Generalization of BJMM-ISD Using May-Ozerov Nearest Neighbor Algorithm over an Arbitrary Finite Field \(\mathbb {F}_q\)

Abstract

The security of McEliece cryptosystem heavily relies on the hardness of decoding a random linear code. The best known generic decoding algorithms are derived from the Information-Set Decoding (ISD) algorithm. The ISD algorithm was proposed in 1962 by Prange and improved in 1989 by Stern and later in 1991 by Dumer. Since then, there have been numerous works improving and generalizing the ISD algorithm: Peters in 2009, May, Meurer and Thomae in 2011, Becker, Joux, May and Meurer in 2012, May and Ozerov in 2015, and Hirose in 2016. Among all these improvement and generalization only those ofPeters and Hirose are over \(\mathbb {F}_q\) with q an arbitrary prime power. In Hirose’s paper, he describes the May-Ozerov nearest-neighbor algorithm generalized to work for vectors over the finite field \(\mathbb {F}_q\) with arbitrary prime power q. He also applies the generalized algorithm to the decoding problem of random linear codes over \(\mathbb {F}_q\). And he observed by a numerical analysis of asymptotic time complexity that the May-Ozerov nearest-neighbor algorithm may not contribute to the performance improvement of Stern’s ISD algorithm over \(\mathbb {F}_q\) with \(q \ge 3\). In this paper, we will extend the Becker, Joux, May, and Meurer’s ISD using the May-Ozerov algorithm for Nearest-Neighbor problem over \(\mathbb {F}_q\) with q an arbitrary prime power. We analyze the impact of May-Ozerov algorithm for Nearest-Neighbor Problem over \(\mathbb {F}_q\) on the Becker, Joux, May and Meurer’s ISD.

Acknowlegment

This work was carried out with financial support of CEA-MITIC for CBC project and financial support of the government of Senegal’s Ministry of Hight Education and Research for ISPQ project. The third author was supported in part by JSPS KAKENHI Grant Number JP16H02828.

Appendices

Appendix

Nearest-Neighbor Algorithm over an Arbitrary Finite Field \(\mathbb {F}_q\)

We give in this section the May-Ozerov Nearest-Neighbor algorithm over \(\mathbb {F}_q\) proposed by Hirose in [19]

The complexity of May-Ozerov Nearest Neighbor algorithm is given by:

Theorem 2

[19]. Let q be a prime power. Let \(\gamma \), \(\beta \), \(\epsilon >0\) and \(\lambda \) be reals such that \(0<\gamma <\frac{1}{2}\), \(0<\beta <1\), \(\varepsilon >0\) and \(\lambda \le H_{q}(\beta )-\frac{1}{q}\sum \limits _{x\in \mathbb {F}_{q}}H_{q}(q \beta h_{x})\) with \(\sum \limits _{x\in \mathbb {F}_{q}}h_{x}=1\) and for each \(x\in \mathbb {F}_{q}\), \(\frac{\gamma }{q}< h_{x}<\frac{\gamma }{q} + \frac{1-\gamma }{q\beta }\).

Let \(y= (1-\gamma )\left( H_{q}(\beta ) -\frac{1}{q}\sum \limits _{x\in \mathbb {F}_{q}}H_{q}\left( \frac{qh_{x}-\gamma }{1-\gamma } \beta \right) \right) \). Then the MO-NN algorithm solves the \((m,\gamma , \lambda )NN\) problem over \(\mathbb {F}_{q}\) with overwhelming probability in time

$$\begin{aligned} \tilde{\mathcal {O}}\left( q^{(y+\varepsilon )m}\right) . \end{aligned}$$