Compact McEliece keys based on Quasi-Dyadic Srivastava codes

The McEliece cryptosystem is one of the few systems to be considered secure against Quantum attacks. The original scheme is built upon Goppa codes and produces very large keys, hence latest research has focused mainly on trying to reduce the public key size. Previous proposals tried to replace the class of Goppa codes with other families of codes, but this revealed to be an insecure choice. In this paper we introduce a construction based on Generalized Srivastava codes, a large class which include Goppa codes as a special case, that allows relatively short public keys without being vulnerable to known structural attacks

On Linear Complexity of Finite Sequences : Coding Theory and Applications to Cryptography

We define two metrics on vector spaces over a finite field using the linear complexity of finite sequences. We then develop coding theory notions for these metrics and study their properties. We give a Singleton-like bound as well as constructions of subspaces achieving this bound. We also provide an asymptotic Gilbert-Varshamov-like bound for random subspaces. We show how to reduce the problem of finding codewords with given Hamming weight into a problem of finding a vector of a given linear complexity. This implies that our new metric can be used for cryptography in a similar way to what is currently done in the code-based setting

Towards KEM Unification

This paper highlights a particular construction of a correct KEM without failures and without ciphertext expansion from any correct deterministic PKE, and presents a simple tight proof of ROM IND-CCA2 security for the KEM assuming merely OW-CPA security for the PKE. Compared to previous proofs, this proof is simpler, and is also factored into smaller pieces that can be audited independently. In particular, this paper introduces the notion of ``IND-Hash\u27\u27 security and shows that this allows a new separation between checking encryptions and randomizing decapsulations. The KEM is easy to implement in constant time, given a constant-time implementation of the PKE

On Linear Equivalence, Canonical Forms, and Digital Signatures

The LESS signature scheme, introduced in 2020, represents a fresh research direction to obtain practical code-based signatures. LESS is based on the linear equivalence problem for codes, and the scheme is entirely described using matrices, which define both the codes, and the maps between them. It makes sense then, that the performance of the scheme depends on how efficiently such objects can be represented. In this work, we investigate canonical forms for matrices, and how these can be used to obtain very compact signatures. We present a new notion of equivalence for codes, and prove that it reduces to linear equivalence; this means there is no security loss when applying canonical forms to LESS. Additionally, we flesh out a potential application of canonical forms to cryptanalysis, and conclude that this does not improve on existing attacks, for the regime of interest. Finally, we analyze the impact of our technique, showing that it yields a drastic reduction in signature size when compared to the LESS submission, resulting in the smallest sizes for code-based signature schemes based on zero-knowledge

Zero-Knowledge Proofs from the Action Subgraph

In this work, we investigate techniques to amplify the soundness of zero-knowledge proofs of knowledge for cryptographic group actions. We explore the use of a particular graph generated from the group action of random element and provide a fully general protocol with only minimal assumptions on the group action properties. This technique can be seen also as generalization of MPC-in-the-head approach for the context of (non-abelian) group actions. We show that a straightforward translation of the paradigm is unlikely to provide a practical improvement over the simpler construction of a 3-pass Sigma protocol. We then describe a novel approach and show that it yields a computational advantage, therefore laying the ground for new, efficient protocols

On the Hardness of the Lee Syndrome Decoding Problem

In this paper we study the hardness of the syndrome decoding problem over finite rings endowed with the Lee metric. We first prove that the decisional version of the problem is NP-complete, by a reduction from the 3-dimensional matching problem. Then, we study the actual complexity of solving the problem, by translating the best known solvers in the Hamming metric over finite fields to the Lee metric over finite rings, as well as proposing some novel solutions. For the analyzed algorithms, we assess the computational complexity in both the finite and asymptotic regimes.Comment: Part of this work appeared as preliminary results in arXiv:2001.0842

Cutting the GRASS: Threshold GRoup Action Signature Schemes

Group actions are fundamental mathematical tools, with a long history of use in cryptography. Indeed, the action of finite groups at the basis of the discrete logarithm problem is behind a very large portion of modern cryptographic systems. With the advent of post-quantum cryptography, however, the method for building protocols shifted towards a different paradigm, centered on the difficulty of discerning \u27noisy\u27 objects, as is the case for lattices, codes, and multivariate systems. This method yields promising results for \u27core\u27 primitives such as encryption or signature, but can be less than ideal in the case when more advanced functionalities are required. In this work, we show that isomorphism problems which stem from cryptographic group actions, can be viable building blocks for threshold signature schemes. In particular, we construct a full $N$-out-of-$N$ threshold signature scheme, and discuss the efficiency issues arising from extending it to the generic $T$-out-of-$N$ case. To give a practical outlook on our constructions, we instantiate them with the LESS and MEDS frameworks, which are two flavors of code-based cryptographic group actions. Finally, we highlight some ideas that would allow for a more efficient and compact $(T,N)$ threshold variant of LESS, whose security relies on new hardness assumptions

Cryptanalysis of a Code-Based Signature Scheme Based on the Lyubashevsky Framework

In this paper we cryptanalyze a recently proposed signature scheme consisting in a translation of the Lyubashevsky framework to the coding theory, whose security is based on the hardness of decoding low weight errors in the Hamming metric. We show that each produced signature leaks information about the secret key and that, after the observation of a bunch of signatures, the secret key can be fully recovered with simple linear algebra. We conservatively assess the complexity of our proposed attack and show that it grows polynomially in the scheme parameters; numerical simulations are used to confirm our analysis. Our results show that the weakness of the scheme is intrinsic by design, and that security cannot be restored by a mere change in the parameters

A Note on Non-Interactive Key Exchange from Code Equivalence

A recent paper by Zhang and Zhang claims to construct the first code-based non-interactive key exchange protocol, using a modified version of the Code Equivalence problem. We explain why this approach is flawed, and consequently debunk this claim. A simple Magma script confirms our results