under post-quantum assumptions, e.g., lattices, remains open to date. In this work, we provide the first lattice-based accountable tracing signature scheme. The scheme satisfies the security requirements suggested by Kohlweiss and Miers, assuming the hardness of the Ring Short Integer Solution (RSIS) and the Ring Learning With Errors (RLWE) problems. At the heart of our construction are a lattice-based key-oblivious encryption scheme and a zero-knowledge argument system allowing to prove that a given ciphertext is a valid RLWE encryption under some hidden yet certified key. These technical building blocks may be of independent interest, e.g., they can be useful for the design of other lattice-based privacy-preserving protocols.

San Ling, Khoa Nguyen, Huaxiong Wang et al.

In this work, we provide the first lattice-based group signature that offers full dynamicity (i.e., users have the flexibility in joining and leaving the group), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Libert et al.'s fully static construction (Eurocrypt 2016) - which is arguably the most efficient lattice-based group signature to date, we introduce simple-but-insightful tweaks that allow to upgrade it directly into the fully dynamic setting. More startlingly, our scheme even produces slightly shorter signatures than the former, thanks to an adaptation of a technique proposed by Ling et al. (PKC 2013), allowing to prove inequalities in zero-knowledge. Our design approach consists of upgrading Libert et al.'s static construction (EUROCRYPT 2016) - which is arguably the most efficient lattice-based group signature to date - into the fully dynamic setting. Somewhat surprisingly, our scheme produces slightly shorter signatures than the former, thanks to a new technique for proving inequality in zero-knowledge without relying on any inequality check. The scheme satisfies the strong security requirements of Bootle et al.'s model (ACNS 2016), under the Short Integer Solution (SIS) and the Learning With Errors (LWE) assumptions. Furthermore, we demonstrate how to equip the obtained group signature scheme with the deniability functionality in a simple way. This attractive functionality, put forward by Ishida et al. (CANS 2016), enables the tracing authority to provide an evidence that a given user is not the owner of a signature in question. In the process, we design a zero-knowledge protocol for proving that a given LWE ciphertext does not decrypt to a particular message.

San Ling, Khoa Nguyen, Huaxiong Wang et al.

Group signature is a fundamental cryptographic primitive, aiming to protect anonymity and ensure accountability of users. It allows group members to anonymously sign messages on behalf of the whole group, while incorporating a tracing mechanism to identify the signer of any suspected signature. Most of the existing group signature schemes, however, do not guarantee security once secret keys are exposed. To reduce potential damages caused by key exposure attacks, Song (ACMCCS 2001) put forward the concept of forward-secure group signature (FSGS), which prevents attackers from forging group signatures pertaining to past time periods even if a secret group signing key is revealed at the current time period. For the time being, however, all known secure FSGS schemes are based on number-theoretic assumptions, and are vulnerable against quantum computers. In this work, we construct the first lattice-based FSGS scheme. Our scheme is proven secure under the Short Integer Solution and Learning With Errors assumptions. At the heart of our construction is a scalable lattice-based key evolving mechanism, allowing users to periodically update their secret keys and to efficiently prove in zero-knowledge that key evolution process is done correctly. To realize this essential building block, we first employ the Bonsai tree structure by Cash et al. (EUROCRYPT 2010) to handle the key evolution process, and then develop Langlois et al.'s construction (PKC 2014) to design its supporting zero-knowledge protocol.

San Ling, Khoa Nguyen, Huaxiong Wang et al.

Efficient user revocation is a necessary but challenging problem in many multi-user cryptosystems. Among known approaches, server-aided revocation yields a promising solution, because it allows to outsource the major workloads of system users to a computationally powerful third party, called the server, whose only requirement is to carry out the computations correctly. Such a revocation mechanism was considered in the settings of identity-based encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui et al. (ESORICS 2016), respectively. In this work, we consider the server-aided revocation mechanism in the more elaborate setting of predicate encryption (PE). The latter, introduced by Katz, Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access to encrypted data and can be viewed as a generalization of identity-based and attribute-based encryption. Our contribution is two-fold. First, we formalize the model of server-aided revocable predicate encryption (SR-PE), with rigorous definitions and security notions. Our model can be seen as a non-trivial adaptation of Cui et al.'s work into the PE context. Second, we put forward a lattice-based instantiation of SR-PE. The scheme employs the PE scheme of Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients, which work smoothly together thanks to a few additional techniques. Our scheme is proven secure in the standard model (in a selective manner), based on the hardness of the Learning With Errors (LWE) problem.

Zhe Li, San Ling, Chaoping Xing et al.

In this paper, we propose new classes of trapdoor functions to solve the closest vector problem in lattices. Specifically, we construct lattices based on properties of polynomials for which the closest vector problem is hard to solve unless some trapdoor information is revealed. We thoroughly analyze the security of our proposed functions using state-of-the-art attacks and results on lattice reductions. Finally, we describe how our functions can be used to design quantum-safe encryption schemes with reasonable public key sizes. In particular, our scheme can offer around $106$ bits of security with a public key size of around $6.4$ $\texttt{KB}$. Our encryption schemes are efficient with respect to key generation, encryption and decryption.

Zuling Chang, Martianus Frederic Ezerman, San Ling et al.

We study a class of Linear Feedback Shift Registers (LFSRs) with characteristic polynomial $f(x)=p(x)q(x)$ where $p(x)$ and $q(x)$ are distinct irreducible polynomials in $\F_2[x]$. Important properties of the LFSRs, such as the cycle structure and the adjacency graph, are derived. A method to determine a state belonging to each cycle and a generic algorithm to find all conjugate pairs shared by any pair of cycles are given. The process explicitly determines the edges and their labels in the adjacency graph. The results are then combined with the cycle joining method to efficiently construct a new class of de Bruijn sequences. An estimate of the number of resulting sequences is given. In some cases, using cyclotomic numbers, we can determine the number exactly.

Alexander Zeh, San Ling

Linear quasi-cyclic product codes over finite fields are investigated. Given the generating set in the form of a reduced Gr{ö}bner basis of a quasi-cyclic component code and the generator polynomial of a second cyclic component code, an explicit expression of the basis of the generating set of the quasi-cyclic product code is given. Furthermore, the reduced Gr{ö}bner basis of a one-level quasi-cyclic product code is derived.

Jie Chen, Hoon Wei Lim, San Ling et al.

In Identity-Based Encryption (IBE) systems, key revocation is non-trivial. This is because a user's identity is itself a public key. Moreover, the private key corresponding to the identity needs to be obtained from a trusted key authority through an authenticated and secrecy protected channel. So far, there exist only a very small number of revocable IBE (RIBE) schemes that support non-interactive key revocation, in the sense that the user is not required to interact with the key authority or some kind of trusted hardware to renew her private key without changing her public key (or identity). These schemes are either proven to be only selectively secure or have public parameters which grow linearly in a given security parameter. In this paper, we present two constructions of non-interactive RIBE that satisfy all the following three attractive properties: (i) proven to be adaptively secure under the Symmetric External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions; (ii) have constant-size public parameters; and (iii) preserve the anonymity of ciphertexts---a property that has not yet been achieved in all the current schemes.