Conference Agenda
Overview and details of the sessions of this conference. Please select a date or location to show only sessions at that day or location. Please select a single session for detailed view (with abstracts and downloads if available).
|
|
|
Session Overview | |
|
Location: Unitobler, F-122 52 seats, 100m^2 |
| Date: Tuesday, 09/Jul/2019 | |
| 10:00am - 12:00pm | MS134, part 1: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
10:00am - 12:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields.Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Ferrers Diagram Codes: Constructions and Proportion Ferrers diagram codes play a crucial role in the construction of large subspace codes. They are defined as rank-metric codes where all matrices have support in a given Ferrers diagram. A Singleton-like bound for such codes is known, but to this day it is an open problem whether the bound can be attained for all possible parameter sets. In this talk some constructions leading to optimal Ferrers diagram codes (codes attaining the bound) will be presented. Thereafter, the proportion of optimal Ferrers diagram codes within the set of all codes with the same Ferrers shape and the same dimension will be discussed. We will see that for certain shapes, optimal Ferrers diagram codes are dense (for growing field size) in the space of all codes with the same shape and dimension, while for other shapes the limiting proportion is known to be quite small, but not zero. Subspace designs and majority logic decoding In [Rudolph 1967], a simple decoding method for linear codes based on majority decision using combinatorial designs is presented. This method is called "one-step majority logic decoding" and it's attraction lies in the easy realization in hardware. It requires that the dual code has to contain the blocks of a t-design as codewords. Ever since then, people studied the linear codes generated by the blocks of t-designs. For a good code it is desirable that the rank of the block-point incidence matrix of the design is small over some finite field. The famous Hamada conjecture states that so called "classical or geometric designs" which consist of the set of all k-flats in PG(v,q) or AG(v,q), minimize the p-rank for a prime power q. The codes generated by these designs are called Euclidean Geometry (EG) codes and Projective Geometry (PG) codes. In case p = q = 2, the codes are the well known Reed-Muller codes. We report a few observations on the codes generated by "subspace designs" - also known as q-analogs of designs. The blocks of these designs generate essentially the same linear codes as the geometric designs but with sometimes much improved complexity of the one-step majority logic decoder. This may be of interest when implementing error correction with nano-scale technologies. Further, we will look at Chen's two-step majority logic decoder and the connection to rank metric codes. Bounds on the complexity of computing Groebner bases for HFE systems I will discuss some recent joint work with Christophe Petit and Daniela Mueller, in which we give upper bounds for the complexity of computing a Groebner basis of the polynomial system associated to the HFE (Hidden Field Equations) cryptosystem. Post-quantum key agreement from commutative group actions The present-day method for setting up a secure communication channel over the internet makes use of the Diffie-Hellman key exchange protocol, which is based on exponentiation in groups. However its security breaks down if an adversary would be given access to a large universal quantum computer. It is unclear whether such a device will see the light of day in the near future, but the threat alone is enough reason to make the transition to so-called "post-quantum key exchange", which is an actively ongoing process. One attractive line of thought is to replace exponentiation in groups by other commutative group actions. Currently, the only working such proposal goes back to Couveignes and uses the CM torsor, which is an action of the class group of an imaginary quadratic ring on a certain set of elliptic curves. I will explain this idea and report on a tweak called CSIDH, which was recently developed in collaboration with Lange, Martindale, Panny and Renes and leads to a considerable speed-up, from minutes to milliseconds. |
| 3:00pm - 5:00pm | MS134, part 2: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
3:00pm - 5:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields.Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Privacy and lifted codes For any linear code and abstract simplicial complex on the same ground set, we define the lift of the linear code to be the smallest code whose projection to any simplex agrees with that of the original code. The motivation for this construction comes from private information retrieval (PIR), and in particular from the so-called star-product schemes for PIR from coded storage systems with colluing servers. We study the basic combinatorial and algebraic properties of the lifted code, and relate the PIR rate of a star product scheme to the quotient of a lifted code modulo its underlying code. Decoding of 2D convolutional codes In this talk, we present a decoding algorithm for 2D convolutional codes over the erasure channel. This algorithm breaks down the decoding of the 2D convolutional code to several decoding steps with 1D convolutional codes. Moreover, we present constructions of codes, which are especially suitable for this algorithm. On the computation of the duals of certain Algebraic Geometric codes with an application to quantum codes We consider a family of smooth projective and absolutely irreducible plane curves over $mathbb{F}_q$. We compute the number of rational points and a canonical divisor for it. Thanks to it we can deduce when the associated algebraic geometric code is self-orthogonal and construct stabilizer quantum codes. This work was inspired by the work titled " Quantum error-correcting codes from Algebraic Geometry codes of Castle type." Generalization of the ball-collision algorithm Since 1978 it is known that decoding a random linear code is an NP-complete problem, this was shown by Berlekamp, McEliece and van Tilburg. One of the methods to decode a random linear code is called Information Set Decoding (ISD). Many improvements for the ISD algorithm over the binary field have been suggested, amongst them is the ball-collision algorithm by Bernstein, Lange and Peters. The problem of decoding a random linear code has recently received prominence with the McEliece cryptosystem, since ISD attacks on this cryptosystem determine the choices of secure parameters and hence the key size. Since some of the new variants of the McEliece cryptosystem involve codes over general finite fields, we present in this talk the generalization of the ball-collision algorithm to an arbitrary finite field. |
| Date: Wednesday, 10/Jul/2019 | |
| 10:00am - 12:00pm | MS134, part 3: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
10:00am - 12:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields.Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Linear Complementary Pair of Codes and Some Results on Boolean Functions This talk consists of two parts. In the first part we explain some constructions on linear complementary pair of codes and some applications to cryptography. In the second part we present some recent results on constructions and on counting certain functions related to Boolean functions. This talk presents some joint works including a number of colleagues, who will be cited in the talk. Optimal Locally Recoverable Codes via Chebotarev Density Theorem We provide a Galois theoretical framework which allows to produce good polynomials for the Tamo and Barg construction of optimal locally recoverable codes (LRC). Our approach allows to prove existence results and to construct new good polynomials, which in turn allows to build new LRCs. The existing theory of good polynomials fits in our new framework. Explicit optimal-length locally repairable codes of small distances Locally repairable codes (LRCs) have received significant recent attention as a method of designing data storage systems robust to server failure. Optimal LRCs offer the ideal trade-off between minimum distance and locality, a measure of the cost of repairing a single codeword symbol. For optimal LRCs with minimum distance greater than or equal to 5, block length is bounded by a polynomial function of alphabet size. In this talk, we give explicit constructions of optimal length (in terms of alphabet size), optimal LRCs with small minimum distances. Fast Computation of the Roots of Polynomials Over the Ring of Power Series We give an algorithm for computing all roots of polynomials over a univariate power series ring over a field K. Given a precision d and a polynomial Q whose coefficients are power series in x, the algorithm computes a representation of all power series f(x) such that Q(f(x)) = 0 mod x^d. The algorithm works unconditionally, in particular also with multiple roots, where Newton iteration fails. The cost bound for our algorithm matches the worst-case input and output size d deg(Q), up to logarithmic factors. This improves upon previous algorithms which were quadratic in at least one of d and deg(Q). Our algorithm is a refinement of a divide-and-conquer algorithm by Alekhnovich (2005), where the cost of recursive steps is better controlled via the computation of a factor of Q which has a smaller degree while preserving the roots. |
| 3:00pm - 5:00pm | MS134, part 4: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
3:00pm - 5:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields.Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Pairing-friendly curves in cryptography Pairings on elliptic curves are involved in signatures, NIZK, and recently in blockchains (ZK-SNARKS). These pairings take as input two points on an elliptic curve E over a finite field, and output a value in an extension of that finite field. Usually for efficiency reasons, this extension degree is a power of 2 and 3 (such as 12,18,24), and moreover the characteristic of the finite field has a special form. The security relies on the hardness of computing discrete logarithms in the group of points of the curve and in the finite field extension. In 2013-2016, new variants of the function field sieve and the number field sieve algorithms turned out to be faster in certain finite fields related to pairing-based cryptography, in particular those which had a very efficient arithmetic. Now small characteristic settings are discarded. The situation for GF(p^k) where p is prime and k is small is still quite unclear. We refine the work of Menezes-Sarkar-Singh and Barblescu-Duquesne to estimate the cost of a hypothetical implementation of the Special-Tower-NFS in GF(p^k) for small k, and deduce parameter sizes for cryptographic pairings. On a question of F.R.K. Chung and its relevance to the discrete logarithm problem in extension fields We consider a question possibly first raised by F.R.K. Chung in 1989 regarding the representation of elements of GF(q^n) as a product of linear elements, whose bearing on the discrete logarithm problem seems not to be well-known. Using the ring structure to solve Ring-Learning-with-Errors Ring-Learning-with-Errors is a lattice-based hard problem proposed for post-quantum cryptography. This problem has become very popular, due to its apparent quantum-safety and its adaptability to cryptographic applications, such as homomorphic encryption. It has security reductions to more familiar lattice problems. But Ring-Learning-with-Errors is usually built on two-power cyclotomic rings, and it is natural to ask if there are attacks on these problems based on the ring structure. I will discuss the ring-theoretic structure and how to exploit it to obtain some potential speedups over generic lattice algorithms. MDP convolutional codes Maximum distance profile (MDP) convolutional codes have the property that their column distances are as large as possible. It has been shown that, transmitting over an erasure channel, these codes have optimal recovery rate for windows of a certain length. Additionally, the subclass of complete MDP convolutional codes has the ability to reduce the waiting time during decoding. Hence, it is possible to develop quite efficient decoding algorithms over the erasure channel for these codes. The existence of MDP and complete MDP convolutional codes for arbitrary rate and degree has been shown for sufficiently large field sizes. Moreover, there exist basically two general construction techniques for these codes, which we will present here. However, one could see that these constructions require very large field sizes but at least the second of these constructions works for arbitrary characteristic of the field. Therefore, one goal is to investigate, which field sizes are possible in order that MDP or complete MDP convolutional codes with given rate and degree could exist. Furthermore, we aim to construct such codes over fields of possibly small size, starting to try this for rather small values for the code parameters. |
| Date: Thursday, 11/Jul/2019 | |
| 10:00am - 12:00pm | MS185, part 1: Algebraic Geometry Codes |
| Unitobler, F-122 | |
|
|
10:00am - 12:00pm
Algebraic Geometry Codes The problem of finding good codes is central to the theory of error correcting codes. For many years coding theorists have addressed this problem by adding algebraic and combinatorial structure to C. In the early 80s Goppa used algebraic curves to construct linear error correcting codes, the socalled algebraic geometric codes (AG codes). The construction of an AG code with alphabet a finite field Fq requires that the underlying curve is Fq-rational and involves two Fq-rational divisors D and G on the curve. In this minisymposium we will present results on Algebraic Geometry codes and their performances. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Weierstrass semigroups on, and a generalization of the Giulietti-Korchmáros curve The Giulietti-Korchmáros (GK) curve C is a maximal curve over GF(q^6) that was discovered in 2009. The first topic that is addressed in this talk, concerns the structure of the Weierstrass semigroups of points of this curve. It turns out that there are three possibilities for these semigroups and that the Weierstrass points of the GK curve are exactly the GF(q^6)-rational points. A description of these three possible Weierstrass semigroups will be presented. The GK curve was generalized by Garcia, Stichtenoth and Xing in 2010 in the construction of the so called GGS maximal curves. More precisely they found for each odd n>2 a curve Cn, maximal over GF(q2n). The curve C3 equals the GK curve C. In the second part of this talk a different generalization of the GK curve will be presented. Similarities and differences with the GGS curves will be discussed, especially their genera and automorphism groups. This is a joint work with Peter Beelen. Codes from the GGS maximal curves For any prime power q and odd integer n≥5, we consider the Fq^2n-maximal curve Xq,n : Z(q^n+1)/(q+1)=Yq^2-Y, Yq+1=Xq+X introduced by Garcia, Güneri, and Stichtenoth, and we construct over Fq^2n dual one-point AG codes C from an Fq^2-rational affine point P of Xq,n. We study the automorphism group of C starting from the automorphism group of the curve. We determine the Weierstrass semigroup at any affine Fq^2-rational point P of Xq,n and apply this result to the parameters of C; in particular, we compute the Feng-Rao minimum distance of C when q=2. Finally, we apply some constructions known in the literature to our codes, in order to produce families of quantum codes and convolutional codes. An Open Source Environment for Research on AG Codes Algebraic Geometry codes are studied for applications as error-correcting codes, to code-based post-quantum cryptosystems and ramp secret-sharing schemes, and so on. Thus they are mathematical objects not only described on papers but to be computed explicitly on computers. As originally defined by Goppa, AG codes are based on algebraic curves and their function fields. Therefore a computing environment for AG codes should allow computations with them as well. Such a computing environment is de facto unique, and it is Magma. Though powerful, the closed nature of the software is an obstacle in spreading the achievements of researchers in this field to other researchers and students. Here we demonstrate the current status of the endeavors to provide an open source computing environment on Sage for algebraic curves, function fields, and AG codes. Multi-point Codes from the GGS Curves This paper is concerned with the construction of algebraic-geometric (AG) codes defined from GGS curves. It is of significant use to describe bases for the Riemann-Roch spaces associated with some rational places, which enables us to study multi-point AG codes. Along this line, we characterize explicitly the Weierstrass semigroups and pure gaps by an exhaustive computation for the basis of Riemann-Roch spaces from GGS curves. In addition, we determine the floor of a certain type of divisor and investigate the properties of AG codes. Multi-point codes with excellent parameters are found, among which, a presented code with parameters [216,190,>= 18] over GF(64) yields a new record. |
| 3:00pm - 5:00pm | MS134, part 5: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
3:00pm - 5:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields. Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Classifications of some partial MDS codes Partial MDS codes are optimal locally recoverable codes, used for distributed storage systems. We will present some classification results of these codes for certain parameter sets. One of these results gives a relation to classical MDS codes, from which we can derive results about the neccessary minimal field size for the existence of these codes. The second classification gives a relation to projective lines in general position and hence a geometric point of view for these codes. Batch properties of Affine Cartesian Codes Batch codes were introduced by Ishai et al. in 2004 and are useful for information retrieval. In this seminar we examine the properties of affine cartesian codes as batch codes. Starting from their local properties, we deduce a partition of the evaluation points into buckets that allows multiple independent users to simultaneously retrieve information. Improved quantum codes from the Hermitian curve We apply the CSS construction and Steane's enlargement to construct quantum codes from the Hermitian curve. Using improved information on the classical minimum distances of the involved nested codes and employing improved code constructions we obtain quantum codes that are much better than what could be obtained by using only one-point algebraic geometric codes in combination with the Goppa bound. We construct both asymmetric and symmetric codes. Our work includes closed formula estimates on the dimension of order bound improved Hermitian codes. This is joint work with René Bødker Christensen. Concatenated constructions of LCD and LCP of codes Linear complementary dual (LCD) codes are codes which intersect their dual trivially. These codes, and their generalizations called linear complementary pair (LCP) of codes, have drawn attention lately due to their applications in the context of side channel and fault injection attacks in cryptography. It is known that LCD codes have higher density in the family of all linear codes when the alphabet size is large. So, using such codes over large finite fields (extension field) to obtain similar codes over small finite fields (base field) is a reasonable strategy. In this respect, concatenation is a natural technique to try, although finding concatenations that preserve LCD or LCP properties of codes over an extension, when descending to the base field, is a nontrivial problem. The problem of interest in this talk is to find such suitable concatenations. Results we will present have been obtained in joint works with Carlet, Özbudak, Saçıkara and Solé. |
| Date: Friday, 12/Jul/2019 | |
| 10:00am - 12:00pm | MS185, part 2: Algebraic Geometry Codes |
| Unitobler, F-122 | |
|
|
10:00am - 12:00pm
Algebraic Geometry Codes The problem of finding good codes is central to the theory of error correcting codes. For many years coding theorists have addressed this problem by adding algebraic and combinatorial structure to C. In the early 80s Goppa used algebraic curves to construct linear error correcting codes, the socalled algebraic geometric codes (AG codes). The construction of an AG code with alphabet a finite field Fq requires that the underlying curve is Fq-rational and involves two Fq-rational divisors D and G on the curve. In this minisymposium we will present results on Algebraic Geometry codes and their performances. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Algebraic Geometric Codes on Hirzebruch surfaces This talk presents results about Goppa codes over minimal Hirzebruch surfaces. Hirzebruch surfaces being toric surfaces, they are endowed with a polynomial coordinate ring, named the Cox ring. They also have a pleasant description as quotient spaces. These features enable us to define Goppa codes via the evaluation of polynomials similarly to projective Reed-Muller codes. Beside an easy implementation, considering polynomials makes us benefit from algebraic tools, such as Gröbner basis, to handle the parameters of these codes. Explicit formula for the dimension and the minimum distance of a Goppa code associated to a divisor D are computed as functions of the Picard class of D. The parameters are given for any size of the alphabet, even when the evaluation map is not injective. The minimum distance thus provides an upper bound of the number of rational points of a non-filling curve on a Hirzebruch surface. Moreover, the geometry of Hirzebruch surfaces, notably their ruling, leads to nice local decoding properties for these codes. Codes and gap sequences of Hermitian curves Hermitian functional and differential codes are AG-codes defined on a Hermitian curve. To ensure good performance, the divisors defining such AG-codes have to be carefully chosen, exploiting the rich combinatorial and algebraic properties of the Hermitian curves. In this paper, the case of differential codes CΩ(D,mT) on the Hermitian curve Hq^3 defined over Fq^6 is worked out, where supp(T):=Hq^3(Fq^2), the set of all Fq^2-rational points of Hq^3, while D is taken, as usual, to be the sum of the points in the complementary set D = Hq^3(Fq^6}) Hq(Fq^2). For certain values of m, such codes CΩ(D,mT) have better minimum distance compared with true values of 1-point Hermitian codes. The automorphism group of CL(D,mT), m≤q^3-2, is isomorphic to PGU(3,q). On the weight distribution of dual AG codes from the GK curve Let X be an algebraic curve defined over the finite field of order q. The parameters of the AG codes associated with X strictly depend on the underlying curve X. In general, curves with many rational places with respect to their genus give rise to AG codes with good parameters. For this reason maximal curves, that are curves attaining the Hasse-Weil upper bound, have been widely investigated in the literature. In this work, we focus our attention on the GK curve, which is a maximal curve constructed by Giulietti and Korchmáros which cannot be covered by the Hermitian curve whenever q is odd. In particular we investigate the minimum distance and the weight distribution of dual AG codes arising from the Giulietti-Korchmáros maximal curves. In most cases, the weight distribution of a given code is hard to be computed. Even the problem of computing codewords of minimum weight can be a difficult task, apart from specific cases. We do so using the link between the weight of the codewords of such codes and the geometry of the curve. We compute the maximal number of intersections that the GK curve can have with plane curves of low degree and we use this fact to determine the actual minimum distance and the number of minimum weight codewords of dual one-point AG codes arising from the GK curve. Subcovers and codes on a class of trace-defining curves In this talk, we will discuss explicit subcovers of a class of trace-defining curves over a finite field. It turns out that all such subcovers have a distiguished rational point P, for which the Weierstrass semigroup H(P) can often be determined. This will lead us to the construction of the corresponding one-point AG codes with very good parameters. In particular, we will present improvements on the parameters of at least 108 codes from the MinT table. |
| 3:00pm - 5:00pm | MS134, part 6: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
3:00pm - 5:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields. Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) New results on graph-based codes Codes over graphs have become widespread in industry applications due to their excellent performance with low-complexity decoders. Since long block lengths are desirable in practice, constructing codes using lifts of well-designed base graphs has become a standard technique. In this talk, we will present some recent results on how the permutations chosen affect the parameters of the resulting codes. Large constant dimension subspace codes consisting of k-dimensional subspaces, pairwise intersecting in at least (k-2)-dimensional subspaces Within the theory of subspace codes, a constant dimension code C is a set of k-dimensional subspaces in the vector space V(n,q) of dimension n over the finite field of order q. One of the goals in the theory of subspace codes is to characterize large subspace codes, satisfying specific conditions, such as intersection conditions or lower bounds on the minimum distance. There are two types of constant dimension codes consisting of k-dimensional subspaces, pairwise intersecting in (k-1)-dimensional subspaces. They are either: (1) a sunflower: a set of k-dimensional subspaces passing through a common (k-1)-dimensional subspace, or (2) a set of k-dimensional subspaces lying in a common (k+1)-dimensional subspace. The next step would be to investigate the largest sets of k-dimensional subspaces in the vector space V(n,q), pairwise intersecting in exactly In this talk, we present classification results on the largest examples of sets of k-dimensional subspaces, pairwise intersecting in exactly (k-2)-dimensional subspaces, or pairwise intersecting in at least (k-2)-dimensional subspaces. These classification results are obtained via geometrical techniques in the corresponding (n-1)-dimensional projective space PG(n-1,q) corresponding to the n-dimensional vector space V(n,q). Algebraic properties of codes with symmetries We will illustrate some new results and properties of codes with symmetries. Whenever a linear code over K has a non-trivial group of (permutation) automorphisms G, it can be viewed as a KG-module. Many well-studied families of codes are characterized by this property: cyclic, quasi-cyclic, abelian, quasi-abelian, group codes, etc. We will show how the algebraic structure of these codes allow to deduce properties on their parameters and to construct optimal codes. Moreover, we will show new asymptotic results for group codes in odd characteristic. Quantum codes coming from J-affine variety codes We will introduce J-affine variety codes and we will give conditions for their self-orthogonality with respect to Euclidean and Hermitian inner products. Parameters of stabilizer codes coming from subfield-subcodes of J-affine variety codes will be showed. Many of these codes turn to exceed the known Gilbert-Varshamov bounds and improve some quantum codes given in the literature. Finally, we will show how to use hyperbolic codes to provide stabilizer codes with designed distance. |
| Date: Saturday, 13/Jul/2019 | |
| 10:00am - 12:00pm | MS185, part 3: Algebraic Geometry Codes |
| Unitobler, F-122 | |
|
|
10:00am - 12:00pm
Algebraic Geometry Codes The problem of finding good codes is central to the theory of error correcting codes. For many years coding theorists have addressed this problem by adding algebraic and combinatorial structure to C. In the early 80s Goppa used algebraic curves to construct linear error correcting codes, the socalled algebraic geometric codes (AG codes). The construction of an AG code with alphabet a finite field Fq requires that the underlying curve is Fq-rational and involves two Fq-rational divisors D and G on the curve. In this minisymposium we will present results on Algebraic Geometry codes and their performances. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) Subcovers and codes on a class of trace-defining curves In this work, we construct some class of explicit subcovers of the curve Xn,r defined over Fq^n by affine equation yq^(n-1)+...+yq+y=xq^(n-r)+1-xq^n+q^(n-r). These subcovers are defined over Fq^n by affine equation gs(y)=xq^n+q^(n-r)-xq^(n-r)+1, where gs(y) is a q-polynomial of degree qs. The Weierstrass semigroup H(P∞), where P∞ is the only point at infinity on such subcovers, is determined for 1 ≤ s ≤ 2r-n+1 and the corresponding one-point AG codes are investigated. Codes establishing new records on the parameters with respect to the previously known ones are discovered, and 108 improvements on MinT tables are obtained. On Weierstrass semigroup at $m$ points on curves of the form $f(y)=g(x)$ In this work we determine the so-called minimal generating set of the Weierstrass semigroup of certain m points on curves X with plane model of the form f(y)=g(x) over Fq, where f(T),g(T) in Fq[T]. Our results were obtained using the concept of discrepancy, for given points P and Q on X. This concept was introduced by Duursma and Park, and allows us to make a different and more general approach than that used to certain specific curves studied earlier. Pure gaps on curves with many rational places We consider the algebraic curve defined by ym=f(x) where m≥2 and f(x) is a rational function over Fq. We extend the concept of pure gap to c-gap and obtain a criterion to decide when an s-tuple is a c-gap at s rational places on the curve. As an application, we obtain many families of pure gaps at two rational places on curves with many rational places. We present the parameters of codes constructed using our families of pure gaps. This is joint work with Bartoli, Montanucci, and Quoos. Non projective Frobenius algebras and linear codes We extend the notion of a Frobenius algebra, dropping the projectivity condition, to grant that a Frobenius algebra over a Frobenius commutative ring is itself a Frobenius ring. The modification introduced here also allows Frobenius finite rings to be precisely those rings which are Frobenius finite algebras over their characteristic subrings. From the perspective of linear codes, our work expands one’s options to construct new finite Frobenius rings from old ones. We close with a discussion of generalized versions of the McWilliam identities that may be obtained in this context. |
| 3:00pm - 5:00pm | MS134, part 7: Coding theory and cryptography |
| Unitobler, F-122 | |
|
|
3:00pm - 5:00pm
Coding theory and cryptography The focus of this proposal is on coding theory and cryptography, with emphasis on the algebraic aspects of these two research fields. Error-correcting codes are mathematical objects that allow reliable communications over noisy/lossy/adversarial channels. Constructing good codes and designing efficient decoding algorithms for them often reduces to solving algebra problems, such as counting rational points on curves, solving equations, and classifying finite rings and modules. Cryptosystems can be roughly defined as functions that are easy to evaluate, but whose inverse is difficult to compute in practice. These functions are in general constructed using algebraic objects and tools, such as polynomials, algebraic varieties, and groups. The security of the resulting cryptosystem heavily relies on the mathematical properties of these. The sessions we propose feature experts of algebraic methods in coding theory and cryptography. All levels of experience are represented, from junior to very experienced researchers. (25 minutes for each presentation, including questions, followed by a 5-minute break; in case of x<4 talks, the first x slots are used unless indicated otherwise) An Asymmetric MacWilliams Identitity for Quantum Stabilizer Codes It was discovered in 2007 that a quantum channel is asymmetric with respect to errors. Namely, the bit-flip errors are more likely than the phase-flip errors. This motivates the study of asymmetric weight enumerators. We restrict ourselves to quantum stabilizer codes over Frobenius rings, for which we use character theory to prove asymmetric versions of the MacWilliams Identity. Code-based crypto for small servers Deployment of high-confidence code-based cryptography is hampered by the large keys associated with Goppa codes.This talk shows how to make use of the structure of encryption in code-based cryptography and how to combine this with tree hashing for confirming the integrity of the public key to use code-based cryptography for tiny, stateless network servers. Reproducible Codes and Cryptographic Applications In this talk I will present a work in progress on structured linear block codes. The investigation starts from well-known examples and generalizes them to a wide class of codes that we call reproducible codes. These codes have the property that they can be entirely generated from a small number of signature vectors, and consequently admit matrices that can be described in a very compact way. I will show some cryptographic applications of this class of codes and explain why the general framework introduced may pave the way for future developments of code-based cryptography. Hyperelliptic point-counting in genus 3 and higher, the RM case The problem of counting points on hyperelliptic curves defined over finite fields has been studied for decades by number theorists and cryptographers. This work studies the case of large characteristic, using methods inspired by Schoof and Pila's algorithms. The cornerstone of this approach is to carefully model the torsion by polynomial systems and solve them using appropriate methods (resultants, geometric resolution, Groebner bases). In practice, the exponential dependency in the genus makes it hard to use these point-counting algorithms in genus larger than 2. Restricting to curves with explicit real multiplication, however, we can drastically reduce the size of our polynomial systems, even in arbitrary genus. In genus 3, the subsequent complexity gain allowed us to achieve a record computation over a 64-bit prime field. Part of this is joint work with P. Gaudry and P.-J. Spaenlehauer. |
