Noise-Enhanced High-Memory Codes

• The paper introduces a novel construction of high-memory convolutional codes enhanced by deliberate noise and dense masking to secure public-key cryptography against classical and quantum attacks.
• It employs directed-graph decryption, high constraint-length coding, and polynomial division to achieve exponential adversarial complexity while ensuring efficient decryption for legitimate users.
• The scheme scales linearly with plaintext length and resists advanced attacks like Information-Set Decoding, making it a promising candidate for post-quantum cryptographic applications.

Noise-Enhanced High-Memory Convolutional Codes (NE-HMCC) constitute a cryptographic construction employing directed-graph decryption of convolutional codes with substantially increased memory and deliberate noise injection. This approach produces public keys with generator matrices statistically indistinguishable from random linear codes, ensuring robust resistance to both classical and quantum cryptanalytic attacks. NE-HMCC integrates high constraint-length coding, dense masking, and polynomial division to facilitate efficient decryption for legitimate users while imposing exponential complexity on adversaries, making it a compelling scheme for scalable, quantum-resistant public-key cryptography (Ariel, 2 Dec 2025).

1. Code Structure and Masked Generator Construction

The NE-HMCC scheme begins with a base convolutional code (CC) of rate $k/n$ (typically $k=1$ for exposition, but the construction allows arbitrary rates). The memory parameters are $p$ (original CC memory) and $q$ (high-memory extension), yielding an overall constraint length $m = p + q$ and trellis size up to $2^{p+q}$ states. The base generator polynomials are

$$G_p(x) = [\,p_0(x),\,p_1(x),\,\ldots,\,p_{n-1}(x)\,]$$

with $p_i(x)=\sum_{j=0}^{p} a_{j}^{(i)} x^{j}$, and the high-memory "masking" polynomials are

$$G_Q(x) = [\,q_0(x),\,q_1(x),\,\ldots,\,q_{n-1}(x)\,]$$

with $q_i(x)=\sum_{j=0}^q b_{j}^{(i)}x^j$, chosen so $p+q \gg 200$ and $p \ll q$.

The high-memory generator is constructed as

$$G_{pQ}(x) = [\,p_0(x) q_0(x),\,p_1(x) q_1(x),\,\ldots,\,p_{n-1}(x) q_{n-1}(x)\,]$$

which in block form is a $K \times N$ matrix of full rank $K$, with $N = n (K + p + q)$. This structure inherently includes periodicity and algebraic structure that must be obscured for security.

To achieve a dense and random-like public matrix, a masking operation is applied. A small mask space $L \subset \mathbb{F}_2^N$ of rank $\ell \ll K$ is selected, and a dense mask $\dot{G} \in LS(L)$ (the set of all $2^{\ell}$ linear combinations of rows from $L$) is drawn. The masked generator is

$G' = G_{pQ} + \dot{G}$

which is then obfuscated through two further transformations: $G = S G' R$, where $S$ is a random nonsingular $K \times K$ matrix and $R$ a random $N \times N$ permutation. The public key is $(G, e, r)$ where $e$ is the encryption bit-flip probability and $r(x)$ a CRC polynomial; the private key is the tuple $(S, R, G_p(x), G_Q(x), \dot{G})$.

2. Noise-Enhancement and Ambiguity Mechanisms

Noise enhancement is central to the NE-HMCC security and decryption strategy. Encryption proceeds by computing $c = m\,G$ and applying independent bit-flips with probability $e$, yielding ciphertext $C_e = c + e$, $e \sim \mathrm{Bernoulli}(e)$.

Decryption intensifies the noise through polynomial division at each block. In block $j$, the operation is: $$(d^{(i)})_j(x) = ((\check{c} - \ell)_j(x)) \div q_j(x)$$ where $\check{c}$ is the inverse-permuted ciphertext and $\ell$ is each mask candidate. The resulting quotient accumulates not only input bit-flip errors, but also additional "division noise." The total noise affecting the legitimate decoder is $\widehat{e} = eN + a$ where $a$ is the total increase in error weight from division.

By carefully selecting mask polynomials (e.g., $q_j(x) = 1 + x^A$) with widely spaced taps, both the trellis capacity and resistance to structural cryptanalysis are enhanced.

3. Decryption Workflow and Polynomial Ambiguity

Decryption proceeds through the following steps:

1. Inverse Permutation: Apply $R^T$ to the ciphertext to recover $\check{c}$.
2. Mask Ambiguity: For all $2^\ell$ possible mask vectors $\ell \in LS(L)$, form $\tilde{c} = \check{c} - \ell$.
3. Blockwise Division: De-interleave $\tilde{c}$ into $n$ blocks, divide each by $q_j(x)$, and collect quotients.
4. Re-interleaving and Decoding: Each mask candidate yields a separate candidate $D$, providing $2^\ell$ length-$N$ vectors, each decoded via Viterbi in parallel (complexity $O(2^\ell N 2^p)$).
5. Plaintext Recovery: The candidate with minimal decoding distance (close to $\widehat{e} = eN + a$) is selected. CRC validation ensures correctness; if unsuccessful, the process iterates or requests retransmission.

The mask ambiguity is tractable for legitimate users (with typical $\ell=5$) but yields a combinatorial barrier for attackers. Incorrect mask choices inflate the Hamming distance of decoded candidates, efficiently distinguishing the correct plaintext in high probability.

4. Security Margins and Cryptanalytic Resistance

NE-HMCC achieves indistinguishability of $G$ from random linear codes, with full rank and row/column weights close to $N/2$ making all linear and parity structure tests ineffective. Dual-codewords can occur only with vanishing probability $2^{-\Omega(K)}$, while mask entropy provides $2^{\ell K}$ possible combinations, making mask-space enumeration infeasible given ciphertext noise.

Information-Set Decoding (ISD) is the main generic attack vector. With effective error weight $t = eN + a$: $$C_{\rm ISD} \sim 2^{0.29 (N - t)} \binom{N}{K}^{-1}$$ and, for quantum ISD: $C_{\rm QISD} \sim 2^{0.145 (N - t)}$

Compared to Classic McEliece (e.g., Goppa $(4096, 3556, 45)$), NE-HMCC with parameters $N=5600$, $K=2600$, $e=0.02$, $q_0 = x^{93}$, $q_1 = 1 + x^{186}$ yields $t \approx 0.07N = 392$, and $C_{\rm ISD} \approx 2 \times 10^{112}$, exceeding McEliece security margins by over $2^{72}$ in exponent (a $> 2^{200}$ margin).

Resistance to "known-CC" attacks—where attackers have $(G_p(x), G_Q(x))$ but not $(S, R, \dot{G})$—is guaranteed by the impractically large permutation/mask search space and the exponential complexity of all plausible decoding strategies.

5. Decryption Complexity and Scalability

Legitimate decryption requires $O(2^\ell N 2^p)$ add-compare-select (ACS) operations. For fixed ($\ell, p$), this complexity is $O(N)$, supporting linear-time scaling with plaintext length and uniform per-bit cost. Parallel hardware implementations, such as arrays of directed-graph decoders, are feasible, with ACS modules mapped efficiently to ASIC, FPGA, or closely coupled RISC-V cores. For $p=10$, $\ell=5$, $2^{15} = 32\,768$ ACS/bit operations are well within capabilities of contemporary mobile or embedded hardware, delivering Mbps throughput.

6. Analytical Formulas and Bounds

Key analytical results that support the security and performance claims include:

• Error-Propagation Bound:

$$a = \sum_{j=0}^{n-1} \left( \mathrm{wt}\left( (\tilde{c})_j \div q_j(x) \right) - \mathrm{wt}(e_j) \right)$$

• Gilbert Bound for Incorrect-Candidate Distance:

$$\sum_{i=0}^{\delta N} \binom{N}{i} \approx 2^{N(1-p)} \implies \delta \approx H_2^{-1}(1-p)$$

where $H_2(x) = -x \log_2 x - (1-x)\log_2(1-x)$.

• ISD Complexity Estimates:

$$C_{\rm ISD} \approx 2^{0.29(N - t)} \binom{N}{K}^{-1}, \quad C_{\rm QISD} \approx 2^{0.145(N - t)}$$

• Decoding Ambiguity: With $\ell$-bit mask uncertainty, $2^\ell$ decoding candidates are separated by decoding distances such that only the correct candidate achieves minimal (close to $t$) Hamming distance with high probability.

7. Significance in Post-Quantum Cryptography

NE-HMCC harmonizes high constraint-length convolutional codes, dense masking, random transformation, and controlled noise injection to yield a public code statistically indistinguishable from random. This supports polynomial-time decryption for legitimate users and exponential-cost attacks (ISD or otherwise) for adversaries. The resulting scheme provides security margins surpassing Classic McEliece by $>2^{200}$ classically and $>2^{100}$ quantumly, offers hardware-friendly, scalable decryption, and admits arbitrary plaintext lengths with uniform per-bit cost (Ariel, 2 Dec 2025). The architectural properties and cryptanalytic barriers position NE-HMCC as a strong candidate for scalable, robust, and high-security public-key systems in the post-quantum era.