Attacking and Defending the McEliece Cryptosystem

Daniel J. Bernstein; Tanja Lange; Christiane Peters

doi:10.1007/978-3-540-88403-3_3

International Workshop on Post-Quantum Cryptography

PQCrypto 2008: Post-Quantum Cryptography pp 31-46

Attacking and Defending the McEliece Cryptosystem

Authors
Authors and affiliations

Daniel J. Bernstein
Tanja Lange
Christiane Peters

Conference paper

DOI: 10.1007/978-3-540-88403-3_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5299)

Cite this paper as:: Bernstein D.J., Lange T., Peters C. (2008) Attacking and Defending the McEliece Cryptosystem. In: Buchmann J., Ding J. (eds) Post-Quantum Cryptography. PQCrypto 2008. Lecture Notes in Computer Science, vol 5299. Springer, Berlin, Heidelberg

Abstract

This paper presents several improvements to Stern’s attack on the McEliece cryptosystem and achieves results considerably better than Canteaut et al. This paper shows that the system with the originally proposed parameters can be broken in just 1400 days by a single 2.4GHz Core 2 Quad CPU, or 7 days by a cluster of 200 CPUs. This attack has been implemented and is now in progress.

This paper proposes new parameters for the McEliece and Niederreiter cryptosystems achieving standard levels of security against all known attacks. The new parameters take account of the improved attack; the recent introduction of list decoding for binary Goppa codes; and the possibility of choosing code lengths that are not a power of 2. The resulting public-key sizes are considerably smaller than previous parameter choices for the same level of security.

Keywords

McEliece cryptosystem Stern attack minimal weight code word list decoding binary Goppa codes security analysis

Preview

Unable to display preview. Download preview PDF.

References

1.
Bard, G.V.: Accelerating cryptanalysis with the Method of Four Russians. Cryptology ePrint Archive: Report 2006/251 (2006), http://eprint.iacr.org/2006/251
2.
Bernstein, D.J.: List decoding for binary Goppa codes (2008), http://cr.yp.to/papers.html#goppalist
3.
Canteaut, A., Chabanne, H.: A further improvement of the work factor in an attempt at breaking McEliece’s cryptosystem. In: Charpin, P. (ed.) EUROCODE 1994 (1994), http://www.inria.fr/rrrt/rr-2227.html
4.
Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)MathSciNetCrossRefMATHGoogle Scholar
5.
Canteaut, A., Sendrier, N.: Cryptanalysis of the original McEliece cryptosystem. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 187–199. Springer, Heidelberg (1998)CrossRefGoogle Scholar
6.
Engelbert, D., Overbeck, R., Schmidt, A.: A summary of McEliece-type cryptosystems and their security. Cryptology ePrint Archive: Report 2006/162 (2006), http://eprint.iacr.org/2006/162
7.
Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988)CrossRefGoogle Scholar
8.
Leon, J.S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Transactions on Information Theory 34(5), 1354–1359 (1988)MathSciNetCrossRefMATHGoogle Scholar
9.
Li, Y.X., Deng, R.H., Wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Transactions on Information Theory 40(1), 271–273 (1994)MathSciNetCrossRefMATHGoogle Scholar
10.
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory, Jet Propulsion Laboratory DSN Progress Report, 42–44 (1978), http://ipnpr.jpl.nasa.gov/progress_report2/42-44/44N.PDF
11.
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory. Problemy Upravlenija i Teorii Informacii 15(2), 159–166 (1986)MathSciNetMATHGoogle Scholar
12.
Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Introduction to post-quantum cryptography. Springer, Berlin (to appear)
13.
Patterson, N.J.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory IT-21, 203–207 (1975)MathSciNetCrossRefMATHGoogle Scholar
14.
Pippenger, N.: The minimum number of edges in graphs with prescribed paths. Mathematical Systems Theory 12, 325–346 (1979), http://cr.yp.to/bib/entries.html#1979/pippenger MathSciNetCrossRefMATHGoogle Scholar
15.
Sendrier, N.: On the security of the McEliece public-key cryptosystem. In: Blaum, M., Farrell, P.G., van Tilborg, H.C.A. (eds.) Information, coding and mathematics. Kluwer International Series in Engineering and Computer Science, vol. 687, pp. 141–163. Kluwer, Dordrecht (2002)CrossRefGoogle Scholar
16.
Sidelnikov, V.M., Shestakov, S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discrete Mathematics and Applications 2, 439–444 (1992)MathSciNetGoogle Scholar
17.
Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory and Applications 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar
18.
van Tilburg, J.: On the McEliece public-key cryptosystem. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 119–131. Springer, Heidelberg (1990)CrossRefGoogle Scholar

Copyright information

Authors and Affiliations

Daniel J. Bernstein
- 1
Tanja Lange
- 2
Christiane Peters
- 2

1.Department of Mathematics, Statistics, and Computer Science (M/C 249)University of Illinois at ChicagoChicagoUSA
2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands

Personalised recommendations

Actions

Buy eBook

USD 69.99

Instant download
Readable on all devices
Own it forever
Local sales tax included if applicable

Attacking and Defending the McEliece Cryptosystem

Abstract

Keywords

Preview

Copyright information

Authors and Affiliations

Personalised recommendations

Cookies