130 research outputs found
A Distinguisher-Based Attack on a Variant of McEliece's Cryptosystem Based on Reed-Solomon Codes
Baldi et \textit{al.} proposed a variant of McEliece's cryptosystem. The main
idea is to replace its permutation matrix by adding to it a rank 1 matrix. The
motivation for this change is twofold: it would allow the use of codes that
were shown to be insecure in the original McEliece's cryptosystem, and it would
reduce the key size while keeping the same security against generic decoding
attacks. The authors suggest to use generalized Reed-Solomon codes instead of
Goppa codes. The public code built with this method is not anymore a
generalized Reed-Solomon code. On the other hand, it contains a very large
secret generalized Reed-Solomon code. In this paper we present an attack that
is built upon a distinguisher which is able to identify elements of this secret
code. The distinguisher is constructed by considering the code generated by
component-wise products of codewords of the public code (the so-called "square
code"). By using square-code dimension considerations, the initial generalized
Reed-Solomon code can be recovered which permits to decode any ciphertext. A
similar technique has already been successful for mounting an attack against a
homomorphic encryption scheme suggested by Bogdanoc et \textit{al.}. This work
can be viewed as another illustration of how a distinguisher of Reed-Solomon
codes can be used to devise an attack on cryptosystems based on them.Comment: arXiv admin note: substantial text overlap with arXiv:1203.668
A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes
Bogdanov and Lee suggested a homomorphic public-key encryption scheme based
on error correcting codes. The underlying public code is a modified
Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde
generating matrix defining it. The columns that define this submatrix are kept
secret and form a set . We give here a distinguisher that detects if one or
several columns belong to or not. This distinguisher is obtained by
considering the code generated by component-wise products of codewords of the
public code (the so called "square code"). This operation is applied to
punctured versions of this square code obtained by picking a subset
of the whole set of columns. It turns out that the dimension of the
punctured square code is directly related to the cardinality of the
intersection of with . This allows an attack which recovers the full set
and which can then decrypt any ciphertext.Comment: 11 page
Cryptanalysis of public-key cryptosystems that use subcodes of algebraic geometry codes
We give a polynomial time attack on the McEliece public key cryptosystem
based on subcodes of algebraic geometry (AG) codes. The proposed attack reposes
on the distinguishability of such codes from random codes using the Schur
product. Wieschebrink treated the genus zero case a few years ago but his
approach cannot be extent straightforwardly to other genera. We address this
problem by introducing and using a new notion, which we call the t-closure of a
code
Variations of the McEliece Cryptosystem
Two variations of the McEliece cryptosystem are presented. The first one is
based on a relaxation of the column permutation in the classical McEliece
scrambling process. This is done in such a way that the Hamming weight of the
error, added in the encryption process, can be controlled so that efficient
decryption remains possible. The second variation is based on the use of
spatially coupled moderate-density parity-check codes as secret codes. These
codes are known for their excellent error-correction performance and allow for
a relatively low key size in the cryptosystem. For both variants the security
with respect to known attacks is discussed
Chaves mais pequenas para criptossistemas de McEliece usando codificadores convolucionais
The arrival of the quantum computing era is a real threat to the confidentiality
and integrity of digital communications. So, it is urgent to develop alternative
cryptographic techniques that are resilient to quantum computing. This is the
goal of pos-quantum cryptography. The code-based cryptosystem called
Classical McEliece Cryptosystem remains one of the most promising postquantum
alternatives. However, the main drawback of this system is that the
public key is much larger than in the other alternatives. In this thesis we study
the algebraic properties of this type of cryptosystems and present a new variant
that uses a convolutional encoder to mask the so-called Generalized Reed-
Solomon code. We conduct a cryptanalysis of this new variant to show that
high levels of security can be achieved using significant smaller keys than in
the existing variants of the McEliece scheme. We illustrate the advantages of
the proposed cryptosystem by presenting several practical examples.A chegada da era da computação quântica Ă© uma ameaça real Ă
confidencialidade e integridade das comunicações digitais. É, por isso, urgente
desenvolver tĂ©cnicas criptográficas alternativas que sejam resilientes Ă
computação quântica. Este é o objetivo da criptografia pós-quântica. O
Criptossistema de McEliece continua a ser uma das alternativas pós-quânticas
mais promissora, contudo, a sua principal desvantagem Ă© o tamanho da chave
pĂşblica, uma vez que Ă© muito maior do que o das outras alternativas. Nesta
tese estudamos as propriedades algébricas deste tipo de criptossistemas e
apresentamos uma nova variante que usa um codificador convolucional para
mascarar o cĂłdigo de Generalized Reed-Solomon. Conduzimos uma
criptoanálise dessa nova variante para mostrar que altos nĂveis de segurança
podem ser alcançados usando uma chave significativamente menor do que as
variantes existentes do esquema de McEliece. Ilustramos, assim, as vantagens
do criptossistema proposto apresentando vários exemplos práticos.Programa Doutoral em Matemátic
Cryptography based on the Hardness of Decoding
This thesis provides progress in the fields of for lattice and coding based cryptography. The first contribution consists of constructions of IND-CCA2 secure public key cryptosystems from both the McEliece and the low noise learning parity with noise assumption. The second contribution is a novel instantiation of the lattice-based learning with errors problem which uses uniform errors
- …