Results 1  10
of
51
Improved Decoding of ReedSolomon and AlgebraicGeometry Codes
 IEEE TRANSACTIONS ON INFORMATION THEORY
, 1999
"... Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes ..."
Abstract

Cited by 345 (44 self)
 Add to MetaCart
Given an errorcorrecting code over strings of length n and an arbitrary input string also of length n, the list decoding problem is that of finding all codewords within a specified Hamming distance from the input string. We present an improved list decoding algorithm for decoding ReedSolomon codes. The list decoding problem for ReedSolomon codes reduces to the following "curvefitting" problem over a field F : Given n points f(x i :y i )g i=1 , x i
Closest Point Search in Lattices
 IEEE TRANS. INFORM. THEORY
, 2000
"... In this semitutorial paper, a comprehensive survey of closestpoint search methods for lattices without a regular structure is presented. The existing search strategies are described in a unified framework, and differences between them are elucidated. An efficient closestpoint search algorithm, ba ..."
Abstract

Cited by 333 (2 self)
 Add to MetaCart
(Show Context)
In this semitutorial paper, a comprehensive survey of closestpoint search methods for lattices without a regular structure is presented. The existing search strategies are described in a unified framework, and differences between them are elucidated. An efficient closestpoint search algorithm, based on the SchnorrEuchner variation of the Pohst method, is implemented. Given an arbitrary point x 2 R m and a generator matrix for a lattice , the algorithm computes the point of that is closest to x. The algorithm is shown to be substantially faster than other known methods, by means of a theoretical comparison with the Kannan algorithm and an experimental comparison with the Pohst algorithm and its variants, such as the recent ViterboBoutros decoder. The improvement increases with the dimension of the lattice. Modifications of the algorithm are developed to solve a number of related search problems for lattices, such as finding a shortest vector, determining the kissing number, compu...
Noisy Polynomial Interpolation and Noisy Chinese Remaindering
, 2000
"... Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpo ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The noisy polynomial interpolation problem is a new intractability assumption introduced last year in oblivious polynomial evaluation. It also appeared independently in password identification schemes, due to its connection with secret sharing schemes based on Lagrange’s polynomial interpolation. This paper presents new algorithms to solve the noisy polynomial interpolation problem. In particular, we prove a reduction from noisy polynomial interpolation to the lattice shortest vector problem, when the parameters satisfy a certain condition that we make explicit. Standard lattice reduction techniques appear to solve many instances of the problem. It follows that noisy polynomial interpolation is much easier than expected. We therefore suggest simple modifications to several cryptographic schemes recently proposed, in order to change the intractability assumption. We also discuss analogous methods for the related noisy Chinese remaindering problem arising from the wellknown analogy between polynomials and integers. 1
Efficient NonMalleable Commitment Schemes
 IN CRYPTO 2000, SPRINGERVERLAG (LNCS 1880
, 2000
"... We present efficient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few mo ..."
Abstract

Cited by 40 (3 self)
 Add to MetaCart
We present efficient nonmalleable commitment schemes based on standard assumptions such as RSA and DiscreteLog, and under the condition that the network provides publicly available RSA or DiscreteLog parameters generated by a trusted party. Our protocols require only three rounds and a few modular exponentiations. We also discuss the difference between the notion of nonmalleable commitment schemes used by Dolev, Dwork and Naor [DDN00] and the one given by Di Crescenzo, Ishai and Ostrovsky [DIO98].
List Decoding: Algorithms and Applications
 SIGACT News
, 2000
"... Over the years coding theory and complexity theory have benefited from a number of mutually enriching connections. This article focuses on a new connection that has emerged between the two topics in the recent years. This connection is centered around the notion of "listdecoding" for ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
Over the years coding theory and complexity theory have benefited from a number of mutually enriching connections. This article focuses on a new connection that has emerged between the two topics in the recent years. This connection is centered around the notion of "listdecoding" for errorcorrecting codes. In this survey we describe the listdecoding problem, the algorithms that have been developed, and a diverse collection of applications within complexity theory. 1
"Softdecision" decoding of Chinese Remainder Codes
 PROC. OF THE 41ST IEEE SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE
, 2000
"... Given n relatively prime integers p1 < · · · < pn and an integer k < n, the Chinese Remainder Code, CRTp1,...,pn;k, has as its message space M = {0,..., ∏k i=1 pi − 1}, and encodes a message m ∈ M as the vector 〈m1,..., mn〉, where mi = m(mod pi). The softdecision decoding problem for the ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
(Show Context)
Given n relatively prime integers p1 < · · · < pn and an integer k < n, the Chinese Remainder Code, CRTp1,...,pn;k, has as its message space M = {0,..., ∏k i=1 pi − 1}, and encodes a message m ∈ M as the vector 〈m1,..., mn〉, where mi = m(mod pi). The softdecision decoding problem for the Chinese remainder code is given as input a vector of residues ⃗r = 〈r1,..., rn〉, a vector of weights 〈w1,..., wn〉, and an agreement parameter t. The goal is to find all messages m ∈ M such that the weighted agreement between the encoding of m and ⃗r (i.e., i wi summed over all i such that ri = m(mod pi)) is at least t. Here we give a new algorithm for solving the softdecision problem for the CRT code that works provided the agreement parameter t is sufficiently large. We derive our algorithm by digging deeper into the algebra underlying the errorcorrecting algorithms and unveiling an “ideal”theoretic view of decoding. When all weights are equal to 1, we obtain the more commonly studied “list decoding ” problem. List decoding algorithms for the Chinese Remainder Code were given recently by Goldreich, Ron, and Sudan [5], and im√proved by Boneh [1]. Their algorithms work for t ≥ 2knlog pn/log p1 and t ≥ √ knlog pn/log p1, respectively. We improve upon the algorithms above by using our softdecision decoding algorithm with a nontrivial choice of weights, and solve the list decoding problem provided t ≥ √ k(n + ε), for arbitrarily small ε> 0.
Finding Smooth Integers in Short Intervals Using CRT Decoding
 Proceedings of the 32nd Annual ACM Symposium on Theory of Computing
, 2000
"... this paper we study this analogy for a classic polynomial interpolation problem known as decoding of ReedSolomon codes. The problem reduces to the following question: given n pairs (x i ; y i ) 2 F q , for which the x i 's are distinct, nd all polynomials f 2 F q [x] of degree at most k s ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
this paper we study this analogy for a classic polynomial interpolation problem known as decoding of ReedSolomon codes. The problem reduces to the following question: given n pairs (x i ; y i ) 2 F q , for which the x i 's are distinct, nd all polynomials f 2 F q [x] of degree at most k such that y i = f(x i ) for all but e values of i 2 f1; : : : ; ng. It is easy to see that when e < (n k)=2 the solution is unique. The solution can be eciently found using a classic algorithm due to Berlekamp and Massey (see [2, 19] for a description). Surprisingly, it is possible to decode beyond the BerlekampMassey bound, however the solution is no longer unique. In a recent seminal work Guruswami and Sudan [22, 12] show that as long as e < n kn it is possible to eciently recover a list of all polynomials f satisfying y i = f(x i ) for all but e values. This decoding problem is known as the list decoding problem for ReedSolomon codes
Coding Theory: Tutorial & Survey
, 2001
"... Coding theory has played a central role in the theoretical computer science. Computer scientists have long exploited notions, constructions, theorems and techniques of coding theory. More recently, theoretical computer science has also been contributing to the theory of errorcorrecting codes in pa ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Coding theory has played a central role in the theoretical computer science. Computer scientists have long exploited notions, constructions, theorems and techniques of coding theory. More recently, theoretical computer science has also been contributing to the theory of errorcorrecting codes in particular in making progress on some fundamental algorithmic connections. Here we survey some of the central goals of coding theory and the progress made via algebraic methods. We stress that this is a very partial view of coding theory and a lot of promising combinatorial and probabilistic approaches are not covered by this survey.
The Security of all RSA and Discrete Log Bits
, 2003
"... We study the security of individual bits in an RSA encrypted message EN (x). We show that given EN (x), predicting any single bit in x with only a nonnegligible advantage over the trivial guessing strategy, is (through a polynomial time reduction) as hard as breaking RSA. Moreover, we prove that bl ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We study the security of individual bits in an RSA encrypted message EN (x). We show that given EN (x), predicting any single bit in x with only a nonnegligible advantage over the trivial guessing strategy, is (through a polynomial time reduction) as hard as breaking RSA. Moreover, we prove that blocks of O(log log N) bitsofxare computationally indistinguishable from random bits. The results carry over to the Rabin encryption scheme. Considering the discrete exponentiation function gx modulo p, with probability 1 − o(1) over random choices of the prime p, the analog results are demonstrated. The results do not rely on group representation, and therefore applies to general cyclic groups as well. Finally, we prove that the bits of ax + b modulo p give hard core predicates for any oneway function f. All our results follow from a general result on the chosen multiplier hidden number problem: givenanintegerN, and access to an algorithm Px that on input a random a ∈ ZN, returns a guess of the ith bit of ax mod N, recover x. We show that for any i, ifPx has at least a nonnegligible advantage in predicting the ith bit, we either recover x, or, obtain a nontrivial factor of N in polynomial time. The result also extends to prove the results about simultaneous security of blocks of O(log log N) bits.
Reducing lattice bases to find smallheight values of univariate polynomials
 in [13] (2007). URL: http://cr.yp.to/papers.html#smallheight. Citations in this document: §A
, 2004
"... Abstract. This paper generalizes several previous results on finding divisors in residue classes (Lenstra, Konyagin, Pomerance, Coppersmith, HowgraveGraham, Nagaraj), finding divisors in intervals (Rivest, Shamir, Coppersmith, HowgraveGraham), finding modular roots (Hastad, Vallée, Girault, Toffin ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Abstract. This paper generalizes several previous results on finding divisors in residue classes (Lenstra, Konyagin, Pomerance, Coppersmith, HowgraveGraham, Nagaraj), finding divisors in intervals (Rivest, Shamir, Coppersmith, HowgraveGraham), finding modular roots (Hastad, Vallée, Girault, Toffin, Coppersmith, HowgraveGraham), finding highpower divisors (Boneh, Durfee, HowgraveGraham), and finding codeword errors beyond half distance (Sudan, Guruswami, Goldreich, Ron, Boneh) into a unified algorithm that, given f and g, finds all rational numbers r such that f(r) and g(r) both have small height. 1.