gábor p. nagymath.bme.hu/~gnagy/mmsz/eloadasok/nagygaborpeter2019.pdf · 2019-10-30 · department...
TRANSCRIPT
![Page 1: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/1.jpg)
Algebraic curves, error correcting codes andpost-quantum cryptography
Gábor P. Nagy
Department of Algebra, Budapest University of Technology and Economics (Hungary)
Mathematical Modelling SeminarOct 29, 2019
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 1 / 29
![Page 2: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/2.jpg)
Outline
1 Communication on noisy channels
2 Error correction codes
3 Algebraic-geometric codes
4 Post-quantum cryptography
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 2 / 29
![Page 3: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/3.jpg)
Outline
1 Communication on noisy channels
2 Error correction codes
3 Algebraic-geometric codes
4 Post-quantum cryptography
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 3 / 29
![Page 4: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/4.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 5: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/5.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 6: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/6.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 7: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/7.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 8: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/8.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 9: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/9.jpg)
The scheme of communication
ALICECOMMUNICATION
CHANNELBOB
messagesent
[ABC]
messagereceived[ABC]
©
The message can be: text, picture, sound, measurement data, etc.
The communication channel can be: one way, two way, datatransmission, data storage, etc.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 4 / 29
![Page 10: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/10.jpg)
Digitization, digital reformatting
INFORMATIONtext, picture, voice, . . .
0-1 SEQUENCESbits, bytes, . . .
DIGITALIZATION
John von Neumann(1903-1957)Hungarianmathematician
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 5 / 29
![Page 11: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/11.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATION
BINARYCHANNEL
D-to-A-CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 12: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/12.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNEL
D-to-A-CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 13: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/13.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNEL
D-to-A-CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 14: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/14.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNEL
D-to-A-CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 15: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/15.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNELD-to-A-
CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 16: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/16.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNELD-to-A-
CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©
We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 17: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/17.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNELD-to-A-
CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 18: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/18.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNELD-to-A-
CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 19: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/19.jpg)
Digitization, digital reformatting (cont.)
ALICE
DIGITIZATIONBINARY
CHANNELD-to-A-
CONVERTING
BOB
plainmessage
sentB
digitalmessage
sent[1101]
digitalmessagereceived[1101]
plainmessagereceivedB
©We are not interested in different digitization techniques.
We will assume that our messages are 0/1 sequences of fixed length.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 6 / 29
![Page 20: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/20.jpg)
Communication on noisy channel
Claude Shannon(1916-2001)US mathematician
ALICENOISY
CHANNELE E E
BOB
messagesent
[ABC]
messagereceived[AXC]
§
Simple noise modell: Binary Symmetric Channel with fixed bit errorratio.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 7 / 29
![Page 21: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/21.jpg)
Communication on noisy channel
Claude Shannon(1916-2001)US mathematician
ALICENOISY
CHANNELE E E
BOB
messagesent
[ABC]
messagereceived[AXC]
§
Simple noise modell: Binary Symmetric Channel with fixed bit errorratio.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 7 / 29
![Page 22: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/22.jpg)
Communication on noisy channel
Claude Shannon(1916-2001)US mathematician
ALICENOISY
CHANNELE E E
BOB
messagesent
[ABC]
messagereceived[AXC]
§
Simple noise modell: Binary Symmetric Channel with fixed bit errorratio.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 7 / 29
![Page 23: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/23.jpg)
Communication on noisy channel
Claude Shannon(1916-2001)US mathematician
ALICENOISY
CHANNELE E E
BOB
messagesent
[ABC]
messagereceived[AXC]
§
Simple noise modell: Binary Symmetric Channel with fixed bit errorratio.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 7 / 29
![Page 24: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/24.jpg)
Communication on noisy channel
Claude Shannon(1916-2001)US mathematician
ALICENOISY
CHANNELE E E
BOB
messagesent
[ABC]
messagereceived[AXC]
§
Simple noise modell: Binary Symmetric Channel with fixed bit errorratio.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 7 / 29
![Page 25: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/25.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©
Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 26: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/26.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©
Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 27: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/27.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©
Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 28: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/28.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©
Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 29: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/29.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 30: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/30.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 31: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/31.jpg)
Error correction on noisy communication channel
ALICE
ENCODING
NOISYCHANNELE E E
DECODING
BOB
messagesent
[ABC]
encodedmessage
sent[ABC|DE]
encodedmessagereceived
[AXC|DE]
messagereceived
[ABC]
©Example: 3-fold repetition code: 0 7→ 0|00, 1 7→ 1|11.Majority/Nearest neighbor/Maximum likelihood Encoding:0|00, 1|00, 0|10, 0|01 7→ 0|00 7→ 01|10, 1|01, 0|11, 1|11 7→ 1|11 7→ 1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 8 / 29
![Page 32: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/32.jpg)
Example: QR codes
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 9 / 29
![Page 33: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/33.jpg)
Example: QR codes
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 9 / 29
![Page 34: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/34.jpg)
Gino Fano(1871-1952)
Italian mathematician
Richard Hamming(1915-1998)
US mathematician
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 10 / 29
![Page 35: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/35.jpg)
The Fano plane: 7 points, 7 „lines”
7
2
1
6
54
3
{1, 2, 3}
{3, 4, 5}
{1, 5, 6}
{1, 4, 7}
{2, 5, 7}
{3, 6, 7}
{2, 4, 6}
[ 1 1 1 0 0 0 0 ]
[ 0 0 1 1 1 0 0 ]
[ 1 0 0 0 1 1 0 ]
[ 1 0 0 1 0 0 1 ]
[ 0 1 0 0 1 0 1 ]
[ 0 0 1 0 0 1 1 ]
[ 0 1 0 1 0 1 0 ]
matrix M
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 11 / 29
![Page 36: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/36.jpg)
The Fano plane: 7 points, 7 „lines”
7
2
1
6
54
3
{1, 2, 3}
{3, 4, 5}
{1, 5, 6}
{1, 4, 7}
{2, 5, 7}
{3, 6, 7}
{2, 4, 6}
[ 1 1 1 0 0 0 0 ]
[ 0 0 1 1 1 0 0 ]
[ 1 0 0 0 1 1 0 ]
[ 1 0 0 1 0 0 1 ]
[ 0 1 0 0 1 0 1 ]
[ 0 0 1 0 0 1 1 ]
[ 0 1 0 1 0 1 0 ]
matrix M
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 11 / 29
![Page 37: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/37.jpg)
The Fano plane: 7 points, 7 „lines”
7
2
1
6
54
3
{1, 2, 3}
{3, 4, 5}
{1, 5, 6}
{1, 4, 7}
{2, 5, 7}
{3, 6, 7}
{2, 4, 6}
[ 1 1 1 0 0 0 0 ]
[ 0 0 1 1 1 0 0 ]
[ 1 0 0 0 1 1 0 ]
[ 1 0 0 1 0 0 1 ]
[ 0 1 0 0 1 0 1 ]
[ 0 0 1 0 0 1 1 ]
[ 0 1 0 1 0 1 0 ]
matrix M
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 11 / 29
![Page 38: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/38.jpg)
The Fano plane: 7 points, 7 „lines”
7
2
1
6
54
3
{1, 2, 3}
{3, 4, 5}
{1, 5, 6}
{1, 4, 7}
{2, 5, 7}
{3, 6, 7}
{2, 4, 6}
[ 1 1 1 0 0 0 0 ]
[ 0 0 1 1 1 0 0 ]
[ 1 0 0 0 1 1 0 ]
[ 1 0 0 1 0 0 1 ]
[ 0 1 0 0 1 0 1 ]
[ 0 0 1 0 0 1 1 ]
[ 0 1 0 1 0 1 0 ]
matrix M
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 11 / 29
![Page 39: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/39.jpg)
The codewords of the Hamming code
0 0 0 0 0 0 01 1 1 0 0 0 00 0 1 1 1 0 01 0 0 0 1 1 01 0 0 1 0 0 10 1 0 0 1 0 10 0 1 0 0 1 10 1 0 1 0 1 00 0 0 1 1 1 11 1 0 0 0 1 10 1 1 1 0 0 10 1 1 0 1 1 01 0 1 1 0 1 01 1 0 1 1 0 01 0 1 0 1 0 11 1 1 1 1 1 1
1 + 7 + 7 + 1 = 16 bit sequences oflength 7.
YELLOW: All 0’s and all 1’s.
RED: The matrix M of the Fano plane
BLUE: The complementer matrix ofM.
ClaimAny two codewords of the Hamming codediffer in at least 3 positions.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 12 / 29
![Page 40: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/40.jpg)
The Hamming code: computer memory error correction
0 0 0 0 0 0 0 014 1 1 1 0 0 0 0
3 0 0 1 1 1 0 08 1 0 0 0 1 1 09 1 0 0 1 0 0 14 0 1 0 0 1 0 12 0 0 1 0 0 1 15 0 1 0 1 0 1 01 0 0 0 1 1 1 1
12 1 1 0 0 0 1 17 0 1 1 1 0 0 16 0 1 1 0 1 1 0
11 1 0 1 1 0 1 013 1 1 0 1 1 0 010 1 0 1 0 1 0 115 1 1 1 1 1 1 1
Claim 1The first four bits of the codewordscontain all 0/1 vectors of length 4precisely once.
GREEN: Information bits
SÁRGA: Parity check bits
Claim 2The Hamming code can detect 2errors and correct 1 error.
Claim 3The Hamming code is linear over F2
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 13 / 29
![Page 41: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/41.jpg)
Outline
1 Communication on noisy channels
2 Error correction codes
3 Algebraic-geometric codes
4 Post-quantum cryptography
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 14 / 29
![Page 42: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/42.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 43: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/43.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 44: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/44.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 45: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/45.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 46: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/46.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 47: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/47.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 48: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/48.jpg)
Basic concepts
Definition: Error correction codes over a finite alphabetLet Q be a finite set and n a positive integer. Any subset C of theCartesian product Qn is called a code of length n over the alphabet Q .
The elements of C are called codewords.
The encoding map is a 1 − 1 correspondence between the set ofmessagesM and C.
The channel noise is a random map from C to Qn, uniform on eachcomponent.
The decoding map is a 2-step procedure.
Step 1 (hard): a function from Qn to C ∪ {?}.
Step 2 (easy): the inverse of the encoding function, mapping C ∪ {?}toM∪ {?}.
Output „?” means uncorrectable transmission error (erasure).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 15 / 29
![Page 49: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/49.jpg)
Hamming distance and nearest neighbor decoding
DefinitionFor two tuples x = (x1, . . . , xn) and y = (y1, . . . , yn) the Hammingdistance
dH(x, y) = |{i | xi , yi}|
is the number of position where x, y differ.
The minimum distance of the code C ⊆ Qn is
d(C) = min{dH(x, y) | x, y ∈ C , x , y}.
The map D : Qn → C ∪ {?} is a nearest neighbor decoding, if D(x) isone of the nearest codewords to x w.r.t. the Hamming distance.
TheoremThe Hamming distance defines a metric in the geometric sense. Any codecan detect d(C) − 1 and correct bd(C)−1
2 c errors per codewords.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 16 / 29
![Page 50: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/50.jpg)
Codes with good parameters
Definition: Information rate, error correction rateThe number of information symbols per codeword is approx. log |C |.
The information rate of C is R = log |C |n .
The error correction rate of C is δ =d(C)
n .
Remarks.Mathematicians look for codes with high information and errorcorrecting rates.The Singleton bound restricts R + δ ≤ 1 + 1
n .Engineers compare codes using their BER curves.In fact, the package error ratio p∗ of the code is a function of bit errorratio p of the channel.For the Hamming code of length 7, we have
p∗ = 1 − (1 − p)7 − 7p(1 − p)6 ≈ 21p2 + o(3).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 17 / 29
![Page 51: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/51.jpg)
Codes with good parameters
Definition: Information rate, error correction rateThe number of information symbols per codeword is approx. log |C |.
The information rate of C is R = log |C |n .
The error correction rate of C is δ =d(C)
n .
Remarks.Mathematicians look for codes with high information and errorcorrecting rates.The Singleton bound restricts R + δ ≤ 1 + 1
n .Engineers compare codes using their BER curves.In fact, the package error ratio p∗ of the code is a function of bit errorratio p of the channel.For the Hamming code of length 7, we have
p∗ = 1 − (1 − p)7 − 7p(1 − p)6 ≈ 21p2 + o(3).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 17 / 29
![Page 52: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/52.jpg)
Codes with good parameters
Definition: Information rate, error correction rateThe number of information symbols per codeword is approx. log |C |.
The information rate of C is R = log |C |n .
The error correction rate of C is δ =d(C)
n .
Remarks.Mathematicians look for codes with high information and errorcorrecting rates.The Singleton bound restricts R + δ ≤ 1 + 1
n .Engineers compare codes using their BER curves.In fact, the package error ratio p∗ of the code is a function of bit errorratio p of the channel.For the Hamming code of length 7, we have
p∗ = 1 − (1 − p)7 − 7p(1 − p)6 ≈ 21p2 + o(3).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 17 / 29
![Page 53: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/53.jpg)
Codes with good parameters
Definition: Information rate, error correction rateThe number of information symbols per codeword is approx. log |C |.
The information rate of C is R = log |C |n .
The error correction rate of C is δ =d(C)
n .
Remarks.Mathematicians look for codes with high information and errorcorrecting rates.The Singleton bound restricts R + δ ≤ 1 + 1
n .Engineers compare codes using their BER curves.In fact, the package error ratio p∗ of the code is a function of bit errorratio p of the channel.For the Hamming code of length 7, we have
p∗ = 1 − (1 − p)7 − 7p(1 − p)6 ≈ 21p2 + o(3).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 17 / 29
![Page 54: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/54.jpg)
Codes with good parameters
Definition: Information rate, error correction rateThe number of information symbols per codeword is approx. log |C |.
The information rate of C is R = log |C |n .
The error correction rate of C is δ =d(C)
n .
Remarks.Mathematicians look for codes with high information and errorcorrecting rates.The Singleton bound restricts R + δ ≤ 1 + 1
n .Engineers compare codes using their BER curves.In fact, the package error ratio p∗ of the code is a function of bit errorratio p of the channel.For the Hamming code of length 7, we have
p∗ = 1 − (1 − p)7 − 7p(1 − p)6 ≈ 21p2 + o(3).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 17 / 29
![Page 55: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/55.jpg)
Good news on binary linear codes
Nothing is easier than to produce good binary linear codes:
Theorem (Shannon’s Noisy-ChannelCoding Theorem 1948)Define the binary entropy function
H(p) = −p log2 p − (1 − p) log2(1 − p).
Fix constants 0 < p < 1/2,0 < R < 1 − H(p) and ε > 0. Then:
for n sufficiently big,
the „random” binary linear code
of length n and rate R satisfies
p∗ ≤ ε.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 18 / 29
![Page 56: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/56.jpg)
Bad news on binary linear codes
It is almost hopeless to make use of random binary linear codes:
Theorem (Berlekamp, McEliece, van Tilborg, 1978)The following problem is NP-complete: Given a k × n binary matrix A, abinary vector y and an integer w > 0. Let C be the subspace spanned bythe rows of A. Is there an element c ∈ C such that dH(c, y) ≤ w?
Robert McEliece(1942-2019)
Elwyn Berlekamp(1940-2019)
Henk van Tilborg(1947-)
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 19 / 29
![Page 57: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/57.jpg)
Aspects of decoding of linear codes
Let C ≤ Fn2 be a binary linear code of length n and dimension k .
Let x ∈ C be the sent codeword and y = x + e the received wordwith error e.
With hard-decision decoding we have y, e ∈ Fn2.
Efficient decoding algorithms when C has some algebraic and/orcombinatorial structure: Golay code, Reed-Solomon code, LDPCcodes.
With soft-decision decoding we have y ∈ [0, 1]n.
Easiest example for the repetition code:
decode to
1 if∑
yi ≥ 0.5
0 if∑
yi < 0.5
Further examples: Viterbi, turbo code.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 20 / 29
![Page 58: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/58.jpg)
Outline
1 Communication on noisy channels
2 Error correction codes
3 Algebraic-geometric codes
4 Post-quantum cryptography
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 21 / 29
![Page 59: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/59.jpg)
Linear codes over finite fields
Definition: Finite field Fq of order q
Let p be a prime, n a positive integer and q = pn a prime power.
There is a (unique) algebraic structure Fq of order q, endowed withfour operations
x + y, x − y, x · y, x/y.
The operation satisfy the usual arithmetic axioms.
Definition: Linear codeLet C be a linear subspace of Fn
q. Then C is a linear code of length n overthe alphabet Fq.
If k = dim C then |C | = qk and R = k/n.C is may be given by generators (generator matrix) or by a system oflinear equations (parity check matrix).Encoding function is matrix calculus: fast and easy Fk
q → Fnq.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 22 / 29
![Page 60: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/60.jpg)
Generalized Reed-Solomon codes
Let q be a prime power, n, k nonnegative integers such that1 ≤ k ≤ n ≤ q.
Let α = {α1, ..., αn} be n distinct elements of Fq, v = (v1, ..., vn) anonzero vector of Fn
q with vi , 0 for all i.
DefinitionThe Generalized Reed-Solomon code, denoted by GRSk (α, v) consists ofall vectors
(v1f (α1) , v2f (α2) , ..., vnf (αn)) ,where f(z) is a polynomial over Fq of degree less than k .
A rich class of codes with an efficient decoding up to (n − k)/2errors.
Used in QR codes with q = 256.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 23 / 29
![Page 61: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/61.jpg)
Algebraic-geometric codes and curves over finite fields
An algebraic plane curve Γ is given by a polynomial F(X ,Y) = 0 overthe finite field Fq.Hard: points, divisors G, functions, evaluation, Riemann-Roch spaceL (G).Advantage to RS: More than q points, longer codes.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 24 / 29
![Page 62: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/62.jpg)
Outline
1 Communication on noisy channels
2 Error correction codes
3 Algebraic-geometric codes
4 Post-quantum cryptography
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 25 / 29
![Page 63: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/63.jpg)
Motivation
In this section, we present a public key cryptosystem that wasproposed by McEliece in 1978.
Its security is based on the hardness of binary decoding.
In the last decades, this system was not used because (1) the keysare large, (2) the encrypted messages are long, and (3) there are notmany safe binary codes beside binary BCH and Goppa codes.
However, this system is one of the few which resists the quantumattack by Peter Shor (1994).
The recent progress in the construction of quantum computersindicates that in 30 years, the recently used cryptosystems (RSA,ECC, etc.) will have to be replaced.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 26 / 29
![Page 64: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/64.jpg)
Motivation
In this section, we present a public key cryptosystem that wasproposed by McEliece in 1978.
Its security is based on the hardness of binary decoding.
In the last decades, this system was not used because (1) the keysare large, (2) the encrypted messages are long, and (3) there are notmany safe binary codes beside binary BCH and Goppa codes.
However, this system is one of the few which resists the quantumattack by Peter Shor (1994).
The recent progress in the construction of quantum computersindicates that in 30 years, the recently used cryptosystems (RSA,ECC, etc.) will have to be replaced.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 26 / 29
![Page 65: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/65.jpg)
Motivation
In this section, we present a public key cryptosystem that wasproposed by McEliece in 1978.
Its security is based on the hardness of binary decoding.
In the last decades, this system was not used because (1) the keysare large, (2) the encrypted messages are long, and (3) there are notmany safe binary codes beside binary BCH and Goppa codes.
However, this system is one of the few which resists the quantumattack by Peter Shor (1994).
The recent progress in the construction of quantum computersindicates that in 30 years, the recently used cryptosystems (RSA,ECC, etc.) will have to be replaced.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 26 / 29
![Page 66: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/66.jpg)
Motivation
In this section, we present a public key cryptosystem that wasproposed by McEliece in 1978.
Its security is based on the hardness of binary decoding.
In the last decades, this system was not used because (1) the keysare large, (2) the encrypted messages are long, and (3) there are notmany safe binary codes beside binary BCH and Goppa codes.
However, this system is one of the few which resists the quantumattack by Peter Shor (1994).
The recent progress in the construction of quantum computersindicates that in 30 years, the recently used cryptosystems (RSA,ECC, etc.) will have to be replaced.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 26 / 29
![Page 67: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/67.jpg)
Motivation
In this section, we present a public key cryptosystem that wasproposed by McEliece in 1978.
Its security is based on the hardness of binary decoding.
In the last decades, this system was not used because (1) the keysare large, (2) the encrypted messages are long, and (3) there are notmany safe binary codes beside binary BCH and Goppa codes.
However, this system is one of the few which resists the quantumattack by Peter Shor (1994).
The recent progress in the construction of quantum computersindicates that in 30 years, the recently used cryptosystems (RSA,ECC, etc.) will have to be replaced.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 26 / 29
![Page 68: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/68.jpg)
Public key (asymmetric) cryptography
In a public key (or asymmetric) cryptosystem, each user X hastwo keys,a private key KD(X) and a public key KE(X).If Bob wants to send a message m to Alice, he encrypts it to m′ usingAlice’s public key KE(Alice).For the decryption, Alice uses her private key KD(Alice).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 27 / 29
![Page 69: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/69.jpg)
Public key (asymmetric) cryptography
In a public key (or asymmetric) cryptosystem, each user X hastwo keys,a private key KD(X) and a public key KE(X).If Bob wants to send a message m to Alice, he encrypts it to m′ usingAlice’s public key KE(Alice).For the decryption, Alice uses her private key KD(Alice).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 27 / 29
![Page 70: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/70.jpg)
Public key (asymmetric) cryptography
In a public key (or asymmetric) cryptosystem, each user X hastwo keys,a private key KD(X) and a public key KE(X).If Bob wants to send a message m to Alice, he encrypts it to m′ usingAlice’s public key KE(Alice).For the decryption, Alice uses her private key KD(Alice).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 27 / 29
![Page 71: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/71.jpg)
Public key (asymmetric) cryptography
In a public key (or asymmetric) cryptosystem, each user X hastwo keys,a private key KD(X) and a public key KE(X).If Bob wants to send a message m to Alice, he encrypts it to m′ usingAlice’s public key KE(Alice).For the decryption, Alice uses her private key KD(Alice).
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 27 / 29
![Page 72: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/72.jpg)
McEliece Cryptosystem
The McEliece Cryptosystem is based on a binary linear code C oflength n and dimension k , which has a fast algorithm correcting upto t errors per code word. Let G denote the n × k generator matrix ofC.Creation of Alice’s keys She picks a random k × k invertible matrixS and a random n × n permutation matrix P. Her private key is thepair (S,P) and her public key is the n × k matrix G′ = SGP.Encryption Assume that Bob’s message is m ∈ Fk
2 . Bob picks arandom binary vector e ∈ Fn
2 of weight t and computes the encryptedmessage m′ = mG′ + e.Decryption First Alice computes
m′P−1 = (mG′ + e)P−1 = mSG + e′,
where mSG ∈ C and e′ = eP−1 is an error vector of weight t .Now, using the fast decoding method, Alice determines mS and e′.Finally, Alice computes the message m = (mS)S−1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 28 / 29
![Page 73: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/73.jpg)
McEliece Cryptosystem
The McEliece Cryptosystem is based on a binary linear code C oflength n and dimension k , which has a fast algorithm correcting upto t errors per code word. Let G denote the n × k generator matrix ofC.Creation of Alice’s keys She picks a random k × k invertible matrixS and a random n × n permutation matrix P. Her private key is thepair (S,P) and her public key is the n × k matrix G′ = SGP.Encryption Assume that Bob’s message is m ∈ Fk
2 . Bob picks arandom binary vector e ∈ Fn
2 of weight t and computes the encryptedmessage m′ = mG′ + e.Decryption First Alice computes
m′P−1 = (mG′ + e)P−1 = mSG + e′,
where mSG ∈ C and e′ = eP−1 is an error vector of weight t .Now, using the fast decoding method, Alice determines mS and e′.Finally, Alice computes the message m = (mS)S−1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 28 / 29
![Page 74: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/74.jpg)
McEliece Cryptosystem
The McEliece Cryptosystem is based on a binary linear code C oflength n and dimension k , which has a fast algorithm correcting upto t errors per code word. Let G denote the n × k generator matrix ofC.Creation of Alice’s keys She picks a random k × k invertible matrixS and a random n × n permutation matrix P. Her private key is thepair (S,P) and her public key is the n × k matrix G′ = SGP.Encryption Assume that Bob’s message is m ∈ Fk
2 . Bob picks arandom binary vector e ∈ Fn
2 of weight t and computes the encryptedmessage m′ = mG′ + e.Decryption First Alice computes
m′P−1 = (mG′ + e)P−1 = mSG + e′,
where mSG ∈ C and e′ = eP−1 is an error vector of weight t .Now, using the fast decoding method, Alice determines mS and e′.Finally, Alice computes the message m = (mS)S−1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 28 / 29
![Page 75: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/75.jpg)
McEliece Cryptosystem
The McEliece Cryptosystem is based on a binary linear code C oflength n and dimension k , which has a fast algorithm correcting upto t errors per code word. Let G denote the n × k generator matrix ofC.Creation of Alice’s keys She picks a random k × k invertible matrixS and a random n × n permutation matrix P. Her private key is thepair (S,P) and her public key is the n × k matrix G′ = SGP.Encryption Assume that Bob’s message is m ∈ Fk
2 . Bob picks arandom binary vector e ∈ Fn
2 of weight t and computes the encryptedmessage m′ = mG′ + e.Decryption First Alice computes
m′P−1 = (mG′ + e)P−1 = mSG + e′,
where mSG ∈ C and e′ = eP−1 is an error vector of weight t .Now, using the fast decoding method, Alice determines mS and e′.Finally, Alice computes the message m = (mS)S−1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 28 / 29
![Page 76: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/76.jpg)
McEliece Cryptosystem
The McEliece Cryptosystem is based on a binary linear code C oflength n and dimension k , which has a fast algorithm correcting upto t errors per code word. Let G denote the n × k generator matrix ofC.Creation of Alice’s keys She picks a random k × k invertible matrixS and a random n × n permutation matrix P. Her private key is thepair (S,P) and her public key is the n × k matrix G′ = SGP.Encryption Assume that Bob’s message is m ∈ Fk
2 . Bob picks arandom binary vector e ∈ Fn
2 of weight t and computes the encryptedmessage m′ = mG′ + e.Decryption First Alice computes
m′P−1 = (mG′ + e)P−1 = mSG + e′,
where mSG ∈ C and e′ = eP−1 is an error vector of weight t .Now, using the fast decoding method, Alice determines mS and e′.Finally, Alice computes the message m = (mS)S−1.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 28 / 29
![Page 77: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/77.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 78: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/78.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 79: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/79.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 80: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/80.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 81: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/81.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 82: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/82.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 83: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/83.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 84: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/84.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29
![Page 85: Gábor P. Nagymath.bme.hu/~gnagy/mmsz/eloadasok/NagyGaborPeter2019.pdf · 2019-10-30 · Department of Algebra, Budapest University of Technology and Economics (Hungary) Mathematical](https://reader035.vdocuments.us/reader035/viewer/2022070713/5ed27328af24ad20407483e0/html5/thumbnails/85.jpg)
Challenges
Find codes with good parameters.
Find codes with effective decoding algorithms.
Give bounds for the parameters of certain codes.
Find the true values of the parameters of certain codes.
Improve the decoding algorithms.
Make probabilistic decoding algorithms into deterministic ones.
Understand the structure of subfield subcodes of AG codes.
Investigate codes w.r.t. to non Hamming distances.
Sloane’s problem (1978): Find a self-dual binary linear code of length72, dimension 36 and minimum distance 16.
GP Nagy (BME) Codes, curves and post-quantum cryptography MMS 2019 29 / 29