Fuzzy Authentication using Rank Distance

Fuzzy authentication allows authentication based on the fuzzy matching of two objects, for example based on the similarity of two strings in the Hamming metric, or on the similiarity of two sets in the set difference metric. Aim of this paper is to show other models and algorithms of secure fuzzy authentication, which can be performed using the rank metric. A few schemes are presented which can then be applied in different scenarios and applications.Comment: to appear in Cryptography and Physical Layer Security, Lecture Notes in Electrical Engineering, Springe

An IND-CCA-Secure Code-Based EncryptionScheme Using Rank Metric

The use of rank instead of Hamming metric has been proposed to address the main drawback of code-based cryptography: large key sizes. There exist several Key Encapsulation Mechanisms (KEM) and Public Key Encryption (PKE) schemes using rank metric including some submissions to the NIST call for standardization of Post-Quantum Cryptography. In this work, we present an IND-CCA PKE scheme based on the McEliece adaptation to rank metric proposed by Loidreau at PQC 2017. This IND-CCA PKE scheme based on rank metric does not use a hybrid construction KEM + symmetric encryption. Instead, we take advantage of the bigger message space obtained by the different parameters chosen in rank metric, being able to exchange multiple keys in one ciphertext. Our proposal is designed considering some specific properties of the random error generated during the encryption. We prove our proposal IND-CCA-secure in the QROM by using a security notion called disjoint simulatability introduced by Saito et al. in Eurocrypt 2018. Moreover, we provide security bounds by using the semi-oracles introduced by Ambainis et al

Two attacks on rank metric code-based schemes: RankSign and an IBE scheme

International audienceRankSign [29] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [5] and, moreover , is a fundamental building block of a new Identity-Based-Encryption (IBE) [25]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [5] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [25] IBE scheme by the Hamming metric, then a devastating attack can be found

Unimodular perfect sequences of length p(s)

A new class of unimodular perfect sequences of length p(s), where p is a prime, is proposed. An explicit secondary construction is provided. This construction includes most of the previously known unimodular perfect sequences of length p(s) as special cases. Also the proposed construction is extended to sequences with autocorrelation over Z(pk)(s), V-m2 X Z(pm1), V-k

Perfect codes for metrics generated by primitive 2-error-correcting binary BCH codes

For any positive integer m, a metric on F/sub 2//sup 2m/ is considered which is induced by the quasi-perfect [2/sup m/-1,2/sup m/-2m-1,5] binary BCH code. Constructions of codes are given which are perfect with respect to this metric. In addition, easy decoding methods for these codes are proposed

Unimodular perfect sequences of length p(s)

A new class of unimodular perfect sequences of length p(s), where p is a prime, is proposed. An explicit secondary construction is provided. This construction includes most of the previously known unimodular perfect sequences of length p(s) as special cases. Also the proposed construction is extended to sequences with autocorrelation over Z(pk)(s), V-m2 X Z(pm1), V-k.</p