709 research outputs found
Quantum Fourier sampling, Code Equivalence, and the quantum security of the McEliece and Sidelnikov cryptosystems
The Code Equivalence problem is that of determining whether two given linear
codes are equivalent to each other up to a permutation of the coordinates. This
problem has a direct reduction to a nonabelian hidden subgroup problem (HSP),
suggesting a possible quantum algorithm analogous to Shor's algorithms for
factoring or discrete log. However, we recently showed that in many cases of
interest---including Goppa codes---solving this case of the HSP requires rich,
entangled measurements. Thus, solving these cases of Code Equivalence via
Fourier sampling appears to be out of reach of current families of quantum
algorithms.
Code equivalence is directly related to the security of McEliece-type
cryptosystems in the case where the private code is known to the adversary.
However, for many codes the support splitting algorithm of Sendrier provides a
classical attack in this case. We revisit the claims of our previous article in
the light of these classical attacks, and discuss the particular case of the
Sidelnikov cryptosystem, which is based on Reed-Muller codes
Healing the Hill Cipher, Improved Approach to Secure Modified Hill against Zero-plaintext Attack
Hill Cipher is a symmetric cryptosystem that was claimed to suffer from known-plaintext attack for many years. Different methods have been proposed to make this cipher more secure against known attacks. The introduced classic Hill cipher by Tourani and Falahati in 2011 that was devised in two variants and based upon affine transformation, was considered to be more secure against known attacks. Recently, this well modified Hill cipher is claimed to be vulnerable to zero-plaintext attack. In this paper, by using a chaotic map and scrambling methods, a novel cryptosystem based on Tourani and Falahati Hill cipher is presented which overcomes the zero-plaintext attack. The proposed Hill cipher is more reliable and faster
Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups
The main practical limitation of the McEliece public-key encryption scheme is
probably the size of its key. A famous trend to overcome this issue is to focus
on subclasses of alternant/Goppa codes with a non trivial automorphism group.
Such codes display then symmetries allowing compact parity-check or generator
matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC)
or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such
symmetric alternant/Goppa codes in cryptography introduces a fundamental
weakness. It is indeed possible to reduce the key-recovery on the original
symmetric public-code to the key-recovery on a (much) smaller code that has not
anymore symmetries. This result is obtained thanks to a new operation on codes
called folding that exploits the knowledge of the automorphism group. This
operation consists in adding the coordinates of codewords which belong to the
same orbit under the action of the automorphism group. The advantage is
twofold: the reduction factor can be as large as the size of the orbits, and it
preserves a fundamental property: folding the dual of an alternant (resp.
Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point
is to show that all the existing constructions of alternant/Goppa codes with
symmetries follow a common principal of taking codes whose support is globally
invariant under the action of affine transformations (by building upon prior
works of T. Berger and A. D{\"{u}}r). This enables not only to present a
unified view but also to generalize the construction of QC, QD and even
quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to
boost up any key-recovery attack on McEliece systems based on symmetric
alternant or Goppa codes, and in particular algebraic attacks.Comment: 19 page
- …