Quasi-cyclic codes of index 3 over finite fields are studied. We give a classification of such codes. Their duals with respect to the Euclidean and Hermitian inner products are investigated. We give a characterization of self-orthogonal and dual-containing codes. A quasi-cyclic code of index 3 is generated by at most three elements. We describe conditions when such a code (or its dual) is generated by one element.

Code-based cryptography, originally proposed nearly 50 years ago, has been highly successful in the NIST standardization process for post-quantum key encapsulation mechanisms. With HQC and BIKE, two of the considered candidates are based on the hardness of quasi-cyclic codes. One important attack first presented by Guo et al. at ASIACRYPT 2016 that targets moderately dense codes is the distance spectrum recovery attack. The attack makes use of the correlation between the error patterns causing a decryption failure and the sparse private key. However, for random keys, decoding failures are highly unlikely and the attack thus only succeeds with negligible probability. Another line of cryptanalysis on quasi-cyclic code-based cryptosystems has focused on weak keys with higher DFR, which invalidate the provable security guarantees. However, so far the distance spectrum of such weak keys have never been analyzed, leaving a gap in the cryptanalysis research of modern code-based cryptosystems. In this work, we show that Type I weak keys feature a new distance spectrum not analyzed before that cannot be attacked with known key recovery techniques proposed by Guo et al. Instead, we introduce a new key recovery algorithm that, considering the reaction attacker setting, exceeds the state-of-the-art recovery methods by exploiting the distance spectrum of the new weak keys with high probability. When considering a natural side-channel occurring in real-world implementations of the decoding phase, our attack can be enhanced even further.

The construction of quantum quasi-cyclic codes based on the Hermitian inner product

Abstract It is known that entanglement-assisted quantum error-correcting codes (EAQECCs), a type of quantum error correction codes, can be easily constructed using linear codes that satisfy the property called linear complementary duals (LCD). For quasi-cyclic (QC) codes, which are a class of linear codes, we have already published the methods for constructing the codes with properties such as self-orthogonality, self-duality and reversibility according to the prime-factor decomposition of $$-1+x^m$$ - 1 + x m , which reduce the amount of calculation by assembling several small generator polynomial matrices into a large generator polynomial matrix. In this paper, we propose a method to construct LCD–QC codes according to the prime-factor decomposition. The main idea of this method is to decompose the generator polynomial matrix of the QC code into several small generator polynomial matrices corresponding to the prime factors and perform LCD determination, which leads to a reduction in the amount of calculation. As an application of our construction method, we create EAQECCs from the constructed LCD–QC codes, compare those minimum weights with the maximum values of the minimum weights of existing EAQECCs and find 15 EAQECCs with larger minimum weights than the existing ones.

When transmitting information over channels with grouping errors, the traditional approach is channel decorrelation and use of codes correcting independent errors. The decorrelation procedure lowers achievable rates of reliable transmission, therefore the problem of using special codes for channels with memory and construction of computationally effective decoding methods for correction of grouping errors is actual. For the class of random codes, an approach is known using information sets of limited diameter to correct error bursts. The size of the set of information sets grows linearly with increasing code length, and the construction of the set is described by a probabilistic procedure. This article considers the construction of a set of information sets for a special class of codes that correct error bursts called Gilbert codes. The sets of code positions of the smallest possible diameter are considered. Based on the calculation of the ranks of the submatrices of the parity-check matrix of the Gilbert code, the probability that the set of positions is an information set is estimated. For a given location of the information set, the positions of the corrected bursts are analyzed. Based on the analysis, a method for constructing a set of dense information sets for Gilbert codes for correcting all error bursts within the code correcting capacity is proposed. Using the features of setting the parameters of Gilbert codes, an estimate of the size of the resulting set of dense information sets is carried out. For a simple block size of the paritycheck matrix of a quasi-cyclic code, it is shown that for Gilbert codes a dense information set is located at any position. In the case of extended Gilbert codes, it is shown that sets of minimum diameter exist only at the last position of each block. A procedure for constructing a set of dense information sets of minimum diameter for Gilbert codes and their extensions is proposed. A comparison is made of the set size of information sets and the probability of obtaining it for Gilbert codes and random codes. It is shown that the number of information sets obtained by the proposed procedure does not increase with the length of the code. The results obtained in the paper demonstrate the possibility of developing computationally efficient decoders based on information sets when correcting single error bursts. Unlike random linear codes, for which the methods of constructing information sets including dense ones, are probabilistic, a procedure for guaranteed construction of a set of information sets of minimal diameter is specified for Gilbert codes. The quasi-cyclic structure of Gilbert codes allows constructing sets of dense information sets of smaller dimension than for random codes. The obtained results allow us to guarantee the correction of error bursts within the correcting capacity of Gilbert codes and their extensions with low computational complexity. The use of computationally efficient procedures for encoding and decoding error bursts will improve the reliability of message delivery in channels with memory.

Purpose of research is to develop a new high-speed method for searching for trapping sets, and a new method for estimating the probability of errors caused by these trapping sets for quasi-cyclic codes with a circulant size that is not a prime number. Methods. The proposed method for searching for trapping sets uses the algebraic properties of quasi-cyclic codes on graphs. Using the graph lifting and projection operations, the problem of searching for trapping sets is transferred to a higher-dimensional space, where trapping sets are more distinguishable. The proposed method for estimating the probability of errors based on selection by importance, in comparison with the previously proposed Cole method, allows parallelization of calculations without the need to duplicate tables. This approach reduces the amount of required memory many times and allows calculations to be performed using separated indices. Results. The proposed method of searching for trapping sets is convenient for hardware implementation, in particular, on accelerator boards using FPGAs. For its implementation, less than half of the SLR (super logic regions) chiplet of the BittWare XUP-P3R accelerator (in a configuration with 128 GB of DDR4 RAM) or the AMD Alveo U200/VCU1525 accelerator (64 GB of DDR4 RAM) is sufficient. This, combined with reduced requirements for RAM volume, allows placing 5 execution units on the AMD Virtex UltraScale+ XCVU9P FPGA [51] crystal instead of 2x, required for the modified Cole method. At the same time, the search acceleration for a matrix with a circulant size of 128 will be 2.5 times. The application of the proposed method for estimating the probability of errors caused by trapping sets provides a 5.3-fold acceleration compared to the Cole method for a quasi-cyclic code with a circulant size of 2048. The proposed method allows one to estimate the noise immunity of the code over the entire range of the signal-to-noise ratio. Conclusion. The proposed method of searching for trapping sets has high performance and ensures completeness of the search. The proposed method of estimating the probability of errors caused by these trapping sets also has high performance.

We study 1-generator quasi-cyclic codes and four-circulant codes, which are also quasi-cyclic but have 2 generators. We state the hull dimensions for both classes of codes in terms of the polynomials in their generating elements. We prove results such as the hull dimension of a four-circulant code is even and one-dimensional hull for double-circulant codes, which are special 1-generator codes, is not possible when the alphabet size [Formula: see text] is congruent to 3 mod 4. We also characterize linear complementary pairs among both classes of codes. Computational results on the code families in consideration are provided as well.

On some characterizations of generalized quasi-cyclic codes over $ \mathbb{Z}_q $

Asymptotically good generalized quasi-cyclic codes over finite chain rings

Symplectic Self-Orthogonal Quasi-Cyclic Codes

Explicit Cyclic and Quasi-Cyclic Codes With Optimal, Best Known Parameters, and Large Relative Minimum Distances

On quantum codes derived from quasi-cyclic codes over a non-chain ring

We consider the minimum weight of codewords in a quasi-cyclic code and characterize the estimate in its most general setup using their concatenated structure. The new bound we derive generalizes the Jensen and Güneri–Özbudak bounds and it holds for the more general class of multilevel concatenated codes.

In this paper, we investigate cyclic codes over the ring E of order 4 and characteristic 2 defined by generators and relations as E=⟨a,b∣2a=2b=0,a2=a,b2=b,ab=a,ba=b⟩. This is the first time that cyclic codes over the ring E are studied. Each cyclic code of length n over E is identified uniquely by the data of an ordered pair of binary cyclic codes of length n. We characterize self-dual, left self-dual, right self-dual, and linear complementary dual (LCD) cyclic codes over E. We classify cyclic codes of length at most 7 up to equivalence. A Gray map between cyclic codes of length n over E and quasi-cyclic codes of length 2n over F2 is studied. Motivated by DNA computing, conditions for reversibility and invariance under complementation are derived.

In this paper, we investigate the Gray images of codes over chain rings, leading to the derivation of infinite families of self-orthogonal linear codes over the residue field $\mathbb{F}_q$. We determine the parameters of optimal self-orthogonal and divisible linear codes. Additionally, we study the Gray images of quasi-twisted codes, resulting in some self-orthogonal Griesmer quasi-cyclic codes. Finally, we employ the CSS construction to derive some quantum codes based on self-orthogonal linear codes.

BIKE is a post-quantum key encapsulation mechanism (KEM) selected for the 4th round of the NIST's standardization campaign. It relies on the hardness of the syndrome decoding problem for quasi-cyclic codes and on the indistinguishability of the public key from a random element, and provides the most competitive performance among round 4 candidates, which makes it relevant for future real-world use cases. Analyzing its side-channel resistance has been highly encouraged by the community and several works have already outlined various side-channel weaknesses and proposed ad-hoc countermeasures. However, in contrast to the well-documented research line on masking lattice-based algorithms, the possibility of generically protecting code-based algorithms by masking has only been marginally studied in a 2016 paper by Chen et al. in SAC 2015. At this stage of the standardization campaign, it is important to assess the possibility of fully masking BIKE scheme and the resulting cost in terms of performances. In this work, we provide the first high-order masked implementation of a code-based algorithm. We had to tackle many issues such as finding proper ways to handle large sparse polynomials, masking the key-generation algorithm or keeping the benefit of the bitslicing. In this paper, we present all the gadgets necessary to provide a fully masked implementation of BIKE, we discuss our different implementation choices and we propose a full proof of masking in the Ishai Sahai and Wagner (Crypto 2003) model. More practically, we also provide an open C-code masked implementation of the key-generation, encapsulation and decapsulation algorithms with extensive benchmarks. While the obtained performance is slower than existing masked lattice-based algorithms, we show that masking at order 1, 2, 3, 4 and 5 implies a performance penalty of x5.8, x14.2, x24.4, x38 and x55.6 compared to order 0 (unmasked and unoptimized BIKE). This scaling is encouraging and no Boolean to Arithmetic conversion has been used.

On the duals of quasi-cyclic codes and their application to quantum codes

We study cyclic codes over the ring H of order 4 and characteristic 2 defined by generators and relations as H=⟨a,b∣2a=2b=0,a2=0,b2=b,ab=ba=0⟩. This is the first time that cyclic codes over a non-unitary ring are studied. Every cyclic code of length n over H is uniquely determined by the data of an ordered pair of binary cyclic codes of length n. We characterize self-dual, quasi-self-dual, and linear complementary dual cyclic codes H. We classify cyclic codes of length at most 7 up to equivalence. A Gray map between cyclic codes of length n over H and quasi-cyclic codes of length 2n over F2 is studied.

Let [Formula: see text] be the ring of integers modulo 4. We study the [Formula: see text]-constacyclic and [Formula: see text]-cyclic codes over the non-chain ring [Formula: see text] for a unit [Formula: see text] in [Formula: see text]. We define several Gray maps and find that the respective Gray images of a quasi-cyclic code over [Formula: see text] are cyclic, quasi-cyclic or permutation equivalent to this code. For an odd positive integer [Formula: see text], we determine the generator polynomials of cyclic and [Formula: see text]-constacyclic codes of length [Formula: see text] over [Formula: see text]. Further, we prove that a [Formula: see text]-cyclic code of length [Formula: see text] is a [Formula: see text]-constacyclic code if [Formula: see text] is odd, and a [Formula: see text]-quasi-twisted code if [Formula: see text] is even. A few examples are also incorporated, in which two parameters are new and one is best known to date.

A theorem is proven showing how to obtain a constant-weight binary quasi-cyclic code from a pr-ary linear cyclic code, where p is a prime and r is a positive integer, r > 1, by using a representation of the elements of a Galois field, GF(pr), as cyclic shifts of a binary pr-tuple. From this theorem, constructions are derived for two classes of constant-weight binary quasi-cyclic codes. These two classes are shown to achieve the Johnson upper bound on the number of codewords asymptotically for long block lengths. A quasicyclically permutable (QCP) code is a binary code such that the codewords are quasicyclically distinct and have cyclic order equal to the code block length. A technique is described for selecting virtually the maximum number of cyclically distinct codewords of full cyclic order from Reed-Solomon (RS) codes and from Berlekamp-Justesen (BJ) codes, both known to be maximum distance separable codes. Those cyclically distinct codewords of full cyclic order from RS codes and from BJ codes are mapped to binary to produce two classes of asymptotically optimum constant-weight quasicyclic codes and two classes of asymptotically optimum constant weight QCP codes. An application of QCP codes is introduced to construct protocol-sequence sets for the M-active-out-of-T users collision channel without feedback, allowing more users than strict cyclically permutable codes with the same block length and minimum distance.