American Institute of Mathematical Sciences

Let \begin{document}$ \mathbb{F}_{q^t} $\end{document} be a finite field of cardinality \begin{document}$ q^t $\end{document}, where \begin{document}$ q $\end{document} is a power of a prime number \begin{document}$ p $\end{document} and \begin{document}$ t\geq 1 $\end{document} is a positive integer. Firstly, a family of cyclic \begin{document}$ \mathbb{F}_q $\end{document}-linear \begin{document}$ \mathbb{F}_{q^t} $\end{document}-codes of length \begin{document}$ n $\end{document} is given, where \begin{document}$ n $\end{document} is a positive integer coprime to \begin{document}$ q $\end{document}. Then according to the structure of this kind of codes, we construct \begin{document}$ 60 $\end{document} optimal cyclic \begin{document}$ \mathbb{F}_q $\end{document}-linear \begin{document}$ \mathbb{F}_{q^2} $\end{document}-codes which have the same parameters as the MDS codes over \begin{document}$ \mathbb{F}_{q^2} $\end{document}.

Number theoretic public-key solutions, currently used in many applications worldwide, will be subject to various quantum attacks, making them less attractive for longer-term use. Certain group theoretic constructs are now showing promise in providing quantum-resistant cryptographic primitives, and may provide suitable alternatives for those looking to address known quantum attacks. In this paper, we introduce a new protocol called a Meta Key Agreement and Authentication Protocol (MKAAP) that has some characteristics of a public-key solution and some of a shared-key solution. Specifically, it has the deployment benefits of a public-key system, allowing two entities that have never met before to authenticate without requiring real-time access to a third-party, but does require secure provisioning of key material from a trusted key distribution system (similar to a symmetric system) prior to deployment. We then describe a specific MKAAP instance, the Ironwood MKAAP, discuss its security, and show how it resists certain quantum attacks such as Shor's algorithm or Grover's quantum search algorithm. We also show Ironwood implemented on several "internet of things" (IoT devices), measure its performance, and show how it performs significantly better than ECC using fewer device resources.

The minimum distance of all binary linear codes with dimension at most eight is known. The smallest open case for dimension nine is length \begin{document}$ n = 46 $\end{document} with known bounds \begin{document}$ 19\le d\le 20 $\end{document}. Here we present a \begin{document}$ [46,9,20]_2 $\end{document} code and show its uniqueness. Interestingly enough, this unique optimal code is asymmetric, i.e., it has a trivial automorphism group. Additionally, we show the non-existence of \begin{document}$ [47,10,20]_2 $\end{document} and \begin{document}$ [85,9,40]_2 $\end{document} codes.

In this paper we construct \begin{document}$ 2 $\end{document}-PD-sets of \begin{document}$ 16 $\end{document} elements for codes from the Desarguesian projective planes \begin{document}$ \mathrm{PG}(2,q) $\end{document}, where \begin{document}$ q = 2^h $\end{document} and \begin{document}$ 5\leq h \leq 9 $\end{document}. We also construct \begin{document}$ 3 $\end{document}-PD-sets of \begin{document}$ 75 $\end{document} elements for the code from the Desarguesian projective plane \begin{document}$ \mathrm{PG}(2,q) $\end{document}, where \begin{document}$ q = 2^9 $\end{document}. These \begin{document}$ 2 $\end{document}-PD-sets and \begin{document}$ 3 $\end{document}-PD-sets can be used for partial permutation decoding of codes obtained from the Desarguesian projective planes.

In this paper, we study the condition of finding small solutions \begin{document}$ (x,y,z) = (x_0, y_0, z_0) $\end{document} of the equation \begin{document}$ Bx-Ay = z $\end{document}. The framework is derived from Wiener's small private exponent attack on RSA and May-Ritzenhofen's investigation about the implicit factorization problem, both of which can be generalized to solve the above equation. We show that these two methods, together with Coppersmith's method, are equivalent for solving \begin{document}$ Bx-Ay = z $\end{document} in the general case. Then based on Coppersmith's method, we present two improvements for solving \begin{document}$ Bx-Ay = z $\end{document} in some special cases. The first improvement pays attention to the case where either \begin{document}$ \gcd(x_0,z_0,A) $\end{document} or \begin{document}$ \gcd(y_0,z_0,B) $\end{document} is large enough. As the applications of this improvement, we propose some new cryptanalysis of RSA, such as new results about the generalized implicit factorization problem, attacks with known bits of the prime factor, and so on.

In this work, we describe a construction for self-dual codes in which we employ group rings and reverse circulant matrices. By applying the construction directly over different alphabets, and by employing the well known extension and neighbor methods we were able to obtain extremal binary self-dual codes of different lengths of which some have parameters that were not known in the literature before. In particular, we constructed three new codes of length 64, twenty-two new codes of length 68, twelve new codes of length 80 and four new codes of length 92.

Codes that simultaneously provide for low power dissipation, cross-talk avoidance, and error correction in the ultra deep submicron/nanometer VLSI fabrication, were recently introduced by Chee et al. in 2015. Such codes were revealed to be closely related to balanced sampling plans avoiding adjacent units, which are widely used in the statistical design of experiments. In this paper, we construct a new family of optimal codes with such properties, by determining the maximum size of packing sampling plans avoiding certain units.

We examine the binary codes from adjacency matrices of the graph with vertices the nodes of the \begin{document}$ m $\end{document}-ary \begin{document}$ n $\end{document}-cube \begin{document}$ Q^m_n $\end{document} and with adjacency defined by the Lee metric. For \begin{document}$ n = 2 $\end{document} and \begin{document}$ m $\end{document} odd, we obtain the parameters of the code and its dual, and show the codes to be \begin{document}$ LCD $\end{document}. We also find \begin{document}$ s $\end{document}-PD-sets of size \begin{document}$ s+1 $\end{document} for \begin{document}$ s < \frac{m-1}{2} $\end{document} for the dual codes, i.e. \begin{document}$ [m^2,2m-1,m]_2 $\end{document} codes, when \begin{document}$ n = 2 $\end{document} and \begin{document}$ m\ge 5 $\end{document} is odd.

Functions with good differential-uniformity properties have important applications in coding theory and sequence design in addition to the applications in cryptography. The differential spectrum of a cryptographic function is useful for estimating its resistance to some variants of differential cryptanalysis. The objective of this paper is to determine the differential spectrum of the power function \begin{document}$ x^{p^{2k}-p^k+1} $\end{document} over \begin{document}$ \mathbb F_{p^n} $\end{document}, where \begin{document}$ p $\end{document} is an odd prime, \begin{document}$ n, k, e $\end{document} are integers with \begin{document}$ \gcd(n,k) = e $\end{document} and \begin{document}$ \frac{n}{e} $\end{document} being odd. In particular, when \begin{document}$ n $\end{document} is odd and \begin{document}$ e = 1 $\end{document}, our result includes a recent one (IEEE Trans. Inform. Theory 65(10): 6819-6826) as a special case.

Espresso is a stream cipher proposed for the 5G wireless communication system. Since the design of this cipher is based on the Galois configuration of NLFSR, the cipher has a short propagation delay, and it is the fastest among the ciphers below 1500 GE, including Grain-128 and Trivium. The time-memory-data tradeoff (TMDTO) attack on this cipher and finding the conditional BSW sampling resistance are difficult due to its Galois configuration. This paper demonstrates the calculation of conditional BSW-sampling resistance of Espresso stream cipher, which is based on Galois configuration, and also mounts the TMDTO attack on the cipher by employing the calculated sampling resistance. It is also shown that the attack complexities of TMDTO attack are lower than those claimed by the designers of the ciphers.