TY - JOUR
T1 - Some (almost) optimally extendable linear codes
AU - Carlet, Claude
AU - Li, Chengju
AU - Mesnager, Sihem
N1 - Publisher Copyright:
© 2019, Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2019/12/1
Y1 - 2019/12/1
N2 - Side-channel attacks and fault injection attacks are nowadays important cryptanalysis methods on the implementations of block ciphers, which represent huge threats. Direct sum masking (DSM) has been proposed to protect the sensitive data stored in registers against both SCA and FIA. It uses two linear codes C and D whose sum is direct and equals Fqn. The resulting security parameter is the pair (d(C) - 1 , d(D⊥) - 1). For being able to protect not only the sensitive input data stored in registers against SCA and FIA but the whole algorithm (which is required at least in software applications), it is useful to change C and D into C′, which has the same minimum distance as C, and D′, which may have smaller dual distance than D. Precisely, D′ is the linear code obtained by appending on the right of its generator matrix the identity matrix with the same number of rows. It is then highly desired to construct linear codes D such that d(D′⊥) is very close to d(D⊥). In such case, we say that D is almost optimally extendable (and is optimally extendable if d(D′⊥)=d(D⊥)). In general, it is notoriously difficult to determine the minimum distances of the codes D⊥ and D′⊥ simultaneously. In this paper, we mainly investigate constructions of (almost) optimally extendable linear codes from irreducible cyclic codes and from the first-order Reed–Muller codes. The minimum distances of the codes D, D′, D⊥, and D′⊥ are determined explicitly and their weight enumerators are also given. Furthermore, several families of optimally extendable codes are found (for the second time) among such linear codes.
AB - Side-channel attacks and fault injection attacks are nowadays important cryptanalysis methods on the implementations of block ciphers, which represent huge threats. Direct sum masking (DSM) has been proposed to protect the sensitive data stored in registers against both SCA and FIA. It uses two linear codes C and D whose sum is direct and equals Fqn. The resulting security parameter is the pair (d(C) - 1 , d(D⊥) - 1). For being able to protect not only the sensitive input data stored in registers against SCA and FIA but the whole algorithm (which is required at least in software applications), it is useful to change C and D into C′, which has the same minimum distance as C, and D′, which may have smaller dual distance than D. Precisely, D′ is the linear code obtained by appending on the right of its generator matrix the identity matrix with the same number of rows. It is then highly desired to construct linear codes D such that d(D′⊥) is very close to d(D⊥). In such case, we say that D is almost optimally extendable (and is optimally extendable if d(D′⊥)=d(D⊥)). In general, it is notoriously difficult to determine the minimum distances of the codes D⊥ and D′⊥ simultaneously. In this paper, we mainly investigate constructions of (almost) optimally extendable linear codes from irreducible cyclic codes and from the first-order Reed–Muller codes. The minimum distances of the codes D, D′, D⊥, and D′⊥ are determined explicitly and their weight enumerators are also given. Furthermore, several families of optimally extendable codes are found (for the second time) among such linear codes.
KW - Cyclic code
KW - Fault injection attack
KW - Linear code
KW - Reed–Muller code
KW - Side-channel attack
KW - Weight distribution
UR - https://www.scopus.com/pages/publications/85067928060
U2 - 10.1007/s10623-019-00652-7
DO - 10.1007/s10623-019-00652-7
M3 - 文章
AN - SCOPUS:85067928060
SN - 0925-1022
VL - 87
SP - 2813
EP - 2834
JO - Designs, Codes, and Cryptography
JF - Designs, Codes, and Cryptography
IS - 12
ER -