12 research outputs found
On Decoding Schemes for the MDPC-McEliece Cryptosystem
Recently, it has been shown how McEliece public-key cryptosystems based on
moderate-density parity-check (MDPC) codes allow for very compact keys compared
to variants based on other code families. In this paper, classical (iterative)
decoding schemes for MPDC codes are considered. The algorithms are analyzed
with respect to their error-correction capability as well as their resilience
against a recently proposed reaction-based key-recovery attack on a variant of
the MDPC-McEliece cryptosystem by Guo, Johansson and Stankovski (GJS). New
message-passing decoding algorithms are presented and analyzed. Two proposed
decoding algorithms have an improved error-correction performance compared to
existing hard-decision decoding schemes and are resilient against the GJS
reaction-based attack for an appropriate choice of the algorithm's parameters.
Finally, a modified belief propagation decoding algorithm that is resilient
against the GJS reaction-based attack is presented
Variations of the McEliece Cryptosystem
Two variations of the McEliece cryptosystem are presented. The first one is
based on a relaxation of the column permutation in the classical McEliece
scrambling process. This is done in such a way that the Hamming weight of the
error, added in the encryption process, can be controlled so that efficient
decryption remains possible. The second variation is based on the use of
spatially coupled moderate-density parity-check codes as secret codes. These
codes are known for their excellent error-correction performance and allow for
a relatively low key size in the cryptosystem. For both variants the security
with respect to known attacks is discussed
Using Reed-Solomon codes in the (U | U + V ) construction and an application to cryptography
International audience—In this paper we present a modification of Reed-Solomon codes that beats the Guruswami-Sudan 1 − √ R decoding radius of Reed-Solomon codes at low rates R. The idea is to choose Reed-Solomon codes U and V with appropriate rates in a (U | U + V) construction and to decode them with the Koetter-Vardy soft information decoder. We suggest to use a slightly more general version of these codes (but which has the same decoding performance as the (U | U + V)-construction) for being used in code-based cryptography , namely to build a McEliece scheme. The point is here that these codes not only perform nearly as well (or even better in the low rate regime) as Reed-Solomon codes, but also that their structure seems to avoid the Sidelnikov-Shestakov attack which broke a previous McEliece proposal based on generalized Reed-Solomon codes
Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes
We give polynomial time attacks on the McEliece public key cryptosystem based
either on algebraic geometry (AG) codes or on small codimensional subcodes of
AG codes. These attacks consist in the blind reconstruction either of an Error
Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data
of an arbitrary generator matrix of a code. An ECP provides a decoding
algorithm that corrects up to errors, where denotes
the designed distance and denotes the genus of the corresponding curve,
while with an ECA the decoding algorithm corrects up to
errors. Roughly speaking, for a public code of length over ,
these attacks run in operations in for the
reconstruction of an ECP and operations for the reconstruction of an
ECA. A probabilistic shortcut allows to reduce the complexities respectively to
and . Compared to the
previous known attack due to Faure and Minder, our attack is efficient on codes
from curves of arbitrary genus. Furthermore, we investigate how far these
methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the
conferences ISIT 2014 with title "A polynomial time attack against AG code
based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG
codes". This long version includes detailed proofs and new results: the
proceedings articles only considered the reconstruction of ECP while we
discuss here the reconstruction of EC
A Polynomial-Time Attack on the BBCRS Scheme
International audienceThe BBCRS scheme is a variant of the McEliece public-key encryption scheme where the hiding phase is performed by taking the inverse of a matrix which is of the form T+R where T is a sparse matrix with average row/column weight equal to a very small quantity m, usually m<2, and R is a matrix of small rank z⩾1. The rationale of this new transformation is the reintroduction of families of codes, like generalized Reed-Solomon codes, that are famously known for representing insecure choices. We present a key-recovery attack when z=1 and m is chosen between 1 and 1+R+O(1/\sqrt{n}) where R denotes the code rate. This attack has complexity O(n^6) and breaks all the parameters suggested in the literature
A Polynomial-Time Attack on the BBCRS Scheme
International audienceThe BBCRS scheme is a variant of the McEliece public-key encryption scheme where the hiding phase is performed by taking the inverse of a matrix which is of the form T+R where T is a sparse matrix with average row/column weight equal to a very small quantity m, usually m<2, and R is a matrix of small rank z⩾1. The rationale of this new transformation is the reintroduction of families of codes, like generalized Reed-Solomon codes, that are famously known for representing insecure choices. We present a key-recovery attack when z=1 and m is chosen between 1 and 1+R+O(1/\sqrt{n}) where R denotes the code rate. This attack has complexity O(n^6) and breaks all the parameters suggested in the literature