LEDAkem: A Post-quantum Key Encapsulation Mechanism Based on QC-LDPC Codes

  • Marco BaldiEmail author
  • Alessandro Barenghi
  • Franco Chiaraluce
  • Gerardo Pelosi
  • Paolo Santini
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)


This work presents a new code-based key encapsulation mechanism (KEM) called LEDAkem. It is built on the Niederreiter cryptosystem and relies on quasi-cyclic low-density parity-check codes as secret codes, providing high decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known statistical attacks, and takes advantage of a new decoding algorithm that provides faster decoding than the classical bit-flipping decoder commonly adopted in this kind of systems. The main attacks against LEDAkem are investigated, taking into account quantum speedups. Some instances of LEDAkem are designed to achieve different security levels against classical and quantum computers. Some performance figures obtained through an efficient C99 implementation of LEDAkem are provided.


Code-based cryptography Key encapsulation mechanism Niederreiter cryptosystem Post-quantum cryptography Quasi-cyclic low-density parity-check codes 



Paolo Santini was partly funded by Namirial SpA.


  1. 1.
    Aragon, N., Barreto, P.S.L.M., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Gueron, S., Güneysu, T., Melchor, C.A., Misoczki, R., Persichetti, E., Sendrier, N., Tillich, J.P., Zémor, G.: BIKE: bit flipping key encapsulation (2017).
  2. 2.
    Baldi, M., Bianchi, M., Chiaraluce, F.: Optimization of the parity-check matrix density in QC-LDPC code-based McEliece cryptosystems. In: Proceedings of the IEEE ICC 2013 - Workshop on Information Security over Noisy and Lossy Communication Systems, Budapest, Hungary, June 2013Google Scholar
  3. 3.
    Baldi, M., Bodrato, M., Chiaraluce, F.: A new analysis of the McEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008). Scholar
  4. 4.
    Baldi, M.: QC-LDPC Code-Based Cryptography. SpringerBriefs in Electrical and Computer Engineering. Springer, Cham (2014). Scholar
  5. 5.
    Baldi, M., Barenghi, A., Chiaraluce, F., Pelosi, G., Santini, P.: LEDAkem: Low dEnsity coDe-bAsed key encapsulation mechanism (2017).
  6. 6.
    Baldi, M., Bianchi, M., Chiaraluce, F.: Security and complexity of the McEliece cryptosystem based on QC-LDPC codes. IET Inf. Secur. 7(3), 212–220 (2012)CrossRefGoogle Scholar
  7. 7.
    Baldi, M., Bianchi, M., Chiaraluce, F., Rosenthal, J., Schipani, D.: Enhanced public key security for the McEliece cryptosystem. J. Cryptol. 29(1), 1–27 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Bardet, M., Barelli, E., Blazy, O., Torres, R.C., Couvreur, A., Gaborit, P., Otmani, A., Sendrier, N., Tillich, J.P.: BIG QUAKE: BInary Goppa QUAsi-cyclic Key Encapsulation (2017).
  9. 9.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: how 1 + 1 = 0 improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). Scholar
  10. 10.
    Berger, T.P., Loidreau, P.: How to mask the structure of codes for a cryptographic use. Des. Codes Crypt. 35(1), 63–79 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). Scholar
  13. 13.
    Cayrel, P.-L., Gueye, C.T., Mboup, E.H.M., Ndiaye, O., Persichetti, E.: Efficient implementation of hybrid encryption from coding theory. In: El Hajji, S., Nitaj, A., Souidi, E.M. (eds.) C2SI 2017. LNCS, vol. 10194, pp. 254–264. Springer, Cham (2017). Scholar
  14. 14.
    Chaulet, J., Sendrier, N.: Worst case QC-MDPC decoder for McEliece cryptosystem. In: Proceedings of the IEEE International Symposium on Information Theory (ISIT 2016), Barcelona, Spain, pp. 1366–1370, July 2016Google Scholar
  15. 15.
    Fabšič, T., Gallo, O., Hromada, V.: Simple power analysis attack on the QC-LDPC McEliece cryptosystem. Tatra Mt. Math. Pub. 67(1), 85–92 (2016)MathSciNetzbMATHGoogle Scholar
  16. 16.
    Fabšič, T., Hromada, V., Stankovski, P., Zajac, P., Guo, Q., Johansson, T.: A reaction attack on the QC-LDPC McEliece cryptosystem. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 51–68. Springer, Cham (2017). Scholar
  17. 17.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the International Workshop on Coding and Cryptography (WCC 2005), Bergen, Norway, pp. 81–90, March 2005Google Scholar
  18. 18.
    Goppa, V.D.: A new class of linear correcting codes. Probl. Pered. Inform. 6(3), 24–30 (1970)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th Annual ACM Symposium on the Theory of Computing, Philadelphia, PA, pp. 212–219, May 1996Google Scholar
  20. 20.
    Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). Scholar
  21. 21.
    Hofheinz, D., Hvelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive, Report 2017/604 (2017).
  22. 22.
    Kachigar, G., Tillich, J.-P.: Quantum information set decoding algorithms. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 69–89. Springer, Cham (2017). Scholar
  23. 23.
    Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988). Scholar
  24. 24.
    Leon, J.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans. Inf. Theory 34(5), 1354–1359 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Li, Y.X., Deng, R., Wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans. Inf. Theory 40(1), 271–273 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Löndahl, C., Johansson, T.: A new version of McEliece PKC based on convolutional codes. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 461–470. Springer, Heidelberg (2012). Scholar
  27. 27.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). Scholar
  28. 28.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Progress Report, pp. 114–116 (1978)Google Scholar
  29. 29.
    Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: 2013 IEEE International Symposium on Information Theory, pp. 2069–2073, July 2013Google Scholar
  30. 30.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009). Scholar
  31. 31.
    Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: Proceedings of the IEEE International Symposium on Information Theory (ISIT 2000), Sorrento, Italy, p. 215, June 2000Google Scholar
  32. 32.
    National Institute of Standards and Technology: Post-quantum crypto project, December 2016.
  33. 33.
    Niebuhr, R., Persichetti, E., Cayrel, P.L., Bulygin, S., Buchmann, J.: On lower bounds for information set decoding over \(f_q\) and on the effect of partial knowledge. Int. J. Inf. Coding Theory 4(1), 47–78 (2017)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15, 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  35. 35.
    Otmani, A., Tillich, J.P., Dallot, L.: Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China, April 2008Google Scholar
  36. 36.
    Peters, C.: Information-set decoding for linear codes over \(\mathbf{F}_{q}\). In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 81–94. Springer, Heidelberg (2010). Scholar
  37. 37.
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. Cryptology ePrint Archive, Report 2017/1005 (2017).
  39. 39.
    Sendrier, N.: Decoding one out of many. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 51–67. Springer, Heidelberg (2011). Scholar
  40. 40.
    Shooshtari, M.K., Ahmadian-Attari, M., Johansson, T., Aref, M.R.: Cryptanalysis of McEliece cryptosystem variants based on quasi-cyclic low-density parity check codes. IET Inf. Secur. 10(4), 194–202 (2016)CrossRefGoogle Scholar
  41. 41.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). Scholar
  43. 43.
    de Vries, S.: Achieving 128-bit security against quantum attacks in OpenVPN. Master’s thesis, University of Twente, August 2016.

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Università Politecnica delle MarcheAnconaItaly
  2. 2.Politecnico di MilanoMilanItaly

Personalised recommendations