A CCA2 Secure Variant of the McEliece Cryptosystem

The McEliece public-key encryption scheme has become an interesting alternative to cryptosystems based on number-theoretical problems. Differently from RSA and ElGa- mal, McEliece PKC is not known to be broken by a quantum computer. Moreover, even tough McEliece PKC has a relatively big key size, encryption and decryption operations are rather efficient. In spite of all the recent results in coding theory based cryptosystems, to the date, there are no constructions secure against chosen ciphertext attacks in the standard model - the de facto security notion for public-key cryptosystems. In this work, we show the first construction of a McEliece based public-key cryptosystem secure against chosen ciphertext attacks in the standard model. Our construction is inspired by a recently proposed technique by Rosen and Segev

Introduction to Post-Quantum Cryptography in Scope of NIST's Post-Quantum Competition

Tänapäeval on andmeturve paljudes valdkondades määrava tähtsusega, kuid hiljutised edusammud kvantmehhaanika valdkonnas võivad tänased interneti turvaprotokollid ohtu seada. Kuna kvantvutid on tõenäoliselt võimelised murdma meie praeguseid krüptostandardeid, tekib vajadus tugevamate krüpteerimisalgoritmide järele. Viimaste kümnendite jooksul on postkvantkrüptograafia saanud palju tähelepanu, kuid siiani pole ükski postkvantkrüptograafiline algoritm standardiseeritud ulatuslikuks kasutamiseks. Seetõttu algatati NIST programm, mille eesmärk on valida uued krüptostandardid, mis säilitaks oma turvalisuse ka kvantarvutite vastu. Käesolev lõputöö annab ülevaate postkvantkrüptograafia erinevatest valdkondadest - võrepõhine, koodipõhine, räsipõhine ja mitmemuutujaline krüptograafia - kasutades näiteid NIST standardiseerimisprogrammist. Lõputöö eesmärk on koostada ülevaatlik materjal, mis annaks informaatika või matemaatika taustaga tudengile laiahaardelised algteadmised postkvantkrüptograafia valdkonnast.Nowadays, information security is essential in many fields, ranging from medicine and science to law enforcement and business, but the developments in the area of quantum computing have put the security of current internet protocols at risk. Since quantum computers will likely be able to break most of our current cryptostandards in trivial time, a need for stronger and quantum-resistant encryption algorithms has arisen. During the last decades, a lot of research has been conducted on the topic of quantum-resistant cryptography, yet none of the post-quantum algorithms have yet been standardized. This has encouraged NIST to start a program to select the future post-quantum cryptography standards. This thesis gives an overview of different types of quantum-resistant algorithms, such as lattice-, code-, hash- and multivariate polynomial based algorithms, for public key encryption and signature schemes, using the examples from NIST’s postquantum cryptography standardization program. The aim of this paper is to compose a compact material, which gives a person with computer science background a basic understanding of the main aspects of post-quantum cryptography

Performance Evaluation of Round 2 Submission for the NIST Post-Quantum Cryptography Project

This paper looks at the submissions for round 2 of a competition held by National Institute of Standards and Technology (NIST) to find an encryption standard resistant to attacks by post-quantum computers. NIST announced its call for submissions in February 2016 with a deadline of November 2017 and announced the 69 algorithms that made the cut for round 1. In January 2019 the candidates for round 2 were announced with round 3 projected for 2020/2021

A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes

Bogdanov and Lee suggested a homomorphic public-key encryption scheme based on error correcting codes. The underlying public code is a modified Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde generating matrix defining it. The columns that define this submatrix are kept secret and form a set $L$. We give here a distinguisher that detects if one or several columns belong to $L$ or not. This distinguisher is obtained by considering the code generated by component-wise products of codewords of the public code (the so called "square code"). This operation is applied to punctured versions of this square code obtained by picking a subset $I$ of the whole set of columns. It turns out that the dimension of the punctured square code is directly related to the cardinality of the intersection of $I$ with $L$. This allows an attack which recovers the full set $L$ and which can then decrypt any ciphertext.Comment: 11 page

Provably Secure Group Signature Schemes from Code-Based Assumptions

We solve an open question in code-based cryptography by introducing two provably secure group signature schemes from code-based assumptions. Our basic scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. The construction produces smaller key and signature sizes than the previous group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed $2^{24}$, which is roughly comparable to the current population of the Netherlands. We develop the basic scheme further to achieve the strongest anonymity notion, i.e., CCA-anonymity, with a small overhead in terms of efficiency. The feasibility of two proposed schemes is supported by implementation results. Our two schemes are the first in their respective classes of provably secure groups signature schemes. Additionally, the techniques introduced in this work might be of independent interest. These are a new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem.Comment: Full extension of an earlier work published in the proceedings of ASIACRYPT 201

Cryptography based on the Hardness of Decoding

This thesis provides progress in the fields of for lattice and coding based cryptography. The first contribution consists of constructions of IND-CCA2 secure public key cryptosystems from both the McEliece and the low noise learning parity with noise assumption. The second contribution is a novel instantiation of the lattice-based learning with errors problem which uses uniform errors

A CCA2 secure Code based encryption scheme in the Standard Model

This paper proposes an encryption scheme secureagainst chosen cipher text attack, built on the Niederreiterencryption scheme. The security of the scheme is based on thehardness of the Syndrome Decoding problem and the Goppa CodeDistinguishability problem. The scheme uses the techniques providedby Peikert and Waters using the lossy trapdoor functions.Compared to the existing IND-CCA2 secure variants in standardmodel due to Dowsley et.al. and Freeman et. al. (using the repetition paradigm initiated by Rosen and Segev), this schemeis more efficient as it avoids repetitions