395 research outputs found
Variations of the McEliece Cryptosystem
Two variations of the McEliece cryptosystem are presented. The first one is
based on a relaxation of the column permutation in the classical McEliece
scrambling process. This is done in such a way that the Hamming weight of the
error, added in the encryption process, can be controlled so that efficient
decryption remains possible. The second variation is based on the use of
spatially coupled moderate-density parity-check codes as secret codes. These
codes are known for their excellent error-correction performance and allow for
a relatively low key size in the cryptosystem. For both variants the security
with respect to known attacks is discussed
Polynomial-Time Key Recovery Attack on the Faure-Loidreau Scheme based on Gabidulin Codes
Encryption schemes based on the rank metric lead to small public key sizes of
order of few thousands bytes which represents a very attractive feature
compared to Hamming metric-based encryption schemes where public key sizes are
of order of hundreds of thousands bytes even with additional structures like
the cyclicity. The main tool for building public key encryption schemes in rank
metric is the McEliece encryption setting used with the family of Gabidulin
codes. Since the original scheme proposed in 1991 by Gabidulin, Paramonov and
Tretjakov, many systems have been proposed based on different masking
techniques for Gabidulin codes. Nevertheless, over the years all these systems
were attacked essentially by the use of an attack proposed by Overbeck.
In 2005 Faure and Loidreau designed a rank-metric encryption scheme which was
not in the McEliece setting. The scheme is very efficient, with small public
keys of size a few kiloBytes and with security closely related to the
linearized polynomial reconstruction problem which corresponds to the decoding
problem of Gabidulin codes. The structure of the scheme differs considerably
from the classical McEliece setting and until our work, the scheme had never
been attacked. We show in this article that this scheme like other schemes
based on Gabidulin codes, is also vulnerable to a polynomial-time attack that
recovers the private key by applying Overbeck's attack on an appropriate public
code. As an example we break concrete proposed bits security parameters in
a few seconds.Comment: To appear in Designs, Codes and Cryptography Journa
Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes
We give polynomial time attacks on the McEliece public key cryptosystem based
either on algebraic geometry (AG) codes or on small codimensional subcodes of
AG codes. These attacks consist in the blind reconstruction either of an Error
Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data
of an arbitrary generator matrix of a code. An ECP provides a decoding
algorithm that corrects up to errors, where denotes
the designed distance and denotes the genus of the corresponding curve,
while with an ECA the decoding algorithm corrects up to
errors. Roughly speaking, for a public code of length over ,
these attacks run in operations in for the
reconstruction of an ECP and operations for the reconstruction of an
ECA. A probabilistic shortcut allows to reduce the complexities respectively to
and . Compared to the
previous known attack due to Faure and Minder, our attack is efficient on codes
from curves of arbitrary genus. Furthermore, we investigate how far these
methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the
conferences ISIT 2014 with title "A polynomial time attack against AG code
based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG
codes". This long version includes detailed proofs and new results: the
proceedings articles only considered the reconstruction of ECP while we
discuss here the reconstruction of EC
Cryptanalysis of public-key cryptosystems that use subcodes of algebraic geometry codes
We give a polynomial time attack on the McEliece public key cryptosystem
based on subcodes of algebraic geometry (AG) codes. The proposed attack reposes
on the distinguishability of such codes from random codes using the Schur
product. Wieschebrink treated the genus zero case a few years ago but his
approach cannot be extent straightforwardly to other genera. We address this
problem by introducing and using a new notion, which we call the t-closure of a
code
On the security of digital signature schemes based on error-correcting codes
We discuss the security of digital signature schemes based on error-correcting codes. Several attacks to the Xinmei scheme are surveyed, and some reasons given to explain why the Xinmei scheme failed, such as the linearity of the signature and the redundancy of public keys. Another weakness is found in the Alabbadi-Wicker scheme, which results in a universal forgery attack against it. This attack shows that the Alabbadi-Wicker scheme fails to implement the necessary property of a digital signature scheme: it is infeasible to find a false signature algorithm D from the public verification algorithm E such that E(D*(m)) = m for all messages m. Further analysis shows that this new weakness also applies to the Xinmei scheme
Cryptography from tensor problems
We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler
- …