Efficient error-correcting codes for the HQC post-quantum cryptosystem

The HQC post-quantum cryptosystem enables two parties to share noisy versions of a common secret binary string, and an error-correcting code is required to deal with the mismatch between both versions. This code is required to deal with binary symmetric channels with as large a transition parameter...

Full description

Saved in:
Bibliographic Details
Published inDesigns, codes, and cryptography Vol. 92; no. 12; pp. 4511 - 4530
Main Authors Aguilar-Melchor, Carlos, Aragon, Nicolas, Deneuville, Jean-Christophe, Gaborit, Philippe, Lacan, Jérôme, Zémor, Gilles
Format Journal Article
LanguageEnglish
Published New York Springer US 01.12.2024
Springer Nature B.V
Springer Verlag
Subjects
Binary codes
Codes
Coding
Coding and Information Theory
Computer Science
Cryptology
Decoding
Discrete Mathematics in Computer Science
Error analysis
Error correcting codes
Error correction
Error correction & detection
Mathematical analysis
Repetition
Tensors
Code-based cryptography
Public-key encryption
Post-quantum cryptography
11T71
14G50
NIST
HQC
94A60
NIST Mathematics Subject Classification 94A60
Post-quantum cryptography Code-based cryptography Public-key encryption HQC NIST Mathematics Subject Classification 94A60 11T71 14G50
Online AccessGet full text

Cover

More Information
Summary:The HQC post-quantum cryptosystem enables two parties to share noisy versions of a common secret binary string, and an error-correcting code is required to deal with the mismatch between both versions. This code is required to deal with binary symmetric channels with as large a transition parameter as possible, while guaranteeing, for cryptographic reasons, a decoding error probability of provably not more than 2 -128 . This requirement is non-standard for digital communications, and modern coding techniques are not amenable to this setting. This paper explains how this issue is addressed in the last version of HQC: precisely, we introduce a coding scheme that consists of concatenating a Reed–Solomon code with the tensor product of a Reed–Muller code and a repetition code. We analyze its behavior in detail and show that it significantly improves upon the previous proposition for HQC, which consisted of tensoring a BCH and a repetition code. As additional results, we also provide a better approximation of the weight distribution for HQC error vectors, and we remark that the size of the exchanged secret in HQC can be reduced to match the protocol security which also significantly improves performance.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0925-1022
1573-7586
DOI:10.1007/s10623-024-01507-6