E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, "On the Inherent Intractability of Certain Coding Problems", IEEE Trans. Info. Theory, vol. 24, pp. 384-386, 1978.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....only be repeated a polynomial number of rounds to find the correct r. As Shor notes, there already exist classical polynomial time algorithms [PH78] for the p smooth case. Surviving Assumptions 7. 1 Error Correcting Codes Assumptions Decoding an arbitrary linear code is an NP hard problem [ERvT78] The McEliece cryptosystem is based on this assumption. The McEliece system uses an easy special case of the NP hard problem, disguised as a general looking instance of the problem. The two major drawbacks of the systems are large key size and message expansion. 7.1.1 Introduction to linear ....

....A syndrome is a column vector with n k components. A vector is a codeword if and only if its syndrome is zero. 7.5 Definition The syndrome decoding problem Given a linear code and the syndrome of a vector, find the nearest codeword to the vector. The syndrome decoding problem is NP hard [ERvT78] Fischer and Stern [FS96] constructed an e#cient PRBG based on this problem, and proved that the generator is as secure as a hard instance of the problem. NP hardness ensures that there is no known polynomial time algorithm for solving the problem in the worst case. However, for many special ....

E.R.Berlekamp, R.J.McEliece, and H.C.A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24:384--386, 1978.

....CP = MSG ZP and corrects the t bit error ZP using the known error correction algorithm. After that M can be recovered using S . This system, like other systems [HR88,J83,N86] depends on the fact that in the worst case, decoding an arbitrary error correcting code is NP complete [BMvT78]. It is hoped that G represents one of these dicult cases. Since their introduction, public key cryptosytems based on error correcting codes have largely been of theoretical interest. They require enormous keys in order to achieve comparible security to currently implemented public key ....

....needs only a little more than 1Kb of storage and provides excellent security. Large keys aside, error correcting code cryptosystems have been touted as a potential saviour of public key cryptography. These systems are based on the syndrome decoding problem which was shown to be NP complete in [BMvT78]. Other public key cryptosystems, such as RSA, are based on problems such as factoring which are only thought to be dicult. It is possible that someone will discover an ecient factoring algorithm, whereas it would require proving that P = NP to nd an ecient general syndrome decoding algorithm. ....

[Article contains additional citation context not shown here]

E.R. Berlekamp, R.J. McEliece, H. van Tilborg, \On the Inherent Intractability of Certain Coding Problems," IEEE Transactions on Information Theory, Vol. 24, 1978, pp. 384-386.

....subject of the computational complexity of problems arising in error correcting coding. These problems, such as the minimum distance decoding of linear codes, are of a different nature than the problems that we study here. The first results of this type were by Berlekamp, McEliece, and van Tilborg [14], and many other examples are given by Vardy [15] and Sudan [16] Horn and Kschischang [17] and Kschischang and Sorokine [18] have shown NP completeness of certain problems of minimizing the trellis complexity of an error correcting code. Regarding related work in complexity theory, one of the ....

E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. IT-24, pp. 384--386, May 1978.

.... both P ( and ( Specifically, we now show that given a polynomial time algorithm for the computation of Mopt(H, C) in (55) one could devise a polynomial time algorithm for maximum likelihood hard decision decoding of Cq (n, k) If Cq (n, k) is a general linear code, the latter task is known [3] to be NP hard. More precisely, let q be a fixed prime power and let d( denote the Hamming distance; then, the following decision problem Problem: MAXIMUM LIKELIHOOD DECODING Instance: Positive integers n, k, t, an (n k) x n matrix H over Fq, and a vector y 6 F. Question: Is there a ....

....following decision problem Problem: MAXIMUM LIKELIHOOD DECODING Instance: Positive integers n, k, t, an (n k) x n matrix H over Fq, and a vector y 6 F. Question: Is there a vector c 6 li such that d(c, y) t and Hc: 07 was shown to be NP complete by Berlekamp, McEliece, and van Tilborg [3]. Let Q denote the field of rational numbers. In this appendix, we exhibit a polynomial transformation from MAXIMUM LIKELIHOOD DECODING to the following decision problem Problem: OPTIMAL MULTIPLICITY MATRIX Instance: Positive integers n, k, and , an (n k) x n matrix H over Fq which defines a ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, 'On the inherent intractabil- ity of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, pp. 384 386, May 1978.

....a set of k vectors of H that sum to the all zero vector Minimum Distance Instance: A set H of binary vectors of length m, and a positive integer k. Question: Is there a non empty set of at most k vectors of H that sum to the all zero vector In 1978, Berlekamp, McEliece and van Tilborg [BMcEvT78] proved that Maximum Likelihood Decoding and Weight Distribution are NP complete, by a reduction from 3 Dimensional Matching. The Minimum Distance problem has recently been shown to be NP complete by Vardy [Var97] also by a reduction from 3 Dimensional Matching. Because 3 Dimensional Matching is ....

E.R. Berlekamp, R.J. McEliece and H.C.A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory 24 (1978), 384--386.

....the proposed parameters. We also derive from our algorithm a bound on the minimal rank distance of a linear code which shows that the parameters from [Che94] are inconsistent. 1 Introduction It is known that the problem of finding a codeword of given weight in a linear binary code is NP complete [BMT78]. Furthermore, the problem remains difficult when the code is chosen at random and the weight is close to the GilbertVarshamov bound (see the discussion in [Ste, FS96] Recently, several cryptographic schemes aimed at entity identification and based on this property [Gir90, Har89, Ste90, Ste94, ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. Van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory, IT24 (3):384--386, May 1978.

....as the values of the parameters n; k; p. 2 Security of the scheme Of course, the security of the scheme relies on the difficulty of inverting the function s Gamma H(s) when its arguments are restricted to valid secret keys. In order to give evidence of this difficulty, let us recall from [1] that it is NP complete to determine whether a code has a word s of weight p whose image is a given k bit word i. Let us also observe that, if p is small enough, finding s is exactly equivalent to finding the codeword w minimizing the weight of t Phi w, when an element t of H (i) is chosen. ....

E. R. Berlekamp, R. J. Mc Eliece and H. C. A. Van Tilborg. On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory, (1978) 384-386.

....one bits are located and is non zero. Random linear codes are defined by a random parity check matrix. For such codes, no efficient algorithm is known for finding the closest code word to a vector, given its syndrome. It is also difficult to find a word of given weight from his syndrome s value [2]. This is called the syndrome decoding problem. These problems are NP complete. For further information, we refer to the books by McWilliams and Sloane [17] for error correcting codes, and by Garey and Johnson [7] for NP complete problems. The syndrome decoding problem is NP hard; see Berlekamp, ....

....decoding problem. These problems are NP complete. For further information, we refer to the books by McWilliams and Sloane [17] for error correcting codes, and by Garey and Johnson [7] for NP complete problems. The syndrome decoding problem is NP hard; see Berlekamp, McEliece and van Tilborg [2] for a proof. It can be stated as follows [7] Instance: An m Theta n binary matrix A = a ij ) a binary non null vector y = y 1 ; ym ) and a positive integer w. Question: Is there a binary vector x = x 1 ; xn ) with no more than w 1 s such that, for 1 j m, P n i=1 x i ....

Berlekamp, E. R., McEliece, R. J., van Tilborg, H. C. A.:. On the inherent intractability of certain coding problems. In IEEE Trans. Information Theory (1978) IEEE pp. 384--386.

.... Psi( Delta) Specifically, we now show that given a polynomial time algorithm for the computation of M opt ( Pi; C) in (55) one could devise a polynomial time algorithm for maximum likelihood hard decision decoding of C q (n; k) If C q (n; k) is a general linear code, the latter task is known [3] to be NP hard. More precisely, let q be a fixed prime power and let d( Delta; Delta) denote the Hamming distance; then, the following decision problem Problem: Maximum Likelihood Decoding Instance: Positive integers n; k; t, an (n Gammak) Theta n matrix H over F q , and a vector y 2 F q . ....

....problem Problem: Maximum Likelihood Decoding Instance: Positive integers n; k; t, an (n Gammak) Theta n matrix H over F q , and a vector y 2 F q . Question: Is there a vector c 2 F q such that d(c; y) 6 t and Hc = 0 was shown to be NP complete by Berlekamp, McEliece, and van Tilborg [3]. Let Q denote the field of rational numbers. In this appendix, we exhibit a polynomial transformation from Maximum Likelihood Decoding to the following decision problem Problem: Optimal Multiplicity Matrix Instance: Positive integers n, k, and C, an (n Gammak) Theta n matrix H over F q which ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, pp. 384--386, May 1978.

....In particular, for asymptotically good or even weakly good codes, both strategies above run in exponential time. One may wonder if this exponential time behavior is inherent to the decoding problem. In perhaps the first complexity result in coding theory, Berlekamp, McEliece and van Tilborg [4] present the answer to this question. Theorem16 [4] The Maximum likelihood decoding problem for general linear codes is NP hard. There are two potential ways to attempt to circumvent this result. One method is to define and solve the maximum likelihood decoding problem for specific linear ....

....good codes, both strategies above run in exponential time. One may wonder if this exponential time behavior is inherent to the decoding problem. In perhaps the first complexity result in coding theory, Berlekamp, McEliece and van Tilborg [4] present the answer to this question. Theorem16 [4]. The Maximum likelihood decoding problem for general linear codes is NP hard. There are two potential ways to attempt to circumvent this result. One method is to define and solve the maximum likelihood decoding problem for specific linear codes. We will come to this question momentarily. The ....

[Article contains additional citation context not shown here]

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24:384--386, 1978.

....In particular, for asymptotically good or even weakly good codes, both strategies above run in exponential time. One may wonder if this exponential time behavior is inherent to the decoding problem. In perhaps the rst complexity result in coding theory, Berlekamp, McEliece and van Tilborg [4] present the answer to this question. Theorem 1 ( 4] The Maximum likelihood decoding problem for general linear codes is NP hard. There are two potential ways to attempt to circumvent this result. One method is to de ne and solve the maximum likelihood decoding problem for speci c linear ....

....good codes, both strategies above run in exponential time. One may wonder if this exponential time behavior is inherent to the decoding problem. In perhaps the rst complexity result in coding theory, Berlekamp, McEliece and van Tilborg [4] present the answer to this question. Theorem 1 ([4]) The Maximum likelihood decoding problem for general linear codes is NP hard. There are two potential ways to attempt to circumvent this result. One method is to de ne and solve the maximum likelihood decoding problem for speci c linear codes. We will come to this question momentarily. The ....

[Article contains additional citation context not shown here]

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24:384-386, 1978.

....solution to the k variate problem for general k, which works whenever = q d=jHj) seems to be another interesting question. Lastly we speculate on the complexity of the maximum likelihood problem (or the nearest codeword problem) This problem is known to be NP hard for general linear codes [5]. The hardness of the problem considered in [5] could be due to one of two reasons: 1) It is a maximum likelihood decoding problem rather than a error correction problem; 2) The code is speci ed as part of the input, rather than being a well known one which is more standard. It would be nice ....

....k, which works whenever = q d=jHj) seems to be another interesting question. Lastly we speculate on the complexity of the maximum likelihood problem (or the nearest codeword problem) This problem is known to be NP hard for general linear codes [5] The hardness of the problem considered in [5] could be due to one of two reasons: 1) It is a maximum likelihood decoding problem rather than a error correction problem; 2) The code is speci ed as part of the input, rather than being a well known one which is more standard. It would be nice to know which of the two causes is responsible ....

E. Berlekamp, R. McEliece and H. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, pp. 384-386, 1978. 16

....error correcting codes by choosing a matrix at random and checking if the associated code has a large minimum distance. No such algorithm is known. The complexity of this problem (can it be solved in polynomial time or not ) was rst explicitly questioned by Berlekamp, McEliece and van Tilborg [7] in 1978 who conjectured it to be NP complete. This conjecture was nally resolved in the armative by Vardy ( 17] in 1997. 17] also gives further motivations and detailed account of prior work on this problem. To advance this search of good codes, one can allow for approximate solution, by ....

....F k n q and a received word x 2 F n q and the goal is to nd the nearest codeword y 2 A to x. A more restricted version is to estimate the minimum error weight d(x; A) that is the distance d(x; y) to the nearest codeword. The NCP is a well studied problem: Berlekamp, McEliece and van Tilborg [7] showed that it is NPhard; and more recently Arora, Babai, Stern and Sweedyk [2] showed that the error weight is hard to approximate to within a factor of 2 log (1 ) n for any 0, unless NP QP (deterministic quasi polynomial time) However the NCP only provides a rst cut at ....

[Article contains additional citation context not shown here]

E.R. Berlekamp, R.J. McEliece, H.C.A. van Tilborg, \On the Inherent Intractability of Certain Coding Problems", IEEE Transactions on Information Theory, Vol. IT-24, n. 3, May 1978, pp. 384-386.

....subject of the computational complexity of problems arising in error correcting coding. These problems, such as the minimum distance decoding of linear codes, are of a different nature than the problems that we study here. The first results of this type were by Berlekamp, McEliece, and van Tilborg [14], and many other examples are given by Vardy [15] and Sudan [16] Horn and Kschischang [17] and Kschischang and Sorokine [18] have shown NP completeness of certain problems of minimizing the trellis complexity of an error correcting code. Regarding related work in complexity theory, one of the ....

E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, pp. 384--386, 1996.

....error correcting codes by choosing a matrix at random and checking if the associated code has a large minimum distance. No such algorithm is known. The complexity of this problem (can it be solved in polynomial time or not ) was first explicitly questioned by Berlekamp, McEliece and van Tilborg [7] in 1978 who conjectured it to be NP complete. This conjecture was finally resolved in the affirmative by Vardy ( 15] in 1997. 15] also gives further motivations and detailed account of prior work on this problem. We examine the approximability of this parameter and show that it is hard to ....

....(NCP) also known as the maximum likelihood decoding problem ) Here, the input instance consists of a linear code given by its matrix A 2 F n Thetak q and a received word x 2 F n q and the goal is to find the nearest codeword y 2 CA to x. The NCP is a well studied problem: Berlekamp et al. [7] showed that it is NP hard; and more recently Arora, Babai, Stern and Sweedyk [2] showed that the distance of the received word to the nearest codeword is hard (unless NP QP, deter possible to do better than random codes using an exponential procedure [16] 2 f(n) is quasi polynomial in n if ....

E.R. Berlekamp, R.J. McEliece, H.C.A. van Tilborg, "On the Inherent Intractability of Certain Coding Problems ", IEEE Transactions on Information Theory, Vol. IT-24, n. 3, May 1978, pp. 384--386.

....the resulting code (cf. 7,15] the relation between the two problems is clear: we would like to nd good linear codes that can also be eciently decoded. As in the lattice case, empirical evidence shows that MDP is not harder than NCP: whereas it is easy to establish the NP hardness of NCP (cf. [3]) the question for MDP was open until recently being resolved in the armative by Vardy (cf. 15] Furthermore, the NP hardness of approximating NCP to within any constant factor 8 was proved in [2] whereas MDP was proved NP hard to approximate within any constant only recently (cf. 6] ....

E.R. Berlekamp, R.J. McEliece, H.C.A. van Tilborg, On the Inherent Intractability of Certain Coding Problems, IEEE Transactions on Information Theory IT-24 (3), May 1978, pp. 384-386.

....solution to the k variate problem for general k, which works whenever = p d=jHj) seems to be another interesting question. Lastly we speculate on the complexity of the maximum likelihood problem (or the nearest codeword problem) This problem is known to be NP hard for general linear codes [5]. The hardness of the problem considered in [5] could be due to one of two reasons: 1) It is a maximum likelihood decoding problem rather than a error correction problem; 2) The code is speci ed as part of the input, rather than being a well known one which is more standard. It would be nice ....

....k, which works whenever = p d=jHj) seems to be another interesting question. Lastly we speculate on the complexity of the maximum likelihood problem (or the nearest codeword problem) This problem is known to be NP hard for general linear codes [5] The hardness of the problem considered in [5] could be due to one of two reasons: 1) It is a maximum likelihood decoding problem rather than a error correction problem; 2) The code is speci ed as part of the input, rather than being a well known one which is more standard. It would be nice to know which of the two causes is responsible ....

E. Berlekamp, R. McEliece and H. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, pp. 384-386, 1978.

....[10] shows that cycle free graphs only admit error correcting codes with a very low minimum distance, and consequently poor asymptotic performance. Thus, graph cycles are a diculty inherent in this decoding scheme. The fact that maximum likelihood decoding of a linear code is an NP hard problem [11] con rms the intuition that decoding on a graph with cycles is intrinsically dicult. For this reason, we feel it is important to look at techniques for breaking cycles in such graphs. The concept of cycle breaking is not new [8] The traditional techniques for doing this involve removing edges ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, \On the inherent intractability of certain coding problems," IEEE Transactions on Information Theory, vol. 24, pp. 384-386, 1978.

....decision problem, the inputs are a linear code over a given finite field, a received word, and a specified distance t, and the output is a yes or no answer to the question of whether there is a codeword within distance t of the received word. This decision problem is known to be NP complete [4]. In list decoding, the goal is to output the list of all codewords within a specified distance of the received word. In [42] and [43] Sudan gave the first e#cient methods for list decoding that run in time polynomial in the length of the codewords. Since then, Sudan s list decoding technique ....

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24 (1978), 384--386.

....to formulate. Numerous variants of this problem exist in the literature. The rst question raised by these problems is: How should the code be speci ed If it is part of the input, almost immediately hardness results crop up. The rst such results were due to Berlekamp, McEliece and van Tilborg [13]. Subsequently many variants have been shown to remain hard e.g. approximation [2, 20] to within error bounded by distance [23] xed number of errors [21] See also the survey by Barg [5] In this section we will not deal with such problems, but focus on this problem for xed classes of ....

Elwyn R. Berlekamp, Robert J. McEliece, and Henk C. A. van Tilborg. On the inherent intractability of certain coding problems (Corresp. ). IEEE Transactions on Information Theory, 24(3):384-386, May 1978.

....decoding decision problem, the inputs are a linear code over a given nite eld, a received word, and a speci ed distance t, and the output is a yes or no answer to the question of whether there is a codeword within distance t of the received word. This decision problem is known to be NP complete [3]. In list decoding, the goal is to output the list of all codewords within a speci ed distance of the received word. In [39] and [40] Sudan gave the rst ecient methods for list decoding that run in time polynomial in the length of the codewords. Since then, Sudan s list decoding technique has ....

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24 (1978), 384-386. EFFICIENT TRAITOR TRACING ALGORITHMS USING LIST DECODING 11

....Adleman [3] Its security lies in the difficulty of the problem of factoring large integers. We focus our attention on public key cryptosystems based on linear codes. Prof. McEliece was the first who proposed to use linear codes for Public Key Cryptosystems (PKC) 4] Later on, it was shown in [5] that the the problem of decoding a general linear code is NP complete. If a family of linear codes is to be used in PKC, is should possess the following features: ffl It is be rich enough to avoid an exhaustive search when an enemy party wants to break the cryptosystem; ffl Encoding ....

....on Linear Codes 43 of n Gamma r Gamma 1 equations of order at most 4 in three variables. This system can be solved using O(r 3 rn) calculations. This example shows that the hiding matrix X should be chosen and examined very carefully. 4. The McEliece Cryptosystem based on Goppa Codes In [5], the authors showed that the problem of decoding a general binary linear code is a NP complete. Hence, if there exists a big set of codes of large distance having fast decoding algorithms, then someone can choose one of these codes as a public key with the fast decoding algorithm as a secret key, ....

[Article contains additional citation context not shown here]

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, "On inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. IT-24, pp. 384-386, 1978.

.... of the memory cells such that for 1 k T , i [k] only depends on i 1 [1] i 1 [k 1] Y i and Z and is independent of i 1 [k] i 1 [T ] The dependence structure of such an automaton A is characterized by a loop free directed graph GA with vertex set V = fI; 1] [2]; T ] Og and edge set E, where I and O denote the input and output, respectively. A directed edge from [j] to [k] indicates that i [k] functionally depends on i 1 [j] Similarly, an edge from I to [k] indicates that i [k] functionally depends on Y i , and an edge from [k] to O ....

....of linear equations over GF (2) i.e. of nding the solution that satis es the most equations. This problem is equivalent to the problem of decoding a linear code to the nearest codeword, which is for general linear codes believed to be a very dicult problem. In fact, this problem is NP complete [2]. However, for certain special types of codes there do exist ecient decoding algorithms. Moreover, a signi cant step towards decoding general linear codes has recently been announced [8] Because the codewords in our application have length 2 M and are thus too long to be even only read in ....

E.R. Berlekamp, R.J. McEliece and H.C.A. van Tilborg, On the inherent intractability of certain coding problems, IEEE Transactions on Information Theory, vol. 24, pp. 384-386, 1978.

....been a substantial amount of previous work on the complexity of the problems considered here. Although many of these problems are naturally parameterized, all the prior work was in the framework of NP completeness. The following three problems, considered by Berlekamp, McEliece, and van Tilborg [BMvT78] in 1978, are of importance in the theory of linear codes: Problem: Maximum Likelihood Decoding Instance: A binary m Theta n matrix H , a target vector s 2 IF m 2 , and an integer k 0. Question: Is there a set of at most k columns of H that sum to s Parameter: k Problem: Weight ....

....k Notice that the difference between the definitions of the Minimum Distance and Weight Distribution problems is very slight. Weight Distribution requires exactly k columns in a solution, while Minimum Distance requires at most k columns in a solution. Berlekamp, McEliece and van Tilborg [BMvT78] proved that Maximum Likelihood Decoding and Weight Distribution are NP complete, by means of a reduction from 3 Dimensional Matching. They conjectured that MinimumDistance is also NP complete, and Vardy[Var97b] recently proved this conjecture using a non parametric reduction from ....

[Article contains additional citation context not shown here]

E.R.Berlekamp, R.J. McEliece, and H.C.A.van Tilborg, On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory, 24, (1978), 384--386.

....subject of the computational complexity of problems arising in error correcting coding. These problems, such as the minimum distance decoding of linear codes, are of a different nature than the problems that we study here. The first results of this type were by Berlekamp, McEliece, and van Tilborg [16], and many other examples are given by Vardy [17] and Sudan [18] Horn and Kschischang [19] and Kschischang and Sorokine [20] have shown NP completeness of certain problems of minimizing the trellis complexity of an error correcting code. Regarding related work in complexity theory, one of the ....

E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, pp. 384--386, 1996.

....The two versions of LDPC codes: a) Original version, and (b) dual version The second more serious question was that of efficient decoding of such codes, as maximum likelihood decoding is a very hard task in general. It was shown many years later that a corresponding decision problem is NP hard [3]. Low density parity check (LDPC) codes, described in the next section, are very well suited to (at least partially) answering both of these questions. 3 LDPC Codes 3.1 Code Construction In the following we will assume that the code alphabet A is the binary field GF(2) Let G be a bipartite ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory, 24:384--386, 1978.

....the public key on Public Key Cryptosystems based on coding theory. Cryptosystems based on coding theory rely on the difficulty of decoding or finding a minimum weight codeword in a large linear code with no visible structure. These general problems of coding theory were proven to be NP complete [EBvT78] and were used on the public key cryptosystems proposed by McEliece [McE78] Niederreiter [Nie86] and Gabidulin [GPT91] Some identification schemes that exploit these problems have also been proposed in [Ste93] and [Ver95] Despite the general problem of finding a minimum weight codeword in a ....

R. McEliece E. Berlekamp and H. van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Information Theory, IT-24(3):384--386, May 1978.

....CP 1 = MSG ZP 1 and corrects the t bit error ZP 1 using the known error correction algorithm. After that M can be recovered using S 1 . This system, like other systems [HR88,J83,N86] depends on the fact that in the worst case, decoding an arbitrary error correcting code is NP complete [BMvT78]. It is hoped that G # represents one of these di#cult cases. Since their introduction, public key cryptosytems based on error correcting codes have largely been of theoretical interest. They require enormous keys in order to achieve comparible security to currently implemented public key ....

....needs only a little more than 1Kb of storage and provides excellent security. Large keys aside, error correcting code cryptosystems have been touted as a potential saviour of public key cryptography. These systems are based on the syndrome decoding problem which was shown to be NP complete in [BMvT78]. Other public key cryptosystems, such as RSA, are based on problems such as factoring which are only thought to be di#cult. It is possible that someone will discover an e#cient factoring algorithm, whereas it would require proving that P = NP to find an e#cient general syndrome decoding ....

[Article contains additional citation context not shown here]

E.R. Berlekamp, R.J. McEliece, H. van Tilborg, "On the Inherent Intractability of Certain Coding Problems," IEEE Transactions on Information Theory, Vol. 24, 1978, pp. 384--386.

....14] and noisy channels (see, e.g. 13] Error correcting codes can also be employed in the construction of traditional cryptographic primitives. In [24] McEliece elaborates a well known public key cryptosystem whose hardness is based on the NP hard problem of decoding an arbitrary linear code [8]. Researchers have also proposed identi cation [32] and digital signature schemes [1] based on error correcting codes, among other applications. In a recent paper [21] Jakobsen demonstrates that a class of error correcting codes known as Reed Solomon codes can even assist in the cryptanalysis of ....

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24:384-386, 1978.

....will be from NP complete problems in coding theory, that for our purposes can be described as follows: Codeword of given weight: Given a binary r Theta c matrix H and an integer w, is there a vector x with w ones s.t. Hx = 0 This problem on binary linear codes was shown NP complete in [1]. The problem Codeword of maximal weight, asking for a vector of weight at least w is also NP complete for binary codes [6] Finally, the problem Codeword of minimal weight for binary linear codes, asking for a non zero vector of weight at most w was conjectured NP complete in [1] and finally ....

.... NP complete in [1] The problem Codeword of maximal weight, asking for a vector of weight at least w is also NP complete for binary codes [6] Finally, the problem Codeword of minimal weight for binary linear codes, asking for a non zero vector of weight at most w was conjectured NP complete in [1], and finally proven to be so in a recent paper [9] These problems are equivalent to asking if the orthogonal complement of the linear space generated by the columns of H contains a non zero vector of weight w, at least w, or at most w (in other words, if there are exactly w, at least w, or ....

E. Berlekamp, R.J. McEliece and H.C.A. van Tilborg, On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory. Vol.29, No.3, 1978, 384-386.

....will be from NP complete problems in coding theory, that for our purposes can be described as follows: Codeword of given weight: Given a binary r Theta c matrix H and an integer w, is there a vector x with w ones s.t. Hx = 0 This problem on binary linear codes was shown NP complete in [1]. The problem Codeword of maximal weight, asking for a vector of weight at least w is also NPcomplete for binary codes [6] Finally, the problem Codeword of minimal weight for binary linear codes, asking for a non zero vector of weight at most w was conjectured NP complete in [1] and finally ....

.... NP complete in [1] The problem Codeword of maximal weight, asking for a vector of weight at least w is also NPcomplete for binary codes [6] Finally, the problem Codeword of minimal weight for binary linear codes, asking for a non zero vector of weight at most w was conjectured NP complete in [1], and finally proven to be so in a recent paper [9] These problems are equivalent to asking if the linear space generated by the columns of H contain a non zero vector of weight w, at least w, or at most w. They are thus very close to (EVEN, EVEN) set problems. However, inputs to the (EVEN, ....

E. Berlekamp, R.J. McEliece and H.C.A. van Tilborg, On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory. Vol.29, No.3, 1978, 384-386.

No context found.

E. R. Berlekamp, R. J. McEliece, and H. C. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3), May 1978.

No context found.

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, On the inherent intractability of certain coding problems, IEEE Transactions on Information Theory, Vol.24, No.3, 1978, pp.384--386.

No context found.

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, "On the Inherent Intractability of Certain Coding Problems", IEEE Trans. Info. Theory, vol. 24, pp. 384-386, 1978.

No context found.

E. Berlekamp, R. McEliece, and H. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24, 1978.

No context found.

Elwyn R. Berlekamp, Robert J. McEliece, and Henk C. A. van Tilborg, On the inherent intractability of certain coding problems, IEEE Trans. Information Theory IT-24 (1978), no. 3, 384--386. MR MR0495180 (58 #13912)

No context found.

E. R. Berlekamp, R. J. McEliece, and V. Tilborg. On the Inherent Intractability of Certain Coding Problems. IEEE Transactions on Information Theory, 24, 1978.

No context found.

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg. On the Inherent Intractability of Certain Coding Problems. IEEE Trans. Info. Theory 24: 384--386, 1978.

No context found.

E. Berlekamp, R. McEliece, and H. van Tilborg, On the inherent intractability of certain coding problems, IEEE Transactions on Information Theory 24(3) (1978), 384--386. 23

No context found.

E. R. Berlekamp, R. J. McEliece, and V. Tilborg. On the Inherent Intractability of Certain Coding Problems. IEEE Transactions on Information Theory, 24, 1978.

No context found.

E. Berlekamp, R. McEliece, and H. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24, 1978.

No context found.

E. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg. On inherent intractability of certain coding problems. IEEE Transactions on Information Theory, IT-24:384--386, 1978.

No context found.

E. R. Berlekamp, R. J. McEliece, and H. C. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3), May 1978.

No context found.

Elwyn R. Berlekamp, Robert J. McEliece, and Henk C. A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3):384{ 386, May 1978.

No context found.

E. Berlekamp, R. McEliece, and H. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, no. 3, pp. 384-386, May 1978.

No context found.

E.R.Berlekamp, R.J.McEliece, and H.C.A. van Tilborg. On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24:384-386, 1978.

No context found.

E. R. Berlekamp, R. J. Mc Eliece, H. C. A. Van Tilborg. On the inherent intractability of certain coding problems, Trans. Inform. Theory (1978) 384-386.

No context found.

E. R. Berlekamp, R. J. McEliece and H. C. A. van Tilborg. On the inherentintractability of certain coding problems. IEEE Transactions on Information Theory, 24:384#386, 1978.

No context found.

E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inform. Theory, vol. 24, pp. 384--386, 1978.

No context found.

E.R. Berlekamp, R.J. McEliece and H.C.A. van Tilborg [1978], On the inherent intractability of certain coding problems, IEEE Trans. Inform. Theory IT-24, 384-386.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC