A CCA2 Secure Variant of the McEliece Cryptosystem

The McEliece public-key encryption scheme has become an interesting alternative to cryptosystems based on number-theoretical problems. Differently from RSA and ElGa- mal, McEliece PKC is not known to be broken by a quantum computer. Moreover, even tough McEliece PKC has a relatively big key size, encryption and decryption operations are rather efficient. In spite of all the recent results in coding theory based cryptosystems, to the date, there are no constructions secure against chosen ciphertext attacks in the standard model - the de facto security notion for public-key cryptosystems. In this work, we show the first construction of a McEliece based public-key cryptosystem secure against chosen ciphertext attacks in the standard model. Our construction is inspired by a recently proposed technique by Rosen and Segev

A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM

Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct a round-optimal (2 rounds) universally composable (UC) protocol for oblivious transfer secure against active adaptive adversaries from any OW-CPA secure public-key encryption scheme with certain properties in the random oracle model (ROM). In terms of computation, our protocol only requires the generation of a public/secret-key pair, two encryption operations and one decryption operation, apart from a few calls to the random oracle. In~terms of communication, our protocol only requires the transfer of one public-key, two ciphertexts, and three binary strings of roughly the same size as the message. Next, we show how to instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE, and CDH assumptions. Our instantiations based on the low noise LPN, McEliece, and QC-MDPC assumptions are the first UC-secure OT protocols based on coding assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3) low communication and computational complexities. Previous results in this setting only achieved static security and used costly cut-and-choose techniques.Our instantiation based on CDH achieves adaptive security at the small cost of communicating only two more group elements as compared to the gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which only achieves static security in the ROM

A CCA2 secure Code based encryption scheme in the Standard Model

This paper proposes an encryption scheme secureagainst chosen cipher text attack, built on the Niederreiterencryption scheme. The security of the scheme is based on thehardness of the Syndrome Decoding problem and the Goppa CodeDistinguishability problem. The scheme uses the techniques providedby Peikert and Waters using the lossy trapdoor functions.Compared to the existing IND-CCA2 secure variants in standardmodel due to Dowsley et.al. and Freeman et. al. (using the repetition paradigm initiated by Rosen and Segev), this schemeis more efficient as it avoids repetitions

Efficient implementation of a CCA2-secure variant of McEliece using generalized Srivastava codes

International audienceIn this paper we present efficient implementations of McEliece variants using quasi-dyadic codes. We provide secure parameters for a classical McEliece encryption scheme based on quasi-dyadic generalized Srivastava codes, and successively convert our scheme to a CCA2-secure protocol in the random oracle model applying the Fujisaki-Okamoto transform. In contrast with all other CCA2-secure code-based cryptosystems that work in the random oracle model, our conversion does not require a constant weight encoding function. We present results for both 128-bit and 80-bit security level, and for the latter we also feature an implementation for an embedded device

Efficient S-repetition method for constructing an IND-CCA2 secure McEliece modification in the standard model

The paper is devoted to the construction of IND-CCA2-secure modification of the McEliece cryptosystem in the standard model. The modification uses S-repetition encryption of S/2 various messages with one common secret permutation, in contrast to other modifications that use S -repetition encryption of one message. Thus, this modification provides IND-CCA2-security with an efficient information transfer rate

Choosing parameters for one IND- CCA2 secure McEliece modification in the standard model

The paper is devoted to choosing parameters for one IND-CCA2-secure McEliece modification in the standard model. In particular, the underlying code, plaintext length and one-time strong signature scheme are suggested. The choice of parameters for the scheme was based on efficiency, on the one hand, and security, on the other. Also, experiments for the suggested parameters are provided using the NIST statistical test suite. The paper is devoted to choosing parameters for one IND-CCA2-secure McEliece modification in the standard model. In particular, the underlying code, plaintext length and one-time strong signature scheme are suggested. The choice of parameters for the scheme was based on efficiency, on the one hand, and security, on the other. Also, experiments for the suggested parameters are provided using the NIST statistical test suite