TY - GEN
T1 - Highway to Hull
T2 - 45th Annual International Cryptology Conference, CRYPTO 2025
AU - Couvreur, Alain
AU - Levrat, Christophe
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2025.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - The matrix code equivalence problem consists, given two matrix spaces C,D⊂Fqm×n of dimension k, in finding invertible matrices P∈GLm(Fq) and Q∈GLn(Fq) such that D=PCQ-1. Recent signature schemes such as MEDS and ALTEQ relate their security to the hardness of this problem. Recent works by Narayanan, Qiao and Tang on the one hand and by Ran and Samardjiska on the other hand tackle this problem. The former is restricted to the “cubic” case k=m=n and succeeds in O~(qk2) operations. The latter is an algebraic attack on the general problem whose complexity is not fully understood and which succeeds only on O(1/q) instances. We present a novel algorithm which solves the problem in the general case. Our approach consists in reducing the problem to the matrix code conjugacy problem, i.e. the case P=Q. For the latter problem, similarly to the permutation code equivalence problem in Hamming metric, a natural invariant based on the Hull of the code can be used. Next, the equivalence of codes can be deduced using a usual list collision argument. For k=m=n, our algorithm achieves the same time complexity as Narayanan et al. but with a lower space complexity. Moreover, ours extends to a much broader range of parameters.
AB - The matrix code equivalence problem consists, given two matrix spaces C,D⊂Fqm×n of dimension k, in finding invertible matrices P∈GLm(Fq) and Q∈GLn(Fq) such that D=PCQ-1. Recent signature schemes such as MEDS and ALTEQ relate their security to the hardness of this problem. Recent works by Narayanan, Qiao and Tang on the one hand and by Ran and Samardjiska on the other hand tackle this problem. The former is restricted to the “cubic” case k=m=n and succeeds in O~(qk2) operations. The latter is an algebraic attack on the general problem whose complexity is not fully understood and which succeeds only on O(1/q) instances. We present a novel algorithm which solves the problem in the general case. Our approach consists in reducing the problem to the matrix code conjugacy problem, i.e. the case P=Q. For the latter problem, similarly to the permutation code equivalence problem in Hamming metric, a natural invariant based on the Hull of the code can be used. Next, the equivalence of codes can be deduced using a usual list collision argument. For k=m=n, our algorithm achieves the same time complexity as Narayanan et al. but with a lower space complexity. Moreover, ours extends to a much broader range of parameters.
UR - https://www.scopus.com/pages/publications/105014156863
U2 - 10.1007/978-3-032-01855-7_9
DO - 10.1007/978-3-032-01855-7_9
M3 - Conference contribution
AN - SCOPUS:105014156863
SN - 9783032018540
T3 - Lecture Notes in Computer Science
SP - 253
EP - 283
BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
A2 - Tauman Kalai, Yael
A2 - Kamara, Seny F.
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 17 August 2025 through 21 August 2025
ER -