52 research outputs found
Worst case QC-MDPC decoder for McEliece cryptosystem
McEliece encryption scheme which enjoys relatively small key sizes as well as
a security reduction to hard problems of coding theory. Furthermore, it remains
secure against a quantum adversary and is very well suited to low cost
implementations on embedded devices.
Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm,
as for LDPC codes. Variable time decoders might leak some information on the
code structure (that is on the sparse parity check equations) and must be
avoided. A constant time decoder is easy to emulate, but its running time
depends on the worst case rather than on the average case. So far
implementations were focused on minimizing the average cost. We show that the
tuning of the algorithm is not the same to reduce the maximal number of
iterations as for reducing the average cost. This provides some indications on
how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel
attack.Comment: 5 pages, conference ISIT 201
Cryptanalysis of a One-Time Code-Based Digital Signature Scheme
We consider a one-time digital signature scheme recently proposed by
Persichetti and show that a successful key recovery attack can be mounted with
limited complexity. The attack we propose exploits a single signature
intercepted by the attacker, and relies on a statistical analysis performed
over such a signature, followed by information set decoding. We assess the
attack complexity and show that a full recovery of the secret key can be
performed with a work factor that is far below the claimed security level. The
efficiency of the attack is motivated by the sparsity of the signature, which
leads to a significant information leakage about the secret key.Comment: 5 pages, 1 figur
Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes
We consider the framework of the McEliece cryptosystem based on LDPC codes,
which is a promising post-quantum alternative to classical public key
cryptosystems. The use of LDPC codes in this context allows to achieve good
security levels with very compact keys, which is an important advantage over
the classical McEliece cryptosystem based on Goppa codes. However, only regular
LDPC codes have been considered up to now, while some further improvement can
be achieved by using irregular LDPC codes, which are known to achieve better
error correction performance than regular LDPC codes. This is shown in this
paper, for the first time at our knowledge. The possible use of irregular
transformation matrices is also investigated, which further increases the
efficiency of the system, especially in regard to the public key size.Comment: 6 pages, 3 figures, presented at ISCC 201
Using LDGM Codes and Sparse Syndromes to Achieve Digital Signatures
In this paper, we address the problem of achieving efficient code-based
digital signatures with small public keys. The solution we propose exploits
sparse syndromes and randomly designed low-density generator matrix codes.
Based on our evaluations, the proposed scheme is able to outperform existing
solutions, permitting to achieve considerable security levels with very small
public keys.Comment: 16 pages. The final publication is available at springerlink.co
Optimization of the parity-check matrix density in QC-LDPC code-based McEliece cryptosystems
Low-density parity-check (LDPC) codes are one of the most promising families
of codes to replace the Goppa codes originally used in the McEliece
cryptosystem. In fact, it has been shown that by using quasi-cyclic low-density
parity-check (QC-LDPC) codes in this system, drastic reductions in the public
key size can be achieved, while maintaining fixed security levels. Recently,
some proposals have appeared in the literature using codes with denser
parity-check matrices, named moderate-density parity-check (MDPC) codes.
However, the density of the parity-check matrices to be used in QC-LDPC
code-based variants of the McEliece cryptosystem has never been optimized. This
paper aims at filling such gap, by proposing a procedure for selecting the
density of the private parity-check matrix, based on the security level and the
decryption complexity. We provide some examples of the system parameters
obtained through the proposed technique.Comment: 10 pages, 4 figures. To be presented at IEEE ICC 2013 - Workshop on
Information Security over Noisy and Lossy Communication Systems. Copyright
transferred to IEE
- …