Authors:Yang Zhang Pages: 103 - 112 Abstract: An extension of Bergman’s ring (Israel J Math 18:257–277, 1974) was introduced by Climent et al. (Appl Algebra Eng Commun Comput 23:347–361, 2014). For this ring called \(E_p^{(m)}\) , they established that only a negligible fraction of elements are invertible, and then proposed a key exchange protocol based on this property. Shortly afterwards, they constructed another key agreement protocol for multicast over this ring (WIT Trans Inf Commun Technol 45:13–24, 2013). In this paper, we introduce a polynomial-time attack to these two protocols without using invertible elements. PubDate: 2018-03-01 DOI: 10.1007/s00200-017-0332-0 Issue No:Vol. 29, No. 2 (2018)

Authors:Sylvain Duquesne; Nadia El Mrabet; Safia Haloui; Franck Rondepierre Pages: 113 - 147 Abstract: Because pairings have many applications, many hardware and software pairing implementations can be found in the literature. However, the parameters generally used have been invalidated by the recent results on the discrete logarithm problem over pairing friendly elliptic curves (Kim and Barbulescu in CRYPTO 2016, volume 9814 of lecture notes in computer science, Springer, Berlin, pp 543–571, 2016). New parameters must be generated to insure enough security in pairing based protocols. More generally it could be useful to generate nice pairing parameters in many real-world applications (specific security level, resistance to specific attacks on a protocol, database of curves). The main purpose of this paper is to describe explicitly and exhaustively what should be done to generate the best possible parameters and to make the best choices depending on the implementation context (in terms of pairing algorithm, ways to build the tower field, \(\mathbb {F}_{p^{12}}\) arithmetic, groups involved and their generators, system of coordinates). We focus on low level implementations, assuming that \(\mathbb {F}_p\) additions have a significant cost compared to other \(\mathbb {F}_p\) operations. However, our results are still valid if \(\mathbb {F}_p\) additions can be neglected. We also explain why the best choice for the polynomials defining the tower field \(\mathbb {F}_{p^{12}}\) is only dependent on the value of the BN parameter u mod small integers (like 12 for instance) as a nice application of old elementary arithmetic results. This should allow a faster generation of this parameter. Moreover, we use this opportunity to give some new slight improvements on \(\mathbb {F}_{p^{12}}\) arithmetic (in a pairing context). PubDate: 2018-03-01 DOI: 10.1007/s00200-017-0334-y Issue No:Vol. 29, No. 2 (2018)

Authors:Deepa Sinha; Deepakshi Sharma Pages: 149 - 167 Abstract: In this paper, we generalize the iterated local transitivity (ILT) model for online social networks for signed networks. Signed networks focus on the type of relations (friendship or enmity) between the vertices (members of online social networks). The ILT model for signed networks provide an insight into how networks react to the addition of clone vertex. In this model, at each time step t and for already existing vertex x, a new vertex (clone) \(x'\) is added which joins to x and neighbors of x. The sign of new edge \(yx', \ y \in N[x]\) neighborhood of x is defined by calculating the number of positive and negative neighbors of x. We also discuss properties such as balance and clusterability, sign-compatibility and C-sign-compatibility. PubDate: 2018-03-01 DOI: 10.1007/s00200-017-0333-z Issue No:Vol. 29, No. 2 (2018)

Authors:Yoshinori Aono; Manindra Agrawal; Takakazu Satoh; Osamu Watanabe Pages: 169 - 195 Abstract: We investigate a method for finding small integer solutions of a univariate modular equation, that was introduced by Coppersmith (Proceedings of Eurocrypt 1996, LNCS, vol 1070, pp 155–165, 1996) and extended by May (New RSA vulnerabilities using lattice reduction methods, Ph.D. thesis, University of Paderborn, 2003). We will refer this method as the Coppersmith technique. This paper provides a way to analyze a general limitations of the lattice construction for the Coppersmith technique. Our analysis upper bounds the possible range of U that is asymptotically equal to the bound given by the original result of Coppersmith and May. This means that they have already given the best lattice construction. In addition, we investigate the optimality for the bivariate equation to solve the small inverse problem, which was inspired by Kunihiro’s (LNCS 7483:55–69, 2012) argument. In particular, we show the optimality for the Boneh–Durfee’s equation (Proceedings of Eurocrypt 1999, LNCS, vol 1592, pp 389–401, 1999) used for RSA cryptoanalysis, To show our results, we establish framework for the technique by following the relation of Howgrave-Graham (Proceedings of cryptography and coding, LNCS, vol 1355, pp 131–142, 1997), and then concretely define the conditions in which the technique succeed and fails. We then provide a way to analyze the range of U that satisfies these conditions. Technically, we show that the original result of Coppersmith achieves the optimal bound for U when constructing a lattice in the standard way. We then provide evidence which indicates that constructing a non-standard lattice is generally difficult. PubDate: 2018-03-01 DOI: 10.1007/s00200-017-0336-9 Issue No:Vol. 29, No. 2 (2018)

Authors:Haode Yan Pages: 1 - 11 Abstract: BCH codes, as a special subclass of cyclic codes, are in most cases among the best cyclic codes. Recently, several classes of BCH codes with length \(n=q^m-1\) and designed distances \(\delta =(q-1)q^{m-1}-1-q^{\lfloor (m-1)/2\rfloor }\) and \(\delta =(q-1)q^{m-1}-1-q^{\lfloor (m+1)/2\rfloor }\) were widely studied, where \(m\ge 4\) is an integer. In this paper, we consider the case \(m=3\) . The weight distribution of a class of primitive BCH codes with designed distance \(q^3-q^2-q-2\) is determined, which solves an open problem put forward in Ding et al. (Finite Fields Appl 45:237–263, 2017). PubDate: 2018-01-01 DOI: 10.1007/s00200-017-0320-4 Issue No:Vol. 29, No. 1 (2018)

Authors:Yuan Cao; Yonglin Cao; Li Dong Pages: 13 - 39 Abstract: Let \({\mathbb {F}}_{3^m}\) be a finite field of cardinality \(3^m\) , \(R={\mathbb {F}}_{3^m}[u]/\langle u^4\rangle \) which is a finite chain ring, and n be a positive integer satisfying \(\mathrm{gcd}(3,n)=1\) . For any \(\delta ,\alpha \in {\mathbb {F}}_{3^m}^{\times }\) , an explicit representation for all distinct \((\delta +\alpha u^2)\) -constacyclic codes over R of length 3n is given, formulas for the number of all such codes and the number of codewords in each code are provided, respectively. Moreover, the dual code for each of these codes is determined explicitly. PubDate: 2018-01-01 DOI: 10.1007/s00200-017-0328-9 Issue No:Vol. 29, No. 1 (2018)

Authors:Dongyoung Roh; I-Yeol Kim; Sang Geun Hahn Pages: 41 - 57 Abstract: There are many variants of the computational Diffie–Hellman problem that are necessary to provide security of many cryptographic schemes. Two of them are the square Diffie–Hellman problem and the square root Diffie–Hellman problem. Recently, the first and third authors proved that these two problems are polynomial-time equivalent under a certain condition (Roh and Hahn in Des Codes Cryptogr 62(2):179–187, 2011). In this paper, we generalize this result. We introduce the l-th power Diffie–Hellman problem and the l-th root Diffie–Hellman problem and show that these two problems are polynomial-time equivalent for \(l = O (\log p)\) under a condition similar to that of Roh and Hahn (2011), where p is the order of the underlying group. PubDate: 2018-01-01 DOI: 10.1007/s00200-017-0321-3 Issue No:Vol. 29, No. 1 (2018)

Authors:Jaehyun Ahn; Dongseok Ka Pages: 59 - 76 Abstract: Recently, linear codes constructed from defining sets have been studied widely and they have many applications. For an odd prime p, let \(q=p^{m}\) for a positive integer m and \(\mathrm {Tr}_{m}\) the trace function from \(\mathbb {F}_{q}\) onto \(\mathbb {F}_{p}\) . In this paper, for a positive integer t, let \(D\subset \mathbb {F}^{t}_{q}\) and \(D=\{(x_{1},x_{2}) \in (\mathbb {F}_{q}^{*})^{2} : \mathrm {Tr}_{m}(x_{1}+x_{2})=0\}\) , we define a p-ary linear code \(\mathcal {C}_{D}\) by $$\begin{aligned} \mathcal {C}_{D}=\left\{ \mathbf {c}(a_{1},a_{2}) : (a_{1},a_{2})\in \mathbb {F}^{2}_{q}\right\} , \end{aligned}$$ where $$\begin{aligned} \mathbf {c}(a_{1},a_{2})=\left( \mathrm {Tr}_{m}\left( a_{1}x^{2}_{1}+a_{2}x^{2}_{2}\right) \right) _{(x_{1},x_{2})\in D}. \end{aligned}$$ We compute the weight enumerators of the punctured codes \(\mathcal {C}_{D}\) . PubDate: 2018-01-01 DOI: 10.1007/s00200-017-0329-8 Issue No:Vol. 29, No. 1 (2018)

Authors:Mridul Nandi; Tapas Pandit Pages: 77 - 102 Abstract: Predicate encryption (PE), a generalization of attribute-based encryption (ABE), is a versatile tool for providing access control over data. The underlying predicate for a PE is parametrized by an index, called system parameter or simply system-index. A system-index, in general, consists of component(s) from \(\mathbb {N}\) . Yamada et al. in PKC 2011 proposed a verifiability-based conversion from CPA to CCA-secure ABE. This conversion was generalized by Yamada et al. in PKC 2012 from ABE to PE. In the later conversion, the authors considered the system-index to be a single component. In practice, there are many schemes, e.g., functional encryption for general relations and hierarchical-inner product (HIP) encryption schemes of Okamoto-Takashima in CRYPTO 2010, CANS 2011 and EUROCRYPT 2012, where system-indices consist of more than a single component. Therefore, for these schemes, the conversion of Yamada et al. (in PKC, 2012) is out of scope. In this paper, we revisit the CPA to CCA conversion for PE and propose a new conversion based on verifiability. The proposed conversion works irrespective of the number of components in the system-indices. It generalizes the existing conversion of Yamada et al. (in PKC, 2011) from ABE to PE. The PE schemes which are realized by the conversion of Yamada et al. (2011) are also realized by our conversion. Therefore, the conversion of ours has more scope than the conversion proposed in 2012. We show that all the aforementioned CPA-secure schemes for general relations and HIP relation are easily converted to the corresponding CCA-secure schemes by our conversion. Further, we show a generic conversion from CPA to CCA-secure functional encryption for regular languages which captures the existing PE schemes for regular languages. PubDate: 2018-01-01 DOI: 10.1007/s00200-017-0330-2 Issue No:Vol. 29, No. 1 (2018)

Authors:Shanding Xu; Xiwang Cao; Guangkui Xu; Chunming Tang Abstract: Direct-sequence spread spectrum and frequency-hopping (FH) spread spectrum are two main spread-coding technologies. Frequency-hopping sequences (FHSs) achieving the well-known Lempel–Greenberger bound play an important part in FH code-division multiple-access systems. Our objective is to construct more FHSs with new parameters attaining the above bound. In this paper, two classes of FHSs are proposed by means of two partitions of \({{\mathbb {Z}}_{v}}\) , where v is an odd positive integer. It is shown that all the constructed FHSs are optimal with respect to the Lempel–Greenberger bound. By choosing appropriate injective functions, infinitely many optimal FHSs can be recursively obtained. Above all, these FHSs have new parameters which are not covered in the former literature. PubDate: 2018-04-13 DOI: 10.1007/s00200-018-0356-0

Authors:Yanfeng Qi; Chunming Tang; Dongmei Huang Abstract: This paper considers two classes of p-ary functions studied by Li et al. (IEEE Trans Inf Theory 59(3):1818–1831, 2013). The first class of p-ary functions is of the form $$\begin{aligned} f(x)=Tr^n_1\left( a x^{l(q-1)}+b x^{\left( l+\frac{q+1}{2}\right) (q-1)}\right) +\epsilon x^{\frac{q^2-1}{2}}. \end{aligned}$$ Another class of p-ary functions is of the form $$\begin{aligned} f(x)={\left\{ \begin{array}{ll} \sum ^{q-1}_{i=0} Tr^n_1(a x^{(ri+s)(q-1)})+\epsilon x^{\frac{q^2-1}{2}},&{} x\ne 0,\\ f(0),&{} x=0. \end{array}\right. } \end{aligned}$$ We generalize Li et al.’s results, give necessary conditions for two classes of bent functions, and present more explicit characterization of these regular bent functions for different cases. PubDate: 2018-04-07 DOI: 10.1007/s00200-018-0357-z

Authors:J. Wolfmann Abstract: We introduce a construction of binary 3-weight codes and near-bent functions from 2-weight projective codes. PubDate: 2018-04-04 DOI: 10.1007/s00200-018-0354-2

Authors:Fei Li Abstract: Firstly, we give a formula on the generalized Hamming weights of linear codes constructed generically by defining sets. Secondly, by choosing properly the defining set we obtain a class of cyclotomic linear codes and then present two alternative formulas for calculating their generalized Hamming weights. Lastly, we determine their weight distributions and generalized Hamming weights partially. Especially, we solve the generalized Hamming weights completely in one case. PubDate: 2018-04-02 DOI: 10.1007/s00200-018-0355-1

Authors:Yanping Wang; Zhengbang Zha; Weiguo Zhang Abstract: Permutation trinomials over finite fields are of great interest for their simple algebraic forms and important applications in many areas of mathematics and engineering. In this paper, six new classes of permutation trinomials over \(\mathbb {F}_{3^{3k}}\) are presented based on the multivariate method. Their permutation properties are proved by using the resultant elimination method. PubDate: 2018-03-20 DOI: 10.1007/s00200-018-0353-3

Authors:Yuan Cao; Yonglin Cao; Fang-Wei Fu Abstract: Let m, e be positive integers, p a prime number, \(\mathbb {F}_{p^m}\) be a finite field of \(p^m\) elements and \(R=\mathbb {F}_{p^m}[u]/\langle u^e\rangle \) which is a finite chain ring. For any \(\omega \in R^\times \) and positive integers k, n satisfying \(\mathrm{gcd}(p,n)=1\) , we prove that any \((1+\omega u)\) -constacyclic code of length \(p^kn\) over R is monomially equivalent to a matrix-product code of a nested sequence of \(p^k\) cyclic codes with length n over R and a \(p^k\times p^k\) matrix \(A_{p^k}\) over \(\mathbb {F}_p\) . Using the matrix-product structures, we give an iterative construction of every \((1+\omega u)\) -constacyclic code by \((1+\omega u)\) -constacyclic codes of shorter lengths over R. PubDate: 2018-03-06 DOI: 10.1007/s00200-018-0352-4

Authors:Francis N. Castro; Luis A. Medina; Pantelimon Stănică Abstract: Exponential sums of symmetric Boolean functions are linear recurrent with integer coefficients. This was first established by Cai, Green and Thierauf in the mid nineties. Consequences of this result has been used to study the asymptotic behavior of symmetric Boolean functions. Recently, Cusick extended it to rotation symmetric Boolean functions, which are functions with good cryptographic properties. In this article, we put all these results in the general context of Walsh transforms and some of its generalizations (nega–Hadamard transform, for example). Precisely, we show that Walsh transforms, for which exponential sums are just an instance, of symmetric and rotation symmetric Boolean functions satisfy linear recurrences with integer coefficients. We also provide a closed formula for the Walsh transform and nega–Hadamard transform of any symmetric Boolean functions. Moreover, using the techniques presented in this work, we show that some families of rotation symmetric Boolean functions are not bent when the number of variables is sufficiently large and provide asymptotic evidence to a conjecture of Stănică and Maitra. PubDate: 2018-02-20 DOI: 10.1007/s00200-018-0351-5

Authors:Qian Liu; Yujuan Sun; WeiGuo Zhang Abstract: Permutation polynomials have important applications in cryptography, coding theory, combinatorial designs, and other areas of mathematics and engineering. Finding new classes of permutation polynomials is therefore an interesting subject of study. In this paper, for an integer s satisfying \(s=\frac{q^n-1}{2}+q^r\) , we give six classes of permutation polynomials of the form \((ax^{q^m}-bx+\delta )^s+L(x)\) over \(\mathbb {F}_{q^n}\) , and for s satisfying \(s(p^m-1)\equiv p^m-1\ (mod\ p^n-1)\) or \(s(p^{{\frac{k}{2}}m}-1)\equiv p^{km}-1 (mod\ p^n-1)\) , we propose three classes of permutation polynomials of the form \((aTr_m^n(x)+\delta )^s+L(x)\) over \(\mathbb {F}_{p^n}\) , respectively. PubDate: 2018-01-31 DOI: 10.1007/s00200-018-0350-6

Authors:Javad Doliskani Abstract: For an elliptic curve E over a finite field \(\mathbb {F}_q\) , where q is a prime power, we propose new algorithms for testing the supersingularity of E. Our algorithms are based on the polynomial identity testing problem for the p-th division polynomial of E. In particular, an efficient algorithm using points of high order on E is given. PubDate: 2018-01-16 DOI: 10.1007/s00200-018-0349-z

Authors:Gerardo Vega Pages: 527 - 533 Abstract: The purpose of this work is to use an already known identity among the weight enumerator polynomials, in order to present an improved method for determining the weight distribution of a family of q-ary reducible cyclic codes, that generalize, in an easier way, the results in Yu and Liu (Des Codes Cryptogr 78:731–745, 2016). PubDate: 2017-12-01 DOI: 10.1007/s00200-017-0318-y Issue No:Vol. 28, No. 6 (2017)

Authors:Amaro Barreal; Capi Corrales Rodrigáñez; Camilla Hollanti Abstract: Algebraic space–time coding—a powerful technique developed in the context of multiple-input multiple-output (MIMO) wireless communications—has profited tremendously from tools from Class Field Theory and, more concretely, the theory of central simple algebras and their orders. During the last decade, the study of space–time codes for practical applications, and more recently for future generation (5G \(+\) ) wireless systems, has provided a practical motivation for the consideration of many interesting mathematical problems. One such problem is the explicit computation of orders of central simple algebras with small discriminants. In this article, we consider the most interesting asymmetric MIMO channel setups and, for each treated case, we provide explicit pairs of fields and a corresponding non-norm element giving rise to a cyclic division algebra whose natural order has the minimum possible discriminant. PubDate: 2017-12-14 DOI: 10.1007/s00200-017-0348-5