Designing a Rank Metric Based McEliece Cryptosystem

  • Pierre Loidreau
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)


In this paper we describe the rank metric based McEliece type cryptosystems which where first introduced by Gabidulin, Paramonov and Tretjakov in the 90’s. Then we explain the principle of Overbeck’s attack is so efficient on these types of systems. Finally we show how to choose the parameters so that the public-key size remain relatively small (typically less than 20 000 bits), with a good security against structural and decoding attacks.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barg, A.: Handbook of Coding Theory, ch. 7, vol. 1, pp. 649–754. North-Holland, Amsterdam (1998)Google Scholar
  2. 2.
    Berger, T.P.: Isometries for rank distance and permutation group of Gabidulin codes. IEEE Transactions on Information Theory 49(11), 3016–3019 (2003)CrossRefGoogle Scholar
  3. 3.
    Berger, T.P., Cayrel, P.L., Gaborit, P., Otmani, A.: Reducing key-length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Berger, T.P., Loidreau, P.: Designing an efficient and secure public-key cryptosystem based on reducible rank codes. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 218–229. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Berger, T.P., Loidreau, P.: How to mask the structure of codes for a cryptographic use. Designs, Codes and Cryptography 35, 63–79 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3) (May 1978)Google Scholar
  7. 7.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: Application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 151–174. Springer, Heidelberg (2001)Google Scholar
  9. 9.
    Gabidulin, E.M.: Theory of codes with maximal rank distance. Problems of Information Transmission 21, 1–12 (1985)zbMATHGoogle Scholar
  10. 10.
    Gabidulin, E.M.: A fast matrix decoding algorithm for rank-error correcting codes. In: Cohen, G., Litsyn, S., Lobstein, A., Zémor, G. (eds.) Algebraic Coding 1991. LNCS, vol. 573, pp. 126–133. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  11. 11.
    Gabidulin, E.M.: Public-key cryptosystems based on linear codes over large alphabets: efficiency and weakness. In: Farrell, P.G. (ed.) Codes and Cyphers, Formara Limited, Southend-on-sea, Essex, pp. 17–31 (1995)Google Scholar
  12. 12.
    Gabidulin, E.M., Ourivski, A.V.: Modified GPT PKC with right scrambler. In: Augot, D., Carlet, C. (eds.) Proceedings of the 2nd International workshop on Coding and Cryptography, WCC 2001, pp. 233–242 (2001), ISBN Number: 2-761-1179-3Google Scholar
  13. 13.
    Gabidulin, E.M., Paramonov, A.V., Tretjakov, O.V.: Ideals over a non-commutative ring and their application in cryptology. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 482–489. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of WCC 2005 (2005)Google Scholar
  15. 15.
    Gibson, J.K.: Severely denting the Gabidulin version of the McEliece public-key cryptosystem. Designs, Codes and Cryptography 6, 37–45 (1995)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Gibson, J.K.: The security of the Gabidulin public-key cryptosystem. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 212–223. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Kobara, K., Imai, H.: On the one-wayness against chosen-plaintext attacks of the Loidreau’s modified McEliece PKC. IEEE Transactions on Information Theory 49(12), 3160–3168 (2003)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Loidreau, P.: Strengthening McEliece public-key cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 585. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Loidreau, P.: A Welch-Berlekamp like algorithm for decoding Gabidulin codes. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 36–45. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Technical report, Jet Propulsion Lab. DSN Progress Report (1978)Google Scholar
  21. 21.
    Misoczki, R., Barreto, P.: Compact McEliece keys from goppa codes. In: Rijmen, V. (ed.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15(2), 159–166 (1986)zbMATHMathSciNetGoogle Scholar
  23. 23.
    Otmani, A., Tillich, J.P., Dallot, L.: Cryptanalysis of two mceliece cryptosystems based on quasi-cyclic codes. Mathematics in Computer Science (to appear)Google Scholar
  24. 24.
    Ourivski, A.V.: Recovering a parent code for subcodes of maximal rank distance codes. In: Augot, D., Charpin, P., Kabatianski, G. (eds.) Proceedings of the 3rd International workshop on Coding and Cryptography, WCC 2003, pp. 357–363 (2003), ISBN Number: 2-7261-1205-6Google Scholar
  25. 25.
    Ourivski, A.V., Gabidulin, E.M.: Column scrambler for the GPT cryptosystem. Discrete Applied Mathematics 128(1), 207–221 (2003); Special issue of the second International Workshop on Coding and Cryptography (WCC 2001)Google Scholar
  26. 26.
    Ourivski, A.V., Gabidulin, E.M., Honary, B., Ammar, B.: Reducible rank codes and their applications to cryptography. IEEE Transactions on Information Theory 49(12), 3289–3293 (2003)CrossRefMathSciNetGoogle Scholar
  27. 27.
    Ourivski, A.V., Johannson, T.: New technique for decoding codes in the rank metric and its cryptography applications. Problems of Information Transmission 38(3), 237–246 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Overbeck, R.: A new structural attack for GPT and variants. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 50–63. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Overbeck, R.: Extending Gibson’s attacks on the GPT cryptosystem. In: Ytrehus, Ø. (ed.) WCC 2005. LNCS, vol. 3969, pp. 178–188. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Overbeck, R.: Structural attacks for public-key cryptosystems based on gabidulin codes. Journal of Cryptology 21(2), 280–301 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Richter, G., Plass, S.: Fast decoding of rank-codes with rank errors and column erasures. In: 2004 IEEE International Symposium on Information Theory, ISIT 2004 (2004)Google Scholar
  32. 32.
    Roth, R.M.: Maximum-Rank array codes and their application to crisscross error correction. IEEE Transactions on Information Theory 37(2), 328–336 (1991)zbMATHCrossRefGoogle Scholar
  33. 33.
    Sendrier, N.: Cryptosystèmes à clé publique basés sur les codes correcteurs d’erreurs (2001)Google Scholar
  34. 34.
    Vardy, A.: The intractability of computing the minimum distance of a code. IEEE Transactions on Information Theory 43(6), 1757–1766 (1997)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Pierre Loidreau
    • 1
  1. 1.DGA and IRMARUniversité de Rennes 1 

Personalised recommendations