Vulnerabilities of the McEliece Variants Based on Polar Codes

  • Vlad DrăgoiEmail author
  • Valeriu Beiu
  • Dominic Bucerzan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


Several variants of the McEliece public key encryption scheme present interesting properties for post-quantum cryptography. In this article we pursue a study of one potential variation, namely the McEliece scheme based on polar codes, and, more generally, based on any weakly decreasing monomial code. Recently, both polar as well as Reed-Muller codes were redefined using a polynomial formalism using different partial orders on the set of monomials over the ring of polynomials of m variables with coefficients in \(\mathbb {F}_2\). We use this approach to study the star product of two weakly decreasing monomial codes and determine its dimension. With these results at hand, we will identify particular types of weakly decreasing monomial codes for which the star product allows for an efficient distinguisher. These results support our quest for efficient key recovery attacks against these variants of the McEliece scheme.


Post-quantum cryptography McEliece public key encryption scheme Polar code Square code attack Decreasing monomial code 



This work was partially supported by the European Union through the European Regional Development Fund (ERDF) under the Competitiveness Operational Program (BioCell-NanoART = Novel Bio-inspired Cellular Nano-architectures, POC-A1.1.4-E-2015 nr. 30/01.09.2016).


  1. 1.
    Arıkan, E.: Channel polarization: A method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory 55(7), 3051–3073 (2009)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Baldi, M., Bodrato, M., Chiaraluce, F.: A new analysis of the McEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008). Scholar
  3. 3.
    Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT, Nice, France, pp. 2591–2595, June 2007Google Scholar
  4. 4.
    Bardet, M., Chaulet, J., Dragoi, V., Otmani, A., Tillich, J.-P.: Cryptanalysis of the McEliece public key cryptosystem based on polar codes. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 118–143. Springer, Cham (2016). Scholar
  5. 5.
    Bardet, M., Dragoi, V., Otmani, A., Tillich, J.P.: Algebraic properties of polar codes from a new polynomial formalism. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT, Barcelona, Spain, pp. 230–234, July 2016Google Scholar
  6. 6.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: How \(1+1=0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). Scholar
  7. 7.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J., Lange, T., Peters, C.: Wild McEliece. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 143–158. Springer, Heidelberg (2011). Scholar
  9. 9.
    Bucerzan, D., Dragoi, V., Kalachi, H.T.: Evolution of the McEliece public key encryption scheme. In: Farshim, P., Simion, E. (eds.) SecITC 2017. LNCS, vol. 10543, pp. 129–149. Springer, Cham (2017). Scholar
  10. 10.
    Canteaut, A., Chabanne, H.: A further improvement of the work factor in an attempt at breaking McEliece’s cryptosystem. In: Proceedings of the International Symposium on Coding Theory and Applications - EUROCODE 1994, pp. 169–173 (1994)Google Scholar
  11. 11.
    Canto-Torres, R., Sendrier, N.: Analysis of information set decoding for a sub-linear error weight. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 144–161. Springer, Cham (2016). Scholar
  12. 12.
    Chen, L., et al.: Report on post-quantum cryptography. Technical Report, National Institute of Standards and Technology (2016)Google Scholar
  13. 13.
    Chizhov, I.V., Borodin, M.A.: Effective attack on the McEliece cryptosystem based on Reed-Muller codes. Discrete Math. Appl. 24(5), 273–280 (2014)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Couvreur, A., Gaborit, P., Gauthier-Umaña, V., Otmani, A., Tillich, J.P.: Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes. Des. Codes Crypt. 73(2), 641–666 (2014)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Debris-Alazard, T., Sendrier, N., Tillich, J.: A new signature scheme based on \((u | u+v)\) codes. CoRR abs/1706.08065 (2017).
  16. 16.
    Dragoi, V.: Algebraic approach for the study of algorithmic problems coming from cryptography and the theory of error correcting codes. Ph.D. thesis, Université de Rouen, France, July 2017Google Scholar
  17. 17.
    Drăgoi, V., Richmond, T., Bucerzan, D., Legay, A.: Survey on cryptanalysis of code-based cryptography: From theoretical to physical attacks. In: International Conference on Computers Communications and Control - ICCCC, Oradea, Romania, pp. 215–223, May 2018Google Scholar
  18. 18.
    Dumer, I.: Two decoding algorithms for linear codes. Prob. Inf. Transm. 25(1), 17–23 (1989)zbMATHGoogle Scholar
  19. 19.
    Faugère, J.C., Gauthier, V., Otmani, A., Perret, L., Tillich, J.P.: A distinguisher for high rate McEliece cryptosystems. IEEE Trans. Inf. Theory 59(10), 6830–6844 (2013)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Folding alternant and Goppa codes with non-trivial automorphism groups. IEEE Trans. Inf. Theory 62(1), 184–198 (2016)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Structural cryptanalysis of McEliece schemes with compact keys. Des. Codes Crypt. 79(1), 87–112 (2016)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Faugère, J.-C., Perret, L., de Portzamparc, F.: Algebraic attack against variants of McEliece with Goppa polynomial of a special form. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 21–41. Springer, Heidelberg (2014). Scholar
  23. 23.
    Feynman, R.P.: Simulating physics with computers. Int. J. Theor. Phys. 21(6), 467–488 (1982)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Hooshmand, R., Shooshtari, M.K., Eghlidos, T., Aref, M.: Reducing the key length of McEliece cryptosystem using polar codes. In: International ISC Conference on Information Security and Cryptology - ISCISC, Teheran, Iran, pp. 104–108, September 2014Google Scholar
  25. 25.
    Janwa, H., Moreno, O.: McEliece public key cryptosystems using algebraic-geometric codes. Des. Codes Crypt. 8(3), 293–307 (1996)MathSciNetCrossRefGoogle Scholar
  26. 26.
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, 5th edn. North-Holland, Amsterdam (1986)zbMATHGoogle Scholar
  27. 27.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). Scholar
  28. 28.
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). Scholar
  29. 29.
    McEliece, R.J.: A puclic-key system based on algebraic theory, pp. 114–116. The Deep Space Network Progress Report, DSN PR 42–44, January 1978.
  30. 30.
    Minder, L., Shokrollahi, A.: Cryptanalysis of the Sidelnikov cryptosystem. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 347–360. Springer, Heidelberg (2007). Scholar
  31. 31.
    Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: New McEliece variants from moderate density parity-check codes. In: Proceedings of the IEEE International Symposium Information Theory - ISIT, Istanbul, Turkey, pp. 2069–2073, July 2013Google Scholar
  32. 32.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  33. 33.
    Otmani, A., Kalachi, H.T.: Square code attack on a modified Sidelnikov cryptosystem. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E.M. (eds.) C2SI 2015. LNCS, vol. 9084, pp. 173–183. Springer, Cham (2015). Scholar
  34. 34.
    Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 95–145. Springer, Heidelberg (2009). Scholar
  35. 35.
    Persichetti, E.: Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptology 6(2), 149–169 (2012)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Sendrier, N.: On the dimension of the hull. SIAM J. Discrete Math. 10, 282–293 (1997)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Sendrier, N.: On the security of the McEliece public-key cryptosystem. In: Blaum, M., Farrell, P.G., van Tilborg, H.C.A. (eds.) Information, Coding and Mathematics, vol. 687, pp. 141–163. Springer, Boston (2002). Scholar
  40. 40.
    Sendrier, N.: On the use of structured codes in code based cryptography. In: Coding Theory and Cryptography III, pp. 59–68 (2010)Google Scholar
  41. 41.
    Shrestha, S.R., Kim, Y.S.: New McEliece cryptosystem based on polar codes as a candidate for post-quantum cryptography. In: International Symposium on Communication and Information Technologies - ISCIT, Incheon, Korea, pp. 368–372, September 2014Google Scholar
  42. 42.
    Sidelnikov, V.M.: A public-key cryptosytem based on Reed-Muller codes. Discrete Math. Appl. 4(3), 191–207 (1994)MathSciNetCrossRefGoogle Scholar
  43. 43.
    Wieschebrink, C.: Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. IACR Cryptology ePrint Archive, Report 2009/452 (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.“Aurel Vlaicu” University of AradAradRomania
  2. 2.Normandie University, LITISMont-Saint-AignanFrance

Personalised recommendations