Semantically Secure McEliece Public-Key Cryptosystems -Conversions for McEliece PKC -

  • Kazukuni Kobara
  • Hideki Imai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1992)


Almost all of the current public-key cryptosystems (PKCs) are based on number theory, such as the integer factoring problem and the discrete logarithm problem (which will be solved in polynomialtime after the emergence of quantum computers). While the McEliece PKC is based on another theory, i. e. coding theory, it is vulnerable against several practical attacks. In this paper, we carefully review currently known attacks to the McEliece PKC, and then point out that, without any decryption oracles or any partial knowledge on the plaintext of the challenge ciphertext, no polynomial-time algorithm is known for inverting the McEliece PKC whose parameters are carefully chosen. Under the assumption that this inverting problem is hard, we propose slightly modified versions of McEliece PKC that can be proven,in the random oracle model, to be semantically secure against adaptive chosen-ciphertext attacks. Our conversions can achieve the reduction of the redundant data down to 1 /3 ~1 /4 compared with the generic conversions for practical parameters.


Generic Conversion Error Vector Random Oracle Discrete Logarithm Problem Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    C.M. Adams and H. Meijer.“Security-Related Comments Regarding McEliece’ s Public-Key Cryptosystem ”. In Proc. of CRYPTO’ 87, LNCS 293, pages 224–228. Springer-Verlag, 1988.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway.“Optimal Asymmetric Encryption ”. In Proc. of EUROCRYPT’ 94, LNCS 950, pages 92–111, 1995.Google Scholar
  3. 3.
    T. Berson.“Failure of the McEliece Public-Key Cryptosystem Under MessageResend and Related-Message Attack ”. In Proc. of CRYPTO’ 97, LNCS 1294, pages 213–220. Springer-Verlag, 1997.Google Scholar
  4. 4.
    A. Canteaut and N. Sendrier.“Cryptoanalysis of the Original McEliece Cryptosystem ”. In Proc. of ASIACRYPT’ 98, pages 187–199, 1998.Google Scholar
  5. 5.
    W. Diffie and M. Hellman.“New directions in cryptography ”. IEEE Trans. IT, 22(6): 644–654, 1976.zbMATHMathSciNetGoogle Scholar
  6. 6.
    D. Dolve, C. Dwork, and M. Naor.“Non-Malleable Cryptography ”. In Proc. of the 23rd STOC. ACM Press, 1991.Google Scholar
  7. 7.
    T. ElGamal.“A public-key cryptosystem and a signature scheme bsed on discrete logarithms ”. In Proc. of CRYPTO’ 84, pages 10–18, 1985.Google Scholar
  8. 8.
    E. Fujisaki and T. Okamoto.“ How to Enhance the Security of Public-Key Encryption at Minimum Cost ”. In Proc. of PKC’ 99, LNCS 1560, pages 53–68, 1999.Google Scholar
  9. 9.
    E. Fujisaki and T. Okamoto.“Secure Integration of Asymmetric and Symmetric Encryption Schemes ”. In Proc. of CRYPTO’ 99, LNCS 1666, pages 535–554, 1999.Google Scholar
  10. 10.
    J.K. Gibson.“Equivalent Goppa Codes and Trapdoors to McEliece’ s Public Key Cryptosystem ”. In Proc. of EUROCRYPT’ 91, LNCS 547, pages 517–521. Springer-Verlag, 1991.Google Scholar
  11. 11.
    S. Goldwasser and S. Micali.“Probabilistic encryption ”. Journal of Computer and System Sciences, pages 270–299, 1984.Google Scholar
  12. 12.
    C. Hall, I. Goldberg, and B. Schneier.“Reaction Attacks Against Several PublicKey Cryptosystems ”. In Proc. of the 2nd International Conference on Information and CommunicationsSecurity (ICICS’ 99), LNCS 1726, pages 2–12, 1999.Google Scholar
  13. 13.
    K. Kobara and H. Imai.“Countermeasure against Reaction Attacks (in Japanese)”. In The 2000 Symposium on Cryptography and Information Security:A12, January 2000.Google Scholar
  14. 14.
    V.I. Korzhik and A.I. Turkin.“Cryptanalysis of McEliece’ s Public-Key Cryptosys tem ”. In Proc. of EUROCRYPT’ 91, LNCS 547, pages 68–70. Springer-Verlag, 1991.Google Scholar
  15. 15.
    P.J. Lee and E.F. Brickell.“An Observation on the Security of McEliece’ s PublicKey Cryptosystem ”. In Proc. of EUROCRYPT’ 88, LNCS 330, pages 275–280. Springer-Verlag, 1988.Google Scholar
  16. 16.
    P. Loidreau.“Strengthening McEliece Cryptosystem ”. In Proc.of ASIACRYPT 2000. Springer-Verlag, 2000.Google Scholar
  17. 17.
    P. Loidreau and N. Sendrier.“Some weak keys in McEliece public-key cryptosystem ”. In Proc. of IEEE International Symposium on Information Theory, ISIT’ 98, page 382, 1998.Google Scholar
  18. 18.
    R.J. McEliece.“A Public-Key Cryptosystem Based on Algebraic Coding Theory ”. In Deep Space Network Progress Report, 1978.Google Scholar
  19. 19.
    A.J. Menezes, P.C. Oorschot, and S.A. Vanstone.“McEliece public-key encryption ”. In “Handbook of Applied Cryptography ”, page 299.CRC Press, 1997.Google Scholar
  20. 20.
    D. Naccache and J. Stern.“A New Cryptosystem based on Higher Residues ”. In Proc. of the 5th CCS, pages 59–66. ACM Press, 1998.Google Scholar
  21. 21.
    T. Okamoto, K. Tanaka, and S. Uchiyama.“Quantum Public-Key Cryptosystems ”. In Proc. of CRYPTO 2000, LNCS 1880, pages 147–165. Springer-Verlag, 2000.Google Scholar
  22. 22.
    T. Okamoto and S. Uchiyama.“A New Public Key Cryptosystem as Secure as Factoring ”. In Proc. of EUROCRYPT’ 98, LNCS 1403, pages 129–146, 1999.Google Scholar
  23. 23.
    P. Paillier.“Public-Key Cryptosystems Based on Discrete Logarithms Residues ”. In Proc. of EUROCRYPT’ 99, LNCS 1592, pages 223–238. Springer-Verlag, 1999.Google Scholar
  24. 24.
    D. Pointcheval.“Chosen-Ciphertext Security for Any One-Way Cryptosystem ”. In Proc. of PKC 2000, LNCS 1751, pages 129–146. Springer-Verlag, 2000.Google Scholar
  25. 25.
    P.W. Shor.“Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer ”. SIAM Journal on Computing, 26: 1484–1509, 1997.Google Scholar
  26. 26.
    J. Stern.“A method for finding codewords of small weight ”. In Proc. of Coding Theory and Applications, LNCS 388, pages 106–113. Springer-Verlag, 1989.Google Scholar
  27. 27.
    H.M. Sun.“Improving the Security of the McEliece Public-Key Cryptosystem ”. In Proc. of ASIACRYPT’ 98, pages 200–213, 1998.Google Scholar
  28. 28.
    H.M. Sun.“Further Cryptanalysis of the McEliece Public-Key Cryptosystem ”. IEEE Trans. on communication letters, 4:18–19, 2000.Google Scholar
  29. 29.
    A. Vardy.“The Intractability of Computing the Minimum Distance of a Code ”. IEEE Trans. on IT, 43: 1757–1766, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Kazukuni Kobara
    • 1
  • Hideki Imai
    • 1
  1. 1.Institute of Industrial ScienceThe University of TokyoTokyoJapan

Personalised recommendations