A distinguisher for high-rate McEliece cryptosystems

IEEE Transactions on Information Theory

Volumn 59, Issue 10, 2013, Pages 6830-6844

  Faugere, Jean Charles ^a,b   Gauthier Umana, Valerie ^c   Otmani, Ayoub ^d   Perret, Ludovic ^a,b   Tillich, Jean Pierre ^e  

^a INRIA   (France)

^b UNIVERSITÉ PIERRE ET MARIE CURIE   (France)

^c UNIVERSIDAD DE LOS ANDES   (Colombia)

^d UNIVERSITÉ DE ROUEN   (France)

^e INRIA ROCQUENCOURT   (France)

Author keywords

Algebraic cryptanalysis; CFS signature; Goppa Code Distinguishing (GD) problem; McEliece cryptosystem

Indexed keywords

ALGEBRAIC CRYPTANALYSIS; CFS SIGNATURE; CRYPTOGRAPHIC PRIMITIVES; EXPLICIT FORMULA; GOPPA CODES; KEY-RECOVERY ATTACKS; MCELIECE CRYPTOSYSTEM; POLYNOMIAL SYSTEMS;

CRYPTOGRAPHY; LINEAR SYSTEMS; MATRIX ALGEBRA; POLYNOMIAL APPROXIMATION;

PROBLEM SOLVING;

EID: 84884481641     PISSN: 00189448     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIT.2013.2272036     Document Type: Article

References (43)

1. J. Faugère, V. Gauthier-Umana, A. Otmani, L. Perret, and J. Tillich, "Distinguisher for high rate McEliece cryptosystems," presented at the Proc. IEEE Inf. Theory Workshop, Paraty, Brazil, Oct. 16-20, 2011.
2. N. T. Courtois, M. Finiasz, and N. Sendrier, "How to achieve a McEliece-based digital signature scheme," in Proc. 7th Int. Conf. Theory Appl. Cryptology Inf. Security, 2001, vol. 2248, pp. 157-174.
3. R. J. McEliece, A Public-Key System Based on Algebraic Coding Theory Jet Propulsion Lab, Pasadena, CA, USA, 1978, dSN Progress Report 44.
4. P. J. Lee and E. F. Brickell, "An observation on the security of McEliece's public-key cryptosystem," in Proc. Adv. Cryptol.-EUROCRYPT, 1988, vol. 330/1988, Lecture Notes in Computer Science, pp. 275-280.
5. J. S. Leon, "A probabilistic algorithm for computing minimum weights of large error-correcting codes," IEEE Trans. Inf. Theory, vol. 34, no. 5, pp. 1354-1359, Sep. 1988.
6. J. Stern, "A method for finding codewords of small weight," in Coding Theory and Applications, G. D. Cohen and J. Wolfmann, Eds. New York, NY, USA: Springer-Verlag, 1988, vol. 388, Lecture Notes in Computer Science, pp. 106-113.
7. A. Canteaut and F. Chabaud, "A new algorithm for finding minimum-weight words in a linear code: Application to McEliece's cryptosystem and to narrow-sense BCH codes of length 511," IEEE Trans. Inf. Theory, vol. 44, no. 1, pp. 367-378, Jan. 1998. (Pubitemid 128737912)
8. D. J. Bernstein, T. Lange, and C. Peters, "Attacking and defending the McEliece cryptosystem," in Proc. 2nd Int. Workshop Post-Quantum Cryptography, 2008, vol. 5299, Lecture Notes in Computer Science, pp. 31-46.
9. D. J.Bernstein, T. Lange, andC. Peters, P.Rogaway, Ed., "Smaller decoding exponents: Ball-collision decoding," in Proc. 31st Annu. Conf. Adv. Cryptology, 2011, vol. 6841, Lecture Notes in Computer Science, pp. 743-760.
10. A. May, A. Meurer, and E. Thomae, D. H. Lee and X. Wang, Eds. , "Decoding random linear codes in ," in Proc. 17th Int. Conf. Theory Appl. Cryptology Inf. Security, 2011, vol. 7073, Lecture Notes in Computer Science, pp. 107-124.
11. A. Becker, A. Joux, A. May, and A. Meurer, D. Pointcheval and T. Johansson, Eds., "Decoding random binary linear codes in : How improves information set decoding," in Proc. 31st Annu. Int. Conf. Theory Appl. Cryptographic Techn., 2012, vol. 7237, Lecture Notes in Computer Science, pp. 520-536.
12. E. Berlekamp, R. McEliece, and H. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. Inf. Theory, vol. 24, no. 3, pp. 384-386, May 1978. (Pubitemid 8607605)
13. J. Gibson, D. Davies, Ed., "Equivalent Goppa codes and trapdoors to McEliece's public key cryptosystem," in Proc. 10th Annu. Int. Conf. Theory Appl. Cryptographic Techn., Berlin/Heidelberg, 1991, vol. 547, Lecture Notes in Computer Science, pp. 517-521.
14. P. Loidreau and N. Sendrier, "Weak keys in the McEliece public-key cryptosystem," IEEE Trans. Inf. Theory, vol. 47, no. 3, pp. 1207-1211, Mar. 2001. (Pubitemid 32425453)
15. R. Nojima, H. Imai, K. Kobara, and K. Morozov, "Semantic security for the McEliece cryptosystem without random oracles," Des. Codes Cryptography, vol. 49, no. 1-3, pp. 289-305, 2008.
16. R. Dowsley, J. Müller-Quade, and A. C. A. Nascimento, "A CCA2 secure public key encryption scheme based on theMcEliece assumptions in the standard model," in Proc. Topics Cryptology, 2009, pp. 240-251.
17. L. Dallot, "Towards a concrete security proof of Courtois, Finiasz and Sendrier signature scheme," in Proc. Res. Cryptology, 2007, pp. 65-77.
18. M. Finiasz and N. Sendrier, M. Matsui, Ed., "Security bounds for the design of code-based cryptosystems," in Proc. 15th Int. Conf. Theory Appl. Cryptology Inf. Security, 2009, vol. 5912, Lecture Notes in Computer Science, pp. 88-105.
19. J.-C. Faugère, A. Otmani, L. Perret, and J.-P. Tillich, H. Gilbert, Ed., "Algebraic cryptanalysis of McEliece variants with compact keys," in Proc. 29th Annu. Int. Conf. Theory Appl. Cryptographic Techn., 2010, vol. 6110, Lecture Notes in Computer Science, pp. 279-298.
20. V. D. Goppa, "A new class of linear correcting codes," Problems Peredachi Inf., vol. 6, no. 3, pp. 24-30, 1970.
21. F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes, 5th ed. Amsterdam, The Netherlands: North-Holland, 1986.
22. N. Patterson, "The algebraic decoding of Goppa codes," IEEE Trans. Inf. Theory, vol. IT-21, no. 2, pp. 203-207, Mar. 1975.
23. J. van Tilburg, "On the McEliece public-key cryptosystem," in Proc. 8th Annu. Int. Cryptology Conf. Adv. Cryptology, London, U.K., 1990, pp. 119-131.
24. A. Canteaut and H. Chabanne, "A further improvement of the work factor in an attempt at breaking McEliece's cryptosystem," in EUROCODE, 1994, pp. 169-173.
25. A. Canteaut and F. Chabaud, Improvements of the Attacks on Cryptosystems based on Error-Correcting Codes INRIA, Paris, France, 1995, Tech. Rep. 95-21.
26. I. Dumer, "Suboptimal decoding of linear codes : Partition techniques," IEEE Trans. Inf. Theory, vol. 42, no. 6, pp. 1971-1986, Nov. 1996. (Pubitemid 126769191)
27. A. Canteaut and N. Sendrier, "Cryptanalysis of the original McEliece cryptosystem," in Adv. Cryptology, 1998, Lecture Notes in Computer Sscience, pp. 187-199, 1514. (Pubitemid 128151411)
28. N. Sendrier, S. Nikova, B. Preneel, and L. Storme, Eds., "On the use of structured codes in code based cryptography," in Coding Theory Cryptography 3, 2009, Contactforum, pp. 59-68.
29. N. Sendrier, "Finding the permutation between equivalent linear codes: The support splitting algorithm," IEEE Trans. Inf. Theory, vol. 46, no. 4, pp. 1193-1203, Jul. 2000.
30. H. Dinh, C. Moore, and A. Russell, P. Rogaway, Ed., "McEliece and Niederreiter cryptosystems that resist quantum Fourier sampling attacks," in Crypto, 2011, vol. 6841, Lecture Notes in Computer Science, pp. 761-779.
31. P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484-1509, 1997. (Pubitemid 127613100)
32. K. Kobara and H. Imai, K. Kim, Ed., "Semantically secure McEliece public-key cryptosystems-conversions for McEliece PKC," in Proc. 4th Int. Workshop Practice Theory Public Key Cryptography, Cheju Island, Korea, 2001, vol. 1992, Lecture Notes in Computer Science, pp. 19-35. (Pubitemid 33232930)
33. R. Nojima, H. Imai, K. Kobara, and K. Morozov, "Semantic security for the McEliece cryptosystem without random oracles," Des. Codes Cryptography, vol. 49, no. 1-3, pp. 289-305, 2008.
34. R. Dowsley, J. Müller-Quade, and A. C. A. Nascimento, "A CCA2 secure public key encryption scheme based on theMcEliece assumptions in the standard model," in Proc. Cryptographers' Track RSA Conf. Topics Cryptology, 2009, pp. 240-251.
35. T. P. Berger, P. Cayrel, P. Gaborit, and A. Otmani, B. Preneel, Ed., "Reducing key length of the McEliece cryptosystem," in Progr. Cryptology-Second Int. Conf. Cryptology Africa, Gammarth, Tunisia, Jun. 21-25, 2009, vol. 5580, LectureNotes in Computer Science, pp. 77-97.
36. R. Misoczki and P. S. L. M. Barreto, "Compact McEliece keys from Goppa codes," presented at the Select. Areas Cryptography, Calgary, Canada, Aug. 13-14, 2009.
37. J.-C. Faugère, "A new efficient algorithm for computing Gröbner bases (f4)," J. Pure Appl. Algebra, vol. 139, no. 1-3, pp. 61-88, 1999.
38. J.-C. Faugère, "A new efficient algorithm for computing Gröbner bases without reduction to zero: F5," in Proc. Int. Symp. Symbolic Algebraic Computation, 2002, pp. 75-83. (Pubitemid 35023374)
39. W. Bosma, J. J. Cannon, and C. Playoust, "The Magma algebra system-Part I: The user language," J. Symp. Comput., vol. 24, no. 3-4, pp. 235-265, 1997. (Pubitemid 127167874)
40. C. Cooper, "On the distribution of rank of a random matrix over a finite field," Random Struct. Algorithms, vol. 17, no. 3-4, pp. 197-212, 2000.
41. I. Marquez-Corbella and R. Pellikaan, "Error-correcting pairs for a public-key cryptosystem," presented at the Proc. Code-based Cryptography Workshop, 2012 [Online]. Available: http://www.win.tue.nl/ruudp/paper/60.pdf
42. A. Couvreur, P. Gaborit, V. Gauthier, A. Otmani, and J. Tillich, "Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes," in Proc. Int. Workshop Coding Cryptography, Bergen, Norway, 2013, pp. 181-193.
43. , P. Rogaway, Ed., Advances in Cryptology-CRYPTO 2011-31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2011, ser. Lecture Notes in Computer Science. : Springer, 2011, vol. 6841.