Compact McEliece Keys from Goppa Codes
Abstract
The classical McEliece cryptosystem is built upon the class of Goppa codes, which remains secure to this date in contrast to many other families of codes but leads to very large public keys. Previous proposals to obtain short McEliece keys have primarily centered around replacing that class by other families of codes, most of which were shown to contain weaknesses, and at the cost of reducing in half the capability of error correction. In this paper we describe a simple way to reduce significantly the key size in McEliece and related cryptosystems using a subclass of Goppa codes, while also improving the efficiency of cryptographic operations to \(\tilde{O}(n)\) time, and keeping the capability of correcting the full designed number of errors in the binary case.
Keywords
Security Level Goppa Code Cauchy Matrix Cryptographic Purpose Binary Goppa CodeReferences
- 1.Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC code. In: IEEE International Symposium on Information Theory – ISIT 2007, Nice, France, pp. 2591–2595. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
- 2.Baldi, M., Chiaraluce, F., Bodrato, M.: A new analysis of the mcEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 3.Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009), http://www.unilim.fr/pages_perso/philippe.gaborit/reducing.pdf CrossRefGoogle Scholar
- 4.Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3), 384–386 (1978)zbMATHCrossRefGoogle Scholar
- 5.Bernstein, D.J.: List decoding for binary Goppa codes (2008) (preprint), http://cr.yp.to/papers.html#goppalist
- 6.Bernstein, D.J., Buchmann, J., Dahmen, E.: Post-Quantum Cryptography. Springer, Heidelberg (2008)Google Scholar
- 7.Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the mcEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008), http://www.springerlink.com/content/68v69185x478p53g CrossRefGoogle Scholar
- 8.Gaborit, P.: Shorter keys for code based cryptography. In: International Workshop on Coding and Cryptography – WCC 2005, Bergen, Norway, pp. 81–91. ACM Press, New York (2005)Google Scholar
- 9.Gaborit, P., Girault, M.: Lightweight code-based authentication and signature. In: IEEE International Symposium on Information Theory – ISIT 2007, Nice, France, pp. 191–195. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
- 10.Gibson, J.K.: Severely denting the Gabidulin version of the McEliece public key cryptosystem. Designs, Codes and Cryptography 6(1), 37–45 (1995)zbMATHCrossRefMathSciNetGoogle Scholar
- 11.Gibson, J.K.: The security of the Gabidulin public key cryptosystem. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 212–223. Springer, Heidelberg (1996)Google Scholar
- 12.Gulamhusein, M.N.: Simple matrix-theory proof of the discrete dyadic convolution theorem. Electronics Letters 9(10), 238–239 (1973)CrossRefGoogle Scholar
- 13.IEEE P1363 Working Group. IEEE 1363-1: Standard Specifications for Public-Key Cryptographic Techniques Based on Hard Problems over Lattices, Draft (2009), http://grouper.ieee.org/groups/1363/lattPK/index.html
- 14.Loidreau, P., Sendrier, N.: Some weak keys in McEliece public-key cryptosystem. In: IEEE International Symposium on Information Theory – ISIT 1998, Boston, USA, p. 382. IEEE, Los Alamitos (1998)Google Scholar
- 15.MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes. North-Holland Mathematical Library, vol. 16 (1977)Google Scholar
- 16.McEliece, R.: A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42–44 (1978), http://ipnpr.jpl.nasa.gov/progressreport2/42-44/44N.PDF
- 17.Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity 16(4), 365–411 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
- 18.Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: IEEE International Symposium on Information Theory – ISIT 2000, Sorrento, Italy, p. 215. IEEE, Los Alamitos (2000)Google Scholar
- 19.Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15(2), 159–166 (1986)zbMATHMathSciNetGoogle Scholar
- 20.European Network of Excellence in Cryptology (ECRYPT). ECRYPT yearly report on algorithms and keysizes (2007-2008). D.SPA.28 Rev. 1.1, IST-2002-507932 ECRYPT, 07/2008 (2008), http://www.ecrypt.eu.org/ecrypt1/documents/D.SPA.28-1.1.pdf
- 21.National Institute of Standards and Technology (NIST). Recommendation for key management – part 1: General (2007), http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
- 22.Otmani, A., Tillich, J.-P., Dallot, L.: Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes (2008) (preprint), http://arxiv.org/abs/0804.0409v2
- 23.Patterson, N.J.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21(2), 203–207 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
- 24.Sarwate, D.V.: On the complexity of decoding Goppa codes. IEEE Transactions on Information Theory 23(4), 515–516 (1977)zbMATHCrossRefMathSciNetGoogle Scholar
- 25.Schechter, S.: On the inversion of certain matrices. Mathematical Tables and Other Aids to Computation 13(66), 73–77 (1959), http://www.jstor.org/stable/2001955 zbMATHCrossRefMathSciNetGoogle Scholar
- 26.Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Transactions on Information Theory 46(4), 1193–1203 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
- 27.Sidelnikov, V., Shestakov, S.: On cryptosystems based on generalized Reed-Solomon codes. Discrete Mathematics 4(3), 57–63 (1992)MathSciNetGoogle Scholar
- 28.Tzeng, K.K., Zimmermann, K.: On extending Goppa codes to cyclic codes. IEEE Transactions on Information Theory 21, 721–726 (1975)CrossRefMathSciNetGoogle Scholar
- 29.Wieschebrink, C.: Two NP-complete problems in coding theory with an application in code based cryptography. In: IEEE International Symposium on Information Theory – ISIT 2006, Seattle, USA, pp. 1733–1737. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar