Giulia Cavicchioni, Eleonora Guerrini, Julien Lavauzelle
In this work, we study the codes over the integers with locality constraints. We introduce a weighted notion of locality over $\mathbb{Z}/q_1\mathbb{Z} \times \cdots \times \mathbb{Z}/q_n\mathbb{Z}$ and derive a Singleton-like bound for locally recoverable codes. We also propose some code constructions with locality, including integer analogs of Tamo--Barg codes.
Sarah Bordage, Julien Lavauzelle
We show that the single-server computational PIR protocol proposed by Holzbaur, Hollanti and Wachter-Zeh in 2020 is not private, in the sense that the server can recover in polynomial time the index of the desired file with very high probability. The attack relies on the following observation. Removing rows of the query matrix corresponding to the desired file yields a large decrease of the dimension over $\mathbb{F}_q$ of the vector space spanned by the rows of this punctured matrix. Such a dimension loss only shows up with negligible probability when rows unrelated to the requested file are deleted.
Julien Lavauzelle, Pierre Loidreau, Ba-Duc Pham
We present a rank metric code-based encryption scheme with key and ciphertext sizes comparable to that of isogeny-based cryptography for an equivalent security level. The system also benefits from efficient encryption and decryption algorithms, which rely on linear algebra operations over finite fields of moderate sizes. The security only relies on rank metric decoding problems, and does not require to hide the structure of a code. Based on the current knowledge, those problems cannot be efficiently solved by a quantum computer. Finally, the proposed scheme admits a failure probability that can be precisely controlled and made as low as possible.
Julien Lavauzelle, Julian Renner
Twisted Reed-Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed--Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the fact that a large subfamily of TRS codes is resilient to a direct use of known algebraic key-recovery methods. In this paper, an efficient key-recovery attack on the TRS variant that was used in the McEliece cryptosystem is presented. The algorithm exploits a new approach based on recovering the structure of a well-chosen subfield subcode of the public code. It is proved that the attack always succeeds and breaks the system for all practical parameters in $O(n^4)$ field operations. A software implementation of the algorithm retrieves a valid private key from the public key within a few minutes, for parameters claiming a security level of 128 bits. The success of the attack also indicates that, contrary to common beliefs, subfield subcodes of the public code need to be precisely analyzed when proposing a McEliece-type code-based cryptosystem. Finally, the paper discusses an attempt to repair the scheme and a modification of the attack aiming at Gabidulin-Paramonov-Tretjakov cryptosystems based on twisted Gabidulin codes.
Julien Lavauzelle, Jade Nardi
Low degree Reed-Muller codes are known to satisfy local decoding properties which find applications in private information retrieval (PIR) protocols, for instance. However, their practical instantiation encounters a first barrier due to their poor information rate in the low degree regime. This lead the community to design codes with similar local properties but larger dimension, namely the lifted Reed-Solomon codes. However, a second practical barrier appears when one requires that the PIR protocol resists collusions of servers. In this paper, we propose a solution to this problem by considering \emph{weighted} Reed-Muller codes. We prove that such codes allow us to build PIR protocols with optimal computation complexity and resisting to a small number of colluding servers. In order to improve the dimension of the codes, we then introduce an analogue of the lifting process for weigthed degrees. With a careful analysis of their degree sets, we notably show that the weighted lifting of Reed-Solomon codes produces families of codes with remarkable asymptotic parameters.