Identity-Based Encryption from Codes with Rank Metric

  • Philippe Gaborit
  • Adrien Hauteville
  • Duong Hieu Phan
  • Jean-Pierre Tillich
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10403)


Code-based cryptography has a long history, almost as long as the history of public-key encryption (\({\mathsf {PKE}}\)). While we can construct almost all primitives from codes such as \({\mathsf {PKE}}\), signature, group signature etc., it is a long standing open problem to construct an identity-based encryption from codes. We solve this problem by relying on codes with rank metric.

The concept of identity-based encryption (\({\mathsf {IBE}}\)), introduced by Shamir in 1984, allows the use of users’ identifier information such as email as public key for encryption. There are two problems that makes the design of IBE extremely hard: the requirement that the public key can be an arbitrary string and the possibility to extract decryption keys from the public keys. In fact, it took nearly twenty years for the problem of designing an efficient method to implement an \({\mathsf {IBE}}\) to be solved. The known methods of designing \({\mathsf {IBE}}\) are based on different tools: from elliptic curve pairings by Sakai, Ohgishi and Kasahara and by Boneh and Franklin in 2000 and 2001 respectively; from the quadratic residue problem by Cocks in 2001; and finally from the Learning-with-Error problem by Gentry, Peikert, and Vaikuntanathan in 2008.

Among all candidates for post-quantum cryptography, there only exist thus lattice-based \({\mathsf {IBE}}\). In this paper, we propose a new method, based on the hardness of learning problems with rank metric, to design the first code-based \({\mathsf {IBE}}\) scheme. In order to overcome the two above problems in designing an \({\mathsf {IBE}}\) scheme, we first construct a rank-based \({\mathsf {PKE}}\), called \({\mathsf {RankPKE}}\), where the public key space is dense and thus can be obtained from a hash of any identity. We then extract a decryption key from any public key by constructing an trapdoor function which relies on \({\mathsf {RankSign}}\) - a signature scheme from PQCrypto 2014.

In order to prove the security of our schemes, we introduced a new problem for rank metric: the Rank Support Learning problem (\(\mathsf {RSL}\)). A high technical contribution of the paper is devoted to study in details the hardness of the \(\mathsf {RSL}\) problem.


Code-based cryptography Rank metric IBE PKE 



This work has been supported in part by the French ANR projects ALAMBIC (ANR-16-CE39-0006) and ID-FIX (ANR-16-CE39-0004). The work of Adrien Hauteville and Jean-Pierre Tillich was also supported in part by the European Commission through the ICT programme under contract H2020- ICT-2014-1 645622 PQCRYPTO. The authors would also like to thank warmly the reviewers for their insightful remarks (and especially the last reviewer for his remarks and his very detailed review that helped a lot to improve the editorial quality of this paper).


  1. 1.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_28 CrossRefGoogle Scholar
  2. 2.
    Alekhnovich, M.: More on average case vs approximation complexity. Comput. Complex. 20(4), 755–786 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Applebaum, B.: Cryptography with constant input locality. Cryptography in Constant Parallel Time. ISC, pp. 147–185. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-17367-7_8 CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Misoczki, R., Simplicio Jr., M.A.: One-time signature scheme from syndrome decoding over generic error-correcting codes. J. Syst. Softw. 84(2), 198–204 (2011)CrossRefGoogle Scholar
  5. 5.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory 24(3), 384–386 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Bettale, L.: Cryptanalyse algébrique : outils et applications. PhD thesis, Université Pierre et Marie Curie - Paris 6 (2012)Google Scholar
  7. 7.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). doi: 10.1007/BFb0054851 CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_14 CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_27 CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_13 CrossRefGoogle Scholar
  11. 11.
    Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_29 CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265–294 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_27 CrossRefGoogle Scholar
  14. 14.
    Cayrel, P.-L., Otmani, A., Vergnaud, D.: On kabatianskii-krouk-smeets signatures. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 237–251. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-73074-3_18 CrossRefGoogle Scholar
  15. 15.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). doi: 10.1007/3-540-45325-3_32 CrossRefGoogle Scholar
  16. 16.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a mceliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_10 CrossRefGoogle Scholar
  17. 17.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_2 CrossRefGoogle Scholar
  19. 19.
    Faugère, J.-C., El Din, M.S., Spaenlehauer, P.-J.: Computing loci of rank defects of linear matrices using gröbner bases and applications to cryptology. In: Proceedings of the ISSAC 2010, pp. 257–264 (2010)Google Scholar
  20. 20.
    Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of minrank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_16 CrossRefGoogle Scholar
  21. 21.
    Ernest Mukhamedovich Gabidulin: Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21(1), 3–16 (1985)MathSciNetGoogle Scholar
  22. 22.
    Gabidulin, E.M., Paramonov, A.V., Tretjakov, O.V.: Ideals over a non-commutative ring and their application in cryptology. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 482–489. Springer, Heidelberg (1991). doi: 10.1007/3-540-46416-6_41 CrossRefGoogle Scholar
  23. 23.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), Bergen, Norway, pp. 81–91, March 2005Google Scholar
  24. 24.
    Gaborit, P., Hauteville, A., Tillich, J.-P.: RankSynd a PRNG based on rank metric. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 18–28. Springer, Cham (2016). doi: 10.1007/978-3-319-29360-8_2 CrossRefGoogle Scholar
  25. 25.
    Gaborit, P., Murat, G., Ruatta, O., Zémor, G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the Workshop on Coding and Cryptography WCC 2013, Bergen, Norway (2013).
  26. 26.
    Gaborit, P., Phan, D.H., Hauteville, A., Tillich, J.-P.: Identity-based encryption from codes with rank metric, full version (2017). Available on ePrint.
  27. 27.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: RankSign: an efficient signature algorithm based on the rank metric. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 88–107. Springer, Cham (2014). doi: 10.1007/978-3-319-11659-4_6 Google Scholar
  29. 29.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006). doi: 10.1007/11761679_27 CrossRefGoogle Scholar
  31. 31.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 197–206. ACM Press, May 2008Google Scholar
  32. 32.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Hauteville, A., Tillich, J.-P.: New algorithms for decoding in the rank metric and an attack on the LRPC cryptosystem (2015). arXiv:abs/1504.05431
  34. 34.
    Kabatianskii, G., Krouk, E., Smeets, B.: A digital signature scheme based on random error-correcting codes. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 161–167. Springer, Heidelberg (1997). doi: 10.1007/BFb0024461 CrossRefGoogle Scholar
  35. 35.
    Kabatianskii, G., Krouk, E., Smeets, B.J.M.: Error Correcting Coding and Security for Data Networks: Analysis of the Superchannel Concept. Wiley, Hoboken (2005)CrossRefzbMATHGoogle Scholar
  36. 36.
    Lévy-dit Vehel, F., Perret, L.: Algebraic decoding of codes in rank metric. In: Proceedings of YACC 2006, Porquerolles, France, June 2006.
  37. 37.
    Loidreau, P.: Properties of codes in rank metric (2006)Google Scholar
  38. 38.
    Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: New McEliece variants from moderate density parity-check codes. IACR Cryptology ePrint Archive, Report 2012/409 (2012)Google Scholar
  39. 39.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  40. 40.
    Otmani, A., Tillich, J.-P.: An efficient attack on all concrete KKS proposals. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 98–116. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25405-5_7 CrossRefGoogle Scholar
  41. 41.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press, May 2005Google Scholar
  42. 42.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SCIS 2000, Okinawa, Japan, January 2000Google Scholar
  43. 43.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_5 CrossRefGoogle Scholar
  44. 44.
    Silva, D., Kschischang, F.R., Kötter, R.: Communication over finite-field matrix channels. IEEE Trans. Inf. Theory 56(3), 1296–1305 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    von zur Gathen, J., Gerhard, J.: Modern Computer Algebra. Cambridge University Press, New York (2003)Google Scholar
  46. 46.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_36 CrossRefGoogle Scholar
  47. 47.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). doi: 10.1007/11426639_7 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Philippe Gaborit
    • 1
  • Adrien Hauteville
    • 1
    • 2
  • Duong Hieu Phan
    • 1
  • Jean-Pierre Tillich
    • 2
  1. 1.Université de LimogesLimoges CedexFrance
  2. 2.Inria de ParisParis Cedex 12France

Personalised recommendations