A CCA2 secure variant of the mceliece cryptosystem

IEEE Transactions on Information Theory

Volumn 58, Issue 10, 2012, Pages 6672-6680

  Dottling, Nico ^a   Dowsley, Rafael ^b   Muller Quade, Jörn ^a   Nascimento, Anderson C A ^c  

^a KARLSRUHE INSTITUTE OF TECHNOLOGY   (Germany)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c UNIVERSITY OF BRASILIA   (Brazil)

Author keywords

CCA2 security; McEliece assumptions; public key encryption; standard model

Indexed keywords

CCA2 SECURITY; CHOSEN CIPHERTEXT ATTACK; ELGAMAL; ENCRYPTION AND DECRYPTION; FIRST CONSTRUCTIONS; KEY SIZES; MCELIECE; MCELIECE CRYPTOSYSTEM; PUBLIC KEY CRYPTOSYSTEMS; PUBLIC-KEY ENCRYPTION; PUBLIC-KEY ENCRYPTION SCHEME; SECURITY NOTION; STANDARD MODEL; THE STANDARD MODEL;

QUANTUM COMPUTERS;

PUBLIC KEY CRYPTOGRAPHY;

EID: 84866481430     PISSN: 00189448     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIT.2012.2203582     Document Type: Article

References (38)

1. A. Becker, A. Joux, A. May, and A. Meurer, "Decoding random binary linear codes in : How improves information set decoding, " in Proc. EUROCRYPT, 2012, pp. 520-536.
2. E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, "On the inherent intractability of certain coding problems, " IEEE Trans. Inf. Theory. , vol. IT-24, no. 3, pp. 384-386, May 1978.
3. D. J. Bernstein, T. Lange, and C. Peters, "Attacking and defending the McEliece cryptosystem, " in Proc. Int. Workshop Post-Quantum Cryptography, 2008, pp. 31-46.
4. D. J. Bernstein, T. Lange, and C. Peters, "Smaller decoding exponents: Ball-collision decoding, " in Proc. CRYPTO, 2011, pp. 743-760.
5. B. Biswas and N. Sendrier, "McEliece cryptosystem implementation: Theory and practice, " in Proc. Int. Workshop Post-Quantum Cryptography, 2008, pp. 47-62.
6. R. Canetti, S. Halevi, and J. Katz, "Chosen-Ciphertext security from identity-based encryption, " in Proc. EUROCRYPT, 2004, pp. 207-222.
7. A. Canteaut and F. Chabaud, "A new algorithm for finding minimumweight words in a linear code: Application to primitive narrow-sense BCH codes of length 511, " IEEE Trans. Inf. Theory. , vol. 44, no. 1, pp. 367-378, Jan. 1998.
8. N. Courtois, M. Finiasz, and N. Sendrier, "How to achieve a McEliece digital signature scheme, " in Proc. ASIACRYPT, 2001, pp. 157-174.
9. R. Cramer and V. Shoup, "A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, " in Proc. CRYPTO, 1998, pp. 13-25.
10. D. Dolev, C. Dwork, and M. Naor, "Non-malleable cryptography, " SIAM J. Comput. , vol. 30, no. 2, pp. 391-437, 2000.
11. R. Dowsley, J. Müller-Quade, and A. C. A. Nascimento, "A CCA2 secure public key encryption scheme based on theMcEliece assumptions in the standard model, " in Proc. RSA Conf. Topics Cryptol. , 2009, pp. 240-251.
12. J. -C. Faugére, V. Gauthier, A. Otmani, L. Perret, and J. -P. Tillich, "A distinguisher for high rateMcEliece cryptosystems, " in Proc. IEEE Inf. Theory Workshop, 2011, pp. 282-286.
13. J. -C. Faugére, A. Otmani, L. Perret, and J. -P. Tillich, "Algebraic cryptanalysis of McEliece variants with compact keys, " in Proc. EUROCRYPT, 2010, pp. 279-298.
14. M. Finiasz and N. Sendrier, "Security bounds for the design of codebased cryptosystems, " in Proc. Asiacrypt, 2009, pp. 88-105.
15. S. Goldwasser and S. Micali, "Probabilistic encryption, " J. Comput. Syst. Sci. , vol. 28, no. 2, pp. 270-299, 1984.
16. S. Goldwasser and V. Vaikuntanathan, Correlation-secure Trapdoor Functions from Lattices, 2008.
17. D. Hofheinz and E. Kiltz, "Secure hybrid encryption from weakened key encapsulation, " in Proc. CRYPTO, 2007, pp. 553-571.
18. J. Katz and J. S. Shin, "Parallel and concurrent security of the HB and HB+ protocols, " in Proc. EUROCRYPT, 2006, pp. 73-87.
19. K. Kobara and H. Imai, Semantically Secure McEliece Public-Key Cryptosystems Conversions for McEliece PKC, ser. LNCS. New York: Springer, 2001, vol. 1992.
20. L. Lamport, Constructing digital signatures from one-way functions SRI Int. , Menlo Park, CA, Tech. Rep. SRI-CSL-98, Oct. 1979.
21. P. J. Lee and E. F. Brickell, "An observation on the security of McEliece's public-key cryptosystem, " in Proc. EUROCRYPT, 1988, pp. 275-280.
22. J. S. Leon, "A probabilistic algorithm for computing minimum weights of large error-correcting codes, " IEEE Trans. Inf. Theory, vol. 34, no. 5, pp. 1354-1359, Sep. 1988.
23. Y. Lindell, "A simpler construction of CCA2-secure public-key encryption under general assumptions, " in Proc. EUROCRYPT, 2003, pp. 241-254.
24. P. Loidreau and N. Sendrier, "Weak keys inMcEliece public-key cryptosystem, " IEEE Trans. Inf. Theory. , vol. 47, no. 3, pp. 1207-1212, Mar. 2001.
25. R. J. McEliece, A public-key cryptosystem based on algebraic coding theory Deep Space Network, NASA Jet Propulsion Lab, Los Angeles, CA, Progr. Rep. DSN PR 42-44, 1978.
26. A. May, A. Meurer, and E. Thomae, "Decoding random linear codes in , " in Proc. ASIACRYPT, 2011, pp. 107-124.
27. M. Naor and M. Yung, "Universal one-way hash functions and their cryptographic applications, " in Proc. 21st Annu. ACM Symp. Theory Comput. , 1989, pp. 33-43.
28. R. Nojima, H. Imai, K. Kobara, and K. Morozov, "Semantic security for the McEliece cryptosystem without random oracles, " in Proc. Int. Workshop Coding Cryptography, 2007, pp. 257-268.
29. C. Peikert and B. Waters, "Lossy trapdoor functions and their applications, " in Proc. Annu. ACMSymp. Theory Comput. , 2008, pp. 187-196.
30. E. Persichetti, Personal Communication.
31. C. Rackoff and D. R. Simon, "Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, " in Proc. CRYPTO, 1991, pp. 433-444.
32. O. Regev, "On lattices, learning with errors, random linear codes, and cryptography, " in Proc. Annu. ACM Symp. Theory Comput. , 2005, pp. 84-93.
33. A. Rosen and G. Segev, "Chosen-Ciphertext security via correlated products, " in Proc. 6th Theory Cryptography Conf. Theory Cryptography, 2009, pp. 419-436.
34. A. Sahai, "Non-malleable non-interactive zero knowledge and adaptive Chosen-Ciphertext security, " in Proc. 40th Annu. Symp. Found. Comput. Sci. , 1999, pp. 543-553.
35. N. Sendrier, "Finding the permutation between equivalent linear codes: The support splitting algorithm, " IEEE Trans. Inf. Theory. , vol. 46, no. 4, pp. 1193-1203, Jul. 2000.
36. N. Sendrier, "On the use of structured codes in code based cryptography, " in Coding Theory and Cryptography III. Brussels, Belgium: The Royal Flemish Academy of Belgium for Science and the Arts, 2010.
37. J. Stern, "A method for finding codewords of small weight, " in Proc. 3rd Int. Colloq. Coding Theory Appl. , 1989, pp. 106-113.
38. F. Strenzke, E. Tews, H. G. Molter, R. Overbeck, and A. Shoufan, "Side channels in theMcEliece PKC, " in Proc. Int. Workshop Post-Quantum, 2008, pp. 216-229.