New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem

We consider the decoding problem or the problem of finding low weight codewords for rank metric codes. We show how additional information about the codeword we want to find under the form of certain linear combinations of the entries of the codeword leads to algorithms with a better complexity. This is then used together with a folding technique for attacking a McEliece scheme based on LRPC codes. It leads to a feasible attack on one of the parameters suggested in \cite{GMRZ13}.Comment: A shortened version of this paper will be published in the proceedings of the IEEE International Symposium on Information Theory 2015 (ISIT 2015

Nouveaux protocoles et nouvelles attaques pour la cryptologie basée sur les codes en métrique rang

Security of public keys cryptography is based on difficult mathematic problems, especially in number field theory, such as the factorization for RSA or the discrete logarithm for ElGamal. However, algorithms are more and more efficient to solve these problems. Furthermore, quantum computers would be able to easily break these cryptosystems. Code-based cryptography in rank metric is a solid candidate to design new postquatum cryptosystems since it is fast and has low weight keysize. The goals of this thesis are to study hard problems in rank metric and algorithms which solve them, also to search for new attacks and new primitives based on these problems.La sécurité de la cryptographie à clés publiques repose sur des problèmes mathématiques difficiles, notamment en théorie des nombres, tels que la factorisation pour RSA ou le logarithme discret pour ElGamal. Cependant les progrès des algorithmes rendent les protocoles basés sur des problèmes de théorie des nombres de moins en moins efficaces. De plus, l'arrivée de l'ordinateur quantique rendrait ces cryptosystèmes inutilisables. La cryptographie basée sur les codes en métrique rang est une alternative crédible pour concevoir des cryptosystèmes post-quantiques en raison de sa rapidité et de la faible taille de ses clés. Le but de cette thèse est d'étudier les problèmes difficiles en métrique rang et les algorithmes permettant de les résoudre, ainsi que de chercher de nouvelles attaques et de nouvelles primitives basées sur ces problèmes

Décodage en métrique rang et attaques sur un système de chiffrement à base de codes LRPC

International audienc

New protocols and new attacks on rank metric code-based cryptography

La sécurité de la cryptographie à clés publiques repose sur des problèmes mathématiques difficiles, notamment en théorie des nombres, tels que la factorisation pour RSA ou le logarithme discret pour ElGamal. Cependant les progrès des algorithmes rendent les protocoles basés sur des problèmes de théorie des nombres de moins en moins efficaces. De plus, l'arrivée de l'ordinateur quantique rendrait ces cryptosystèmes inutilisables. La cryptographie basée sur les codes en métrique rang est une alternative crédible pour concevoir des cryptosystèmes post-quantiques en raison de sa rapidité et de la faible taille de ses clés. Le but de cette thèse est d'étudier les problèmes difficiles en métrique rang et les algorithmes permettant de les résoudre, ainsi que de chercher de nouvelles attaques et de nouvelles primitives basées sur ces problèmes.Security of public keys cryptography is based on difficult mathematic problems, especially in number field theory, such as the factorization for RSA or the discrete logarithm for ElGamal. However, algorithms are more and more efficient to solve these problems. Furthermore, quantum computers would be able to easily break these cryptosystems. Code-based cryptography in rank metric is a solid candidate to design new postquatum cryptosystems since it is fast and has low weight keysize. The goals of this thesis are to study hard problems in rank metric and algorithms which solve them, also to search for new attacks and new primitives based on these problems

Etude des déterminants de la consommation urbaine en viandes en Afrique de l'Ouest (l'exemple de Dakar)

MONTPELLIER-SupAgro La Gaillarde (341722306) / SudocSudocFranceF

RankSynd a PRNG Based on Rank Metric

International audienceIn this paper, we consider a pseudo-random generator based on the difficulty of the syndrome decoding problem for rank metric codes. We also study the resistance of this problem against a quantum computer. Our results show that with rank metric it is possible to obtain fast PRNG with small public data, without considering additional structure for public matrices like quasi-cyclicity for Hamming distance

Improvement of Generic Attacks on the Rank Syndrome Decoding Problem

Rank metric code-based cryptography exists for several years. The security of many cryptosystems is based on the difficulty of decoding a random code. Any improvement in the complexity of the best decoding algorithms can have a big impact on the security of these schemes. In this article, we present an improvement on the recent GRS algorithm [1] and we obtain a complexity of O ((n − k)^ 3 m^3 q^( w (k+1)m/ n −m ))for decoding an error of weight w in an [n, k] F 2 m-linear code

Low Rank Parity Check Codes: New Decoding Algorithms and Applications to Cryptography

We introduce a new family of rank metric codes: Low Rank Parity Check codes (LRPC), for which we propose an efficient probabilistic decoding algorithm. This family of codes can be seen as the equivalent of classical LDPC codes for the rank metric. We then use these codes to design cryptosystems \`a la McEliece: more precisely we propose two schemes for key encapsulation mechanism (KEM) and public key encryption (PKE). Unlike rank metric codes used in previous encryption algorithms -notably Gabidulin codes - LRPC codes have a very weak algebraic structure. Our cryptosystems can be seen as an equivalent of the NTRU cryptosystem (and also to the more recent MDPC \cite{MTSB12} cryptosystem) in a rank metric context. The present paper is an extended version of the article introducing LRPC codes, with important new contributions. We have improved the decoder thanks to a new approach which allows for decoding of errors of higher rank weight, namely up to $\frac{2}{3}(n-k)$ when the previous decoding algorithm only decodes up to $\frac{n-k}{2}$ errors. Our codes therefore outperform the classical Gabidulin code decoder which deals with weights up to $\frac{n-k}{2}$. This comes at the expense of probabilistic decoding, but the decoding error probability can be made arbitrarily small. The new approach can also be used to decrease the decoding error probability of previous schemes, which is especially useful for cryptography. Finally, we introduce ideal rank codes, which generalize double-circulant rank codes and allow us to avoid known structural attacks based on folding. To conclude, we propose different parameter sizes for our schemes and we obtain a public key of 3337 bits for key exchange and 5893 bits for public key encryption, both for 128 bits of security.Comment: submitted to Transactions on Information Theor

A New Algorithm for Solving the Rank Syndrome Decoding Problem

International audienceIn this paper, we propose an improvement of the attack on the Rank Syndrome Decoding (RSD) problem found in [1], usually the best attack considered for evaluating the security of rank based cryptosystems. For H a full-rank (n − k) × n matrix over Fqm and e ∈ F n q m of small norm r, the RSD problem consists in recovering e from s = He T. In our case, the norm of a vector over Fqm is defined by the dimension of the Fq-subspace generated by its coordinates. This problem is very similar to the Syndrome Decoding problem in the Hamming metric (only the metric and the field of the coefficients are different) and the security of several cryptosystems relies on its hardness, like McEliece-based PKE [2], [3] or IBE [4]. Our attack is in O (n − k) 3 m 3 q w (k+1)m n −m operations in Fq whereas the previous best attacks are in O (n − k) 3 m 3 q (w−1) min (k+1)m n ,k+1 [1], [5]. In particular in the case m ≤ n, our attack permits to obtain an exponential gain in q m(1−R) for R = k/n the rate of the code. We give examples of broken parameters for recently proposed cryptosystems based on LRPC codes or Gabidulin codes. Our attack does not fully break these cryptosystems but implies larger parameters for the same security levels

LAKE - Low rAnk parity check codes Key Exchange

Submission to the NIST post quantum standardization process. 201