Paper 2007/153

Cryptographic Hardness based on the Decoding of Reed-Solomon Codes

Aggelos Kiayias and Moti Yung


We investigate the decoding problem of Reed-Solomon (RS) Codes, also known as the Polynomial Reconstruction Problem (PR), from a cryptographic hardness perspective. Namely, we deal with PR instances with parameter choices for which decoding is not known to be feasibly solvable and where part of the solution polynomial is the hidden input. We put forth a natural decisional intractability assumption that relates to this decoding problem: distinguishing between a single randomly chosen error-location and a single randomly chosen non-error location for a given corrupted RS codeword with random noise. We prove that under this assumption, PR-instances are entirely pseudorandom, i.e., they are indistinguishable from random vectors over the underlying finite field. Moreover, under the same assumption we show that it is hard to extract any partial information related to the hidden input encoded by the corrupted PR-instance, i.e., PR-instances hide their message polynomial solution in the semantic security sense. The above results lay a framework for the exploitation of PR as an intractability assumption for provable security of cryptographic primitives. Based on this framework, we present provably secure cryptographic constructions for (i) a pseudorandom extender, (ii) a semantically secure version of the Oblivious Polynomial Evaluation Protocol, and (iii) a stateful cipher with a set of interesting properties that include: semantic security, forward secrecy, error-correcting decryption and an array of random self-reducibility properties with respect to the plaintext choice, key choice and partial domain choice.

Note: This is a major revision of the original paper.

Available format(s)
Publication info
Published elsewhere. appeared in ICALP 2002 (preliminary version)
Coding TheoryReed-Solomon codes
Contact author(s)
aggelos @ cse uconn edu
2007-04-26: received
Short URL
Creative Commons Attribution


      author = {Aggelos Kiayias and Moti Yung},
      title = {Cryptographic Hardness based on the Decoding of Reed-Solomon Codes},
      howpublished = {Cryptology ePrint Archive, Paper 2007/153},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.