Worst case QC-MDPC decoder for McEliece cryptosystem

McEliece encryption scheme which enjoys relatively small key sizes as well as a security reduction to hard problems of coding theory. Furthermore, it remains secure against a quantum adversary and is very well suited to low cost implementations on embedded devices. Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm, as for LDPC codes. Variable time decoders might leak some information on the code structure (that is on the sparse parity check equations) and must be avoided. A constant time decoder is easy to emulate, but its running time depends on the worst case rather than on the average case. So far implementations were focused on minimizing the average cost. We show that the tuning of the algorithm is not the same to reduce the maximal number of iterations as for reducing the average cost. This provides some indications on how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel attack.Comment: 5 pages, conference ISIT 201

Cryptanalysis of a One-Time Code-Based Digital Signature Scheme

We consider a one-time digital signature scheme recently proposed by Persichetti and show that a successful key recovery attack can be mounted with limited complexity. The attack we propose exploits a single signature intercepted by the attacker, and relies on a statistical analysis performed over such a signature, followed by information set decoding. We assess the attack complexity and show that a full recovery of the secret key can be performed with a work factor that is far below the claimed security level. The efficiency of the attack is motivated by the sparsity of the signature, which leads to a significant information leakage about the secret key.Comment: 5 pages, 1 figur

Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes

We consider the framework of the McEliece cryptosystem based on LDPC codes, which is a promising post-quantum alternative to classical public key cryptosystems. The use of LDPC codes in this context allows to achieve good security levels with very compact keys, which is an important advantage over the classical McEliece cryptosystem based on Goppa codes. However, only regular LDPC codes have been considered up to now, while some further improvement can be achieved by using irregular LDPC codes, which are known to achieve better error correction performance than regular LDPC codes. This is shown in this paper, for the first time at our knowledge. The possible use of irregular transformation matrices is also investigated, which further increases the efficiency of the system, especially in regard to the public key size.Comment: 6 pages, 3 figures, presented at ISCC 201

Using LDGM Codes and Sparse Syndromes to Achieve Digital Signatures

In this paper, we address the problem of achieving efficient code-based digital signatures with small public keys. The solution we propose exploits sparse syndromes and randomly designed low-density generator matrix codes. Based on our evaluations, the proposed scheme is able to outperform existing solutions, permitting to achieve considerable security levels with very small public keys.Comment: 16 pages. The final publication is available at springerlink.co

Optimization of the parity-check matrix density in QC-LDPC code-based McEliece cryptosystems

Low-density parity-check (LDPC) codes are one of the most promising families of codes to replace the Goppa codes originally used in the McEliece cryptosystem. In fact, it has been shown that by using quasi-cyclic low-density parity-check (QC-LDPC) codes in this system, drastic reductions in the public key size can be achieved, while maintaining fixed security levels. Recently, some proposals have appeared in the literature using codes with denser parity-check matrices, named moderate-density parity-check (MDPC) codes. However, the density of the parity-check matrices to be used in QC-LDPC code-based variants of the McEliece cryptosystem has never been optimized. This paper aims at filling such gap, by proposing a procedure for selecting the density of the private parity-check matrix, based on the security level and the decryption complexity. We provide some examples of the system parameters obtained through the proposed technique.Comment: 10 pages, 4 figures. To be presented at IEEE ICC 2013 - Workshop on Information Security over Noisy and Lossy Communication Systems. Copyright transferred to IEE