Reducing the Key Size of McEliece Cryptosystem from Automorphism-induced Goppa Codes via Permutations

In this paper, we propose a new general construction to reduce the public key size of McEliece cryptosystems constructed from automorphism-induced Goppa codes. In particular, we generalize the ideas of automorphism-induced Goppa codes by considering nontrivial subsets of automorphism groups to construct Goppa codes with a nice block structure. By considering additive and multiplicative automorphism subgroups, we provide explicit constructions to demonstrate our technique. We show that our technique can be applied to automorphism-induced Goppa codes based cryptosystems to further reduce their key sizes

Side Channel Information Set Decoding using Iterative Chunking

This paper presents an attack based on side-channel information and Information Set Decoding (ISD) on the Niederreiter cryptosystem and an evaluation of the practicality of the attack using an electromagnetic side channel. First, we describe a basic plaintext-recovery attack on the decryption algorithm of the Niederreiter cryptosystem. In case the cryptosystem is used as Key-Encapsulation Mechanism (KEM) in a key exchange, the plaintext corresponds to a session key. Our attack is an adaptation of the timing side-channel plaintext-recovery attack by Shoufan et al. from 2010 on the McEliece cryptosystem using the non-constant time Patterson’s decoding algorithm to the Niederreiter cryptosystem using the constant time Berlekamp-Massey decoding algorithm. We then enhance our attack by utilizing an ISD approach to support the basic attack and we introduce iterative column chunking to further significantly reduce the number of required side-channel measurements. We theoretically show that our attack improvements have a significant impact on reducing the number of required side-channel measurements. Our practical evaluation of the attack targets the FPGA-implementation of the Niederreiter cryptosystem in the NIST submission Classic McEliece with a constant time decoding algorithm and is feasible for all proposed parameters sets of this submission. For example, for the 256bit-security parameter set kem/mceliece6960119 we improve the basic attack that requires 5415 measurements to on average of about 560 measurements to mount a successful plaintext recovery attack. Further reductions can be achieved at increasing cost of the ISD computations

Identity and European integration : diversity as a source of integration

This article explores the concept of European Union identity and its significance for European integration by drawing upon insights from theories of nationalism and national identity. European Union identity is viewed as an ongoing process which is banal, contingent and contextual. The central hypothesis is that: European integration facilitates the flourishing of diverse national identities rather than convergence around a single homogeneous European Union identity. The role of the EU as facilitator for diverse understandings of collective identities encourages the enhabitation of the EU at an everyday level and the reinforcement of a sense of banal Europeanism which is a crucial aspect of the European integration process. Facilitating diversity may thus provide a vital source of dynamism for the integration process

Cubature Formulae, Polytopes, and Spherical Designs

The construction of a cubature formula of strength t for the unit sphere Ω d in ℝ d amounts to finding finite sets X 1,..., X N ⊂ Ω d and coefficients a 1,..., a N ∈ ℝ such that|Ωd|−1∫Ωdf(ξ)dω(ξ)=∑i=1Nai|Xi|−1∑x∈Xιf(x),(1.1)for all functions f represented on Ω d by polynomials of degree ⩽ t; cf. [16], [15], [11]. Sobolev [14,15] introduced group theory into the construction of cubature formulae by considering orbits X ι under a finite subgroup G of the orthogonal group O(d). Thus spherical polytopes and root systems (cf. Coxeter [3]) enter the discussion. There are further relations to Coxeter’s work, since the obstruction to higher strength for a cubature formula is caused essentially by the existence of certain invariants. For finite groups generated by reflections, the theory of exponents and invariants goes back to Coxeter [4]

Recovering short secret keys of RLCE encryption scheme in polynomial time

International audienceWe present a key recovery attack against Y. Wang's Random Linear Code Encryption (RLCE) scheme recently submitted to the NIST call for post-quantum cryptography. This attack recovers the secret key for all the short key parameters proposed by the author

FPGA-based key generator for the Niederreiter cryptosystem using binary goppa codes

This paper presents a post-quantum secure, efficient, and tunable FPGA implementation of the key-generation algorithm for the Niederreiter cryptosystem using binary Goppa codes. Our key-generator implementation requires as few as 896,052 cycles to produce both public and private portions of a key, and can achieve an estimated frequency Fmax of over 240 MHz when synthesized for Stratix V FPGAs. To the best of our knowledge, this work is the first hardware-based implementation that works with parameters equivalent to, or exceeding, the recommended 128-bit “post-quantum security” level. The key generator can produce a key pair for parameters m=13, t=119, and n=6960 in only 3.7 ms when no systemization failure occurs, and in 3.5⋅3.7 ms on average. To achieve such performance, we implemented an optimized and parameterized Gaussian systemizer for matrix systemization, which works for any large-sized matrix over any binary field GF(2m). Our work also presents an FPGA-based implementation of the Gao-Mateer additive FFT, which only takes about 1000 clock cycles to finish the evaluation of a degree-119 polynomial at 213 data points. The Verilog HDL code of our key generator is parameterized and partly code-generated using Python and Sage. It can be synthesized for different parameters, not just the ones shown in this paper. We tested the design using a Sage reference implementation, iVerilog simulation, and on real FPGA hardware