Support-Guessing Decoding Algorithms in the Sum-Rank Metric

TL;DR

Improved complexity analysis, along with optimized support-guessing distributions, provides valuable insights for the design and evaluation of code-based cryptosystems using the sum-rank metric, particularly in the context of quantum-resistant cryptography.

Abstract

The sum-rank metric generalizes the Hamming and rank metric by partitioning vectors into blocks and defining the total weight as the sum of the rank weights of these blocks, based on their matrix representation. In this work, we explore support-guessing algorithms for decoding sum-rank-metric codes. Support-guessing involves randomly selecting candidate supports and attempting to decode the error under the assumption that it is confined to these supports. While previous works have focused on worst-case scenarios, we analyze the average case and derive an optimal support-guessing distribution in the asymptotic regime. We show that this distribution also performs well for finite code lengths. Our analysis provides exact complexity estimates for unique decoding scenarios and establishes tighter bounds beyond the unique decoding radius. Additionally, we introduce a randomized decoding algorithm for Linearized Reed--Solomon (LRS) codes. This algorithm extends decoding capabilities beyond the unique decoding radius by leveraging an efficient error-and-erasure decoder. Instead of requiring the entire error support to be confined to the guessed support, the algorithm succeeds as long as there is sufficient overlap between the guessed support and the actual error support. As a result, the proposed method improves the success probability and reduces computational complexity compared to generic decoding algorithms. Our contributions offer more accurate complexity estimates than previous works, which are essential for understanding the computational challenges involved in decoding sum-rank-metric codes. This improved complexity analysis, along with optimized support-guessing distributions, provides valuable insights for the design and evaluation of code-based cryptosystems using the sum-rank metric. This is particularly important in the context of quantum-resistant cryptography.

Figures (8)

• Figure 1: Illustration of the improved upper bound on the average complexity of Algorithm \ref{['alg:generic_sr_decoder']} for $q=2$, $m=20$, $n=60$, $k=30$, $t=9$, $s=10$. At $\ell=3$, the algorithm transitions from guessing the column support to guessing the row support.
• Figure 2: Complexity comparison for generic decoding with parameters: $q=2$, $m=20$, $n=60$, $k=30$, $t=9$, and $v=10$.
• Figure 3: Complexity comparison for generic decoding with parameters: $q=2$, $m=20$, $n=60$, $k=30$, $t=9$ and $v=v_\mathrm{max}$.
• Figure 4: Complexity comparison for generic decoding with parameters: $q=2$, $m=6$, $n=36$, $k=22$, $t=10$ and $v=10$.
• Figure 5: Regions of hardness for Algorithm \ref{['alg:prangeSR']} and bounds on the relative weight intervals for successful decoding vs code rate $R=k/n$ for parameters: $m = \eta = 2$, $q = 2$ ($\ell \to \infty$, average-case).

Theorems & Definitions (40)

• Definition 1: Sum-Rank Weight and Sum-Rank Distance
• Remark 1
• Definition 2
• Definition 3
• Remark 2
• Remark 3
• Definition 4: Row and Column Support
• Definition 5
• Remark 4
• Theorem 1