Ouroboros: A Simple, Secure and Efficient Key Exchange Protocol Based on Coding Theory

  • Jean-Christophe Deneuville
  • Philippe Gaborit
  • Gilles Zémor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10346)


We introduce Ouroboros (The Ouroboros symbol is an ancient symbol which represents the notion of cyclicity in many civilizations), a new Key Exchange protocol based on coding theory. The protocol gathers the best properties of the recent MDPC-McEliece and HQC protocols for the Hamming metric: simplicity of decoding and security reduction, based on a double cyclic structure. This yields a simple, secure and efficient approach for key exchange. We obtain the same type of parameters (and almost the same simple decoding) as for MDPC-McEliece, but with a security reduction to decoding random quasi-cyclic codes in the Random Oracle Model.


Post-quantum cryptography Coding theory Key exchange 


  1. 1.
    Aguilar Melchor, C., Blazy, O., Deneuville, J.C., Gaborit, P., Zémor, G.: Efficient encryption from random quasi-cyclic codes. CoRR abs/1612.05572 (2016). http://arxiv.org/abs/1612.05572. 19, 20, 21, 22, 23, 26, 28
  2. 2.
    Alekhnovich, M.: More on average case vs approximation complexity. In: Proceedings of 44th Symposium on Foundations of Computer Science (FOCS 2003), 11–14 October 2003, Cambridge, MA, USA, pp. 298–307 (2003). http://www.cs.toronto.edu/~toni/Courses/PCP/handouts/misha.pdf. 19, 23
  3. 3.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp. 327–343. USENIX Association (2016). https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_alkim.pdf. 27, 32
  4. 4.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography with constant input locality. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 92–110. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74143-5_6. http://www.eng.tau.ac.il/~bennyap/pubs/input-locality-full-revised-1.pdf. 23CrossRefGoogle Scholar
  5. 5.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978). http://authors.library.caltech.edu/5607/1/BERieeetit78.pdf. 22MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Bernstein, D.J.: Grover vs. McEliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 73–80. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-12929-2_6. https://cr.yp.to/codes/grovercode-20091123.pdf. 30CrossRefGoogle Scholar
  7. 7.
    Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society Press May (2015). http://eprints.qut.edu.au/86651/1/main.pdf. 27
  8. 8.
    Canto Torres, R., Sendrier, N.: Analysis of information set decoding for a sub-linear error weight. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 144–161. Springer, Cham (2016). doi: 10.1007/978-3-319-29360-8_10. 30CrossRefGoogle Scholar
  9. 9.
    Chaulet, J., Sendrier, N.: Worst case QC-MDPC decoder for McEliece cryptosystem. In: 2016 IEEE International Symposium on Information Theory (ISIT), pp. 1366–1370. IEEE (2016). https://arxiv.org/pdf/1608.06080.pdf. 24, 30
  10. 10.
    Ding, J.: New cryptographic constructions using generalized learning with errors problem. Cryptology ePrint Archive, Report 2012/387 (2012). http://eprint.iacr.org/2012/387.pdf. 27
  11. 11.
    Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688 (2012). http://eprint.iacr.org/2012/688. 27
  12. 12.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), pp. 81–91 (2005). http://www.unilim.fr/pages_perso/philippe.gaborit/shortIC.ps. 19
  13. 13.
    Hauteville, A., Tillich, J.P.: New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem. In: 2015 IEEE International Symposium on Information Theory (ISIT), pp. 2747–2751. IEEE (2015). https://arxiv.org/pdf/1504.05431.pdf. 23
  14. 14.
    Herranz, J., Hofheinz, D., Kiltz, E.: KEM/DEM: necessary and sufficient conditions for secure hybrid encryption. Cryptology ePrint Archive, Report 2006/265 (2006). http://eprint.iacr.org/2006/265.pdf. 27, 28
  15. 15.
    Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: 2013 IEEE International Symposium on Information Theory Proceedings, pp. 2069–2073. IEEE (2013). https://eprint.iacr.org/2012/409.pdf. 19, 21, 24, 30
  16. 16.
    National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (call for proposal), December 2016. http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf. 27
  17. 17.
    Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014). doi: 10.1007/978-3-319-11659-4_12. http://web.eecs.umich.edu/~cpeikert/pubs/suite.pdf. 27Google Scholar
  18. 18.
    Sendrier, N.: Encoding information into constant weight words. In: International Symposium on Information Theory Proceedings ISIT 2005, pp. 435–438. IEEE (2005). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1523371. 25
  19. 19.
    Sendrier, N.: Decoding one out of many. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 51–67. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25405-5_4. https://eprint.iacr.org/2011/367.pdf. 23, 30CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jean-Christophe Deneuville
    • 1
  • Philippe Gaborit
    • 1
  • Gilles Zémor
    • 2
  1. 1.University of LimogesLimogesFrance
  2. 2.University of BordeauxBordeauxFrance

Personalised recommendations