88 research outputs found
Variations of the McEliece Cryptosystem
Two variations of the McEliece cryptosystem are presented. The first one is
based on a relaxation of the column permutation in the classical McEliece
scrambling process. This is done in such a way that the Hamming weight of the
error, added in the encryption process, can be controlled so that efficient
decryption remains possible. The second variation is based on the use of
spatially coupled moderate-density parity-check codes as secret codes. These
codes are known for their excellent error-correction performance and allow for
a relatively low key size in the cryptosystem. For both variants the security
with respect to known attacks is discussed
Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes
We cryptanalyse here two variants of the McEliece cryptosystem based on
quasi-cyclic codes. Both aim at reducing the key size by restricting the public
and secret generator matrices to be in quasi-cyclic form. The first variant
considers subcodes of a primitive BCH code. We prove that this variant is not
secure by finding and solving a linear system satisfied by the entries of the
secret permutation matrix.
The other variant uses quasi-cyclic low density parity-check codes. This
scheme was devised to be immune against general attacks working for McEliece
type cryptosystems based on low density parity-check codes by choosing in the
McEliece scheme more general one-to-one mappings than permutation matrices. We
suggest here a structural attack exploiting the quasi-cyclic structure of the
code and a certain weakness in the choice of the linear transformations that
hide the generator matrix of the code. Our analysis shows that with high
probability a parity-check matrix of a punctured version of the secret code can
be recovered in cubic time complexity in its length. The complete
reconstruction of the secret parity-check matrix of the quasi-cyclic low
density parity-check codes requires the search of codewords of low weight which
can be done with about operations for the specific parameters
proposed.Comment: Major corrections. This version supersedes previuos one
Analysis of reaction and timing attacks against cryptosystems based on sparse parity-check codes
In this paper we study reaction and timing attacks against cryptosystems
based on sparse parity-check codes, which encompass low-density parity-check
(LDPC) codes and moderate-density parity-check (MDPC) codes. We show that the
feasibility of these attacks is not strictly associated to the quasi-cyclic
(QC) structure of the code but is related to the intrinsically probabilistic
decoding of any sparse parity-check code. So, these attacks not only work
against QC codes, but can be generalized to broader classes of codes. We
provide a novel algorithm that, in the case of a QC code, allows recovering a
larger amount of information than that retrievable through existing attacks and
we use this algorithm to characterize new side-channel information leakages. We
devise a theoretical model for the decoder that describes and justifies our
results. Numerical simulations are provided that confirm the effectiveness of
our approach
LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes
This work presents a new code-based key encapsulation mechanism (KEM) called
LEDAkem. It is built on the Niederreiter cryptosystem and relies on
quasi-cyclic low-density parity-check codes as secret codes, providing high
decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known
statistical attacks, and takes advantage of a new decoding algorithm that
provides faster decoding than the classical bit-flipping decoder commonly
adopted in this kind of systems. The main attacks against LEDAkem are
investigated, taking into account quantum speedups. Some instances of LEDAkem
are designed to achieve different security levels against classical and quantum
computers. Some performance figures obtained through an efficient C99
implementation of LEDAkem are provided.Comment: 21 pages, 3 table
Security and complexity of the McEliece cryptosystem based on QC-LDPC codes
In the context of public key cryptography, the McEliece cryptosystem
represents a very smart solution based on the hardness of the decoding problem,
which is believed to be able to resist the advent of quantum computers. Despite
this, the original McEliece cryptosystem, based on Goppa codes, has encountered
limited interest in practical applications, partly because of some constraints
imposed by this very special class of codes. We have recently introduced a
variant of the McEliece cryptosystem including low-density parity-check codes,
that are state-of-the-art codes, now used in many telecommunication standards
and applications. In this paper, we discuss the possible use of a bit-flipping
decoder in this context, which gives a significant advantage in terms of
complexity. We also provide theoretical arguments and practical tools for
estimating the trade-off between security and complexity, in such a way to give
a simple procedure for the system design.Comment: 22 pages, 1 figure. This paper is a preprint of a paper accepted by
IET Information Security and is subject to Institution of Engineering and
Technology Copyright. When the final version is published, the copy of record
will be available at IET Digital Librar
- …