172 research outputs found
Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes
We cryptanalyse here two variants of the McEliece cryptosystem based on
quasi-cyclic codes. Both aim at reducing the key size by restricting the public
and secret generator matrices to be in quasi-cyclic form. The first variant
considers subcodes of a primitive BCH code. We prove that this variant is not
secure by finding and solving a linear system satisfied by the entries of the
secret permutation matrix.
The other variant uses quasi-cyclic low density parity-check codes. This
scheme was devised to be immune against general attacks working for McEliece
type cryptosystems based on low density parity-check codes by choosing in the
McEliece scheme more general one-to-one mappings than permutation matrices. We
suggest here a structural attack exploiting the quasi-cyclic structure of the
code and a certain weakness in the choice of the linear transformations that
hide the generator matrix of the code. Our analysis shows that with high
probability a parity-check matrix of a punctured version of the secret code can
be recovered in cubic time complexity in its length. The complete
reconstruction of the secret parity-check matrix of the quasi-cyclic low
density parity-check codes requires the search of codewords of low weight which
can be done with about operations for the specific parameters
proposed.Comment: Major corrections. This version supersedes previuos one
Optimization of the parity-check matrix density in QC-LDPC code-based McEliece cryptosystems
Low-density parity-check (LDPC) codes are one of the most promising families
of codes to replace the Goppa codes originally used in the McEliece
cryptosystem. In fact, it has been shown that by using quasi-cyclic low-density
parity-check (QC-LDPC) codes in this system, drastic reductions in the public
key size can be achieved, while maintaining fixed security levels. Recently,
some proposals have appeared in the literature using codes with denser
parity-check matrices, named moderate-density parity-check (MDPC) codes.
However, the density of the parity-check matrices to be used in QC-LDPC
code-based variants of the McEliece cryptosystem has never been optimized. This
paper aims at filling such gap, by proposing a procedure for selecting the
density of the private parity-check matrix, based on the security level and the
decryption complexity. We provide some examples of the system parameters
obtained through the proposed technique.Comment: 10 pages, 4 figures. To be presented at IEEE ICC 2013 - Workshop on
Information Security over Noisy and Lossy Communication Systems. Copyright
transferred to IEE
Variations of the McEliece Cryptosystem
Two variations of the McEliece cryptosystem are presented. The first one is
based on a relaxation of the column permutation in the classical McEliece
scrambling process. This is done in such a way that the Hamming weight of the
error, added in the encryption process, can be controlled so that efficient
decryption remains possible. The second variation is based on the use of
spatially coupled moderate-density parity-check codes as secret codes. These
codes are known for their excellent error-correction performance and allow for
a relatively low key size in the cryptosystem. For both variants the security
with respect to known attacks is discussed
Worst case QC-MDPC decoder for McEliece cryptosystem
McEliece encryption scheme which enjoys relatively small key sizes as well as
a security reduction to hard problems of coding theory. Furthermore, it remains
secure against a quantum adversary and is very well suited to low cost
implementations on embedded devices.
Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm,
as for LDPC codes. Variable time decoders might leak some information on the
code structure (that is on the sparse parity check equations) and must be
avoided. A constant time decoder is easy to emulate, but its running time
depends on the worst case rather than on the average case. So far
implementations were focused on minimizing the average cost. We show that the
tuning of the algorithm is not the same to reduce the maximal number of
iterations as for reducing the average cost. This provides some indications on
how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel
attack.Comment: 5 pages, conference ISIT 201
Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes
We consider the framework of the McEliece cryptosystem based on LDPC codes,
which is a promising post-quantum alternative to classical public key
cryptosystems. The use of LDPC codes in this context allows to achieve good
security levels with very compact keys, which is an important advantage over
the classical McEliece cryptosystem based on Goppa codes. However, only regular
LDPC codes have been considered up to now, while some further improvement can
be achieved by using irregular LDPC codes, which are known to achieve better
error correction performance than regular LDPC codes. This is shown in this
paper, for the first time at our knowledge. The possible use of irregular
transformation matrices is also investigated, which further increases the
efficiency of the system, especially in regard to the public key size.Comment: 6 pages, 3 figures, presented at ISCC 201
LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes
This work presents a new code-based key encapsulation mechanism (KEM) called
LEDAkem. It is built on the Niederreiter cryptosystem and relies on
quasi-cyclic low-density parity-check codes as secret codes, providing high
decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known
statistical attacks, and takes advantage of a new decoding algorithm that
provides faster decoding than the classical bit-flipping decoder commonly
adopted in this kind of systems. The main attacks against LEDAkem are
investigated, taking into account quantum speedups. Some instances of LEDAkem
are designed to achieve different security levels against classical and quantum
computers. Some performance figures obtained through an efficient C99
implementation of LEDAkem are provided.Comment: 21 pages, 3 table
- …