Abstract
Code-based cryptography is a candidate for post-quantum cryptography and the security of code-based cryptosystems relate to the hardness of the syndrome decoding problem. The Information Set Decoding (ISD) algorithm initiated by Prange is a typical method for solving the syndrome decoding problem. Various methods have been proposed that make use of exponentially large lists to accelerate the ISD algorithm. Furthermore, Bernstein (PQCrypto 2010) and Kachigar and Tillich (PQCrypto 2017) applied Grover’s algorithm and quantum walks to obtain quantum ISD algorithms that are much faster than their classical ones. These quantum ISD algorithms also require exponentially large lists as the classical algorithms, and they must be kept in quantum states. In this paper, we propose a new quantum ISD algorithm by combining Both and May’s classical ISD algorithm (PQcrypto 2018), Grover’s algorithm, and Kirshanova’s quantum walk (PQCrypto 2018). The proposed algorithm keeps an exponentially large list in the quantum state just like the existing quantum ISD algorithms, but the list size is much smaller. Although the proposed algorithm is slower than the existing algorithms when there is sufficient quantum memory, it is fastest when the amount of quantum memory is limited. Due to the property, we believe that our algorithm will be the fastest ISD algorithm in actual quantum computing since large-scale quantum computers seem hard to realize.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
We note that the syndrome decoding problem which we study in this paper is full distance decoding.
- 3.
The depth \(d = 2\) is not an optimized value. If we use the larger d, we may be able to obtain the faster quantum ISD algorithms. However, we cannot analyze the time complexity of larger \(d \ge 3\) since the numerical analysis of the computational complexity requires huge time due to more parameters that should be optimized.
- 4.
To be precise, the original \(\texttt{Prange}\) fixes the parameter to \(p = 0\).
- 5.
To be precise, the condition of \(\textbf{P}\) is not the same as that of \(\texttt{Prange}\).
- 6.
- 7.
Kirshanova proposed other quantum variants of \(\texttt {Stern}\) (Sect. 4 of [16]) that run in time \(\widetilde{\mathcal {O}}(2^{0.059922n})\) (resp. \(\widetilde{\mathcal {O}}(2^{0.059922n})\)) with space \(\widetilde{\mathcal {O}}(2^{0.00897n})\) (resp. \(\widetilde{\mathcal {O}}(2^{0.00808n})\)). Although we tried to find the optimized parameters to obtain the computational complexity via brute force search, we could not find them. Thus, we do not compare our result with these algorithms.
References
Amico, M., Saleem, Z.H., Kumph, M.: Experimental study of Shor’s factoring algorithm using the IBM Q experience. Phys. Rev. A 100, 012305 (2019)
Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in \(2^{n/20}\): How \(1 + 1 = 0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_31
Bernstein, D.J.: Grover vs. McEliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 73–80. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12929-2_6
Both, L.: Solvin k-list problems and their impact on information set decoding. Ph.D. thesis, Ruhr University Bochum, Germany (2018)
Both, L., May, A.: Optimizing BJMM with nearest neighbors : full decoding in \(2^{2n / 21}\) and MCEliece security. In: The Tenth International Workshop on Coding and Cryptography (WCC2017) (2017)
Both, L., May, A.: Decoding linear codes with high error rate and its impact for LPN security. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 25–46. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_2
Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.: Statistical decoding 2.0: reducing decoding to LPN. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology - ASIACRYPT 2022–28th International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 13794, pp. 477–507. Springer (2022). https://doi.org/10.1007/978-3-031-22972-5_17
Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings of the 5th Joint Soviet-Swedish International Workshop Information Theory, pp. 50–52 (1991)
Esser, A.: Revisiting nearest-neighbor-based information set decoding. IACR Cryptol. ePrint Arch, 1328 (2022)
Esser, A., Bellini, E.: Syndrome decoding estimator. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) Public-Key Cryptography - PKC 2022–25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part I. Lecture Notes in Computer Science, vol. 13177, pp. 112–141. Springer (2022). https://doi.org/10.1007/978-3-030-97121-2_5
Esser, A., May, A., Zweydinger, F.: Mceliece needs a break - solving mceliece-1284 and quasi-cyclic-2918 with modern ISD. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology - EUROCRYPT 2022–41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings, Part III. Lecture Notes in Computer Science, vol. 13277, pp. 433–457. Springer (2022). https://doi.org/10.1007/978-3-031-07082-2_16
Esser, A., Ramos-Calderer, S., Bellini, E., Latorre, J.I., Manzano, M.: Hybrid decoding - classical-quantum trade-offs for information set decoding. In: Cheon, J.H., Johansson, T. (eds.) Post-Quantum Cryptography - 13th International Workshop, PQCrypto 2022, Proceedings. Lecture Notes in Computer Science, vol. 13512, pp. 3–23. Springer (2022). https://doi.org/10.1007/978-3-031-17234-2_1
Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_6
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing. pp. 212–219. ACM (1996)
Kachigar, G., Tillich, J.-P.: Quantum information set decoding algorithms. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 69–89. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_5
Kirshanova, E.: Improved quantum information set decoding. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 507–527. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_24
Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_25
Magniez, F., Nayak, A., Roland, J., Santha, M.: Search via quantum walk. SIAM J. Comput. 40(1), 142–164 (2011)
May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_6
May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_9
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114–116 (1978)
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15(2), 159–166 (1986)
NIST. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions
Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)
Schroeppel, R., Shamir, A.: A \(T=O(2^{n/2}), s=O(2^{n/4})\) algorithm for certain NP-complete problems. SIAM J. Comput. 10(3), 456–464 (1981)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society (1994)
Stern, J.: A method for finding codewords of small weight. In: Cohen, G.D., Wolfmann, J. (eds.) Coding Theory and Applications, 3rd International Colloquium, Proceedings. Lecture Notes in Computer Science, vol. 388, pp. 106–113. Springer, Berlin (1988). https://doi.org/10.1007/BFb0019850
Acknowledgement
This work was partially supported by JSPS KAKENHI Grant Number 19K20267 and 21H03440, Japan, and JST CREST Grant Number JPMJCR2113, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kimura, N., Takayasu, A., Takagi, T. (2023). Memory-Efficient Quantum Information Set Decoding Algorithm. In: Simpson, L., Rezazadeh Baee, M.A. (eds) Information Security and Privacy. ACISP 2023. Lecture Notes in Computer Science, vol 13915. Springer, Cham. https://doi.org/10.1007/978-3-031-35486-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-35486-1_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35485-4
Online ISBN: 978-3-031-35486-1
eBook Packages: Computer ScienceComputer Science (R0)