Advertisement

Wild McEliece

  • Daniel J. Bernstein
  • Tanja Lange
  • Christiane Peters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6544)

Abstract

The original McEliece cryptosystem uses length-n codes over F 2 with dimension ≥ n − mt efficiently correcting t errors where 2 m  ≥ n. This paper presents a generalized cryptosystem that uses length-n codes over small finite fields F q with dimension ≥ n − m(q − 1)t efficiently correcting \(\lfloor{qt/2}\rfloor\) errors where q m  ≥ n. Previously proposed cryptosystems with the same length and dimension corrected only \(\lfloor{(q-1)t/2}\rfloor\) errors for q ≥ 3. This paper also presents list-decoding algorithms that efficiently correct even more errors for the same codes over F q . Finally, this paper shows that the increase from \(\lfloor{(q-1)t/2}\rfloor\) errors to more than \(\lfloor{qt/2}\rfloor\) errors allows considerably smaller keys to achieve the same security level against all known attacks.

Keywords

McEliece cryptosystem Niederreiter cryptosystem Goppa codes wild Goppa codes list decoding 

References

  1. 1.
    -— (No Editor), Eleventh International Workshop on Algebraic and Combinatorial Coding Theory, Pamporovo, Bulgaria, June 16–22 (2008), http://www.moi.math.bas.bg/acct2008/acct2008.html, See [15]
  2. 2.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing Key Length of the McEliece Cryptosystem. In: AFRICACRYPT 2009 [35], pp. 77–97 (2009), Citations in This Document: §6Google Scholar
  3. 3.
    Bernstein, D.J.: Grover vs. McEliece. In: PQCrypto 2010 [36], pp. 73–80 (2010), http://cr.yp.to/papers.html#grovercode, Citations in This Document: §1
  4. 4.
    Bernstein, D.J.: List Decoding for Binary Goppa Codes (2008), http://cr.yp.to/papers.html#goppalist, Citations in This Document: §5
  5. 5.
    Bernstein, D.J.: Fast Multiplication and Its Applications. In: Algorithmic Number Theory [10], pp. 325–384 (2008), http://cr.yp.to/papers.html#multapps, Citations in This Document: §5
  6. 6.
    Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2009) ISBN 978-3-540-88701-0, See [32] zbMATHGoogle Scholar
  7. 7.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: PQCrypto 2008 [9], pp. 31–46 (2008), http://eprint.iacr.org/2008/318, Citations in This Document: §1, §6, §7
  8. 8.
    Boyd, C. (ed.): Advances in Cryptology — ASIACRYPT 2001, Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security Held on the Gold Coast, December 9-13, 2001. LNCS, vol. 2248. Springer, Heidelberg (2001) ISBN 3-540-42987-5, See [13] zbMATHGoogle Scholar
  9. 9.
    Buchmann, J., Ding, J. (eds.): Proceedings of Post-Quantum Cryptography, Second International Workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17-19, 2008. LNCS, vol. 5299. Springer, Heidelberg (2008), See [7] zbMATHGoogle Scholar
  10. 10.
    Buhler, J., Stevenhagen, P. (eds.): Algorithmic Number Theory: Lattices, Number Fields, Curves and Cryptography. Cambridge University Press, Cambridge (2008) ISBN 978-0521808545, See [5] zbMATHGoogle Scholar
  11. 11.
    Canteaut, A., Chabaud, F.: A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length 511. IEEE Transactions on Information Theory 44, 367–378 (1998), http://hal.inria.fr/inria-00074006/en/, MR 98m:94043, Citations in This Document: §6 MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Cohen, G.D., Wolfmann, J. (eds.): Coding Theory and Applications. LNCS, vol. 388. Springer, Heidelberg (1989), See [40] Google Scholar
  13. 13.
    Courtois, N., Finiasz, M., Sendrier, N.: How to Achieve a McEliece-Based Digital Signature Scheme. In: ASIACRYPT 2001 [8], pp. 157–174 (2001), http://hal.inria.fr/docs/00/07/25/11/PDF/RR-4118.pdf, MR 2003h:94028, Citations in This Document: §6
  14. 14.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic Cryptanalysis of McEliece Variants with Compact Keys. In: EUROCRYPT 2010 [18], pp. 279–298 (2010), Citations in This Document: §6, §6Google Scholar
  15. 15.
    Faure, C., Minder, L.: Cryptanalysis of the McEliece Cryptosystem over Hyperelliptic Codes. In: ACCT 2008 [1], pp. 99–107 (2008), http://www.moi.math.bas.bg/acct2008/b17.pdf, Citations in This Document: §4
  16. 16.
    Finiasz, M., Sendrier, N.: Security Bounds for the Design of Code-Based Cryptosystems. In: ASIACRYPT 2009 [27], pp. 88–105 (2009), http://eprint.iacr.org/2009/414, Citations in This Document: §6, §6
  17. 17.
    Gauthier Umana, V., Leander, G.: Practical Key Recovery Attacks on Two McEliece Variants (2009), http://eprint.iacr.org/2009/509, Citations in This Document: §6
  18. 18.
    Gilbert, H. (ed.): Proceedings of Advances in Cryptology — EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30-June 3, 2010. LNCS, vol. 6110. Springer, Heidelberg (2010), See [14] zbMATHGoogle Scholar
  19. 19.
    Guruswami, V., Sudan, M.: Improved Decoding of Reed-Solomon and Algebraic-Geometry Codes. IEEE Transactions on Information Theory 45, 1757–1767 (1999), http://theory.lcs.mit.edu/~madhu/bib.html, ISSN 0018–9448, MR 2000j:94033, Citations in This Document: §5 MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Isaacs, I.M., Lichtman, A.I., Passman, D.S., Sehgal, S.K., Sloane, N.J.A., Zassenhaus, H.J. (eds.): Representation Theory, Group Rings, and Coding Theory: Papers in Honor of S. D. Berman. Contemporary Mathematics, vol. 93. American Mathematical Society, Providence (1989), See [23] zbMATHGoogle Scholar
  21. 21.
    Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.): Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009. LNCS, vol. 5867. Springer, Heidelberg (2009), See [30] zbMATHGoogle Scholar
  22. 22.
    Janwa, H., Moreno, O.: McEliece Public Key Cryptosystems Using Algebraic-Geometric Codes. Designs, Codes and Cryptography 3, 293–307 (1996), Citations in This Document: §1, §4 MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Katsman, G.L., Tsfasman, M.A.: A Remark on Algebraic Geometric Codes. In: Representation Theory, Group Rings, and Coding Theory [20], pp. 197–199, Citations in This Document: §4Google Scholar
  24. 24.
    Kim, K. (ed.): Public Key Cryptography: Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptosystems (PKC 2001) Held on Cheju Island, February 13-15, 2001. LNCS, vol. 1992. Springer, Heidelberg (2001), See [25] zbMATHGoogle Scholar
  25. 25.
    Kobara, K., Imai, H.: Semantically Secure McEliece Public-Key Cryptosystems — Conversions for McEliece PKC. In: PKC 2001 [24], pp. 19–35 (2001), MR 2003c:94027, Citations in This Document: §5, §6, §7 Google Scholar
  26. 26.
    Li, Y.X., Deng, R.H., Wang, X.M.: On the Equivalence of McEliece’s and Niederreiter’s Public-Key Cryptosystems. IEEE Transactions on Information Theory 40, 271–273 (1994), Citations in This Document: §2MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Matsui, M. (ed.): Proceedings of Advances in Cryptology — ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. LNCS, vol. 5912. Springer, Heidelberg (2009), See [16] zbMATHGoogle Scholar
  28. 28.
    McEliece, R.J.: A Public-Key Cryptosystem Based on Algebraic Coding Theory, JPL DSN Progress Report, pp. 114–116 (1978), http://ipnpr.jpl.nasa.gov/progress_report2/42-44/44N.PDF, Citations in This Document: §1, §2
  29. 29.
    Minder, L.: Cryptography Based on Error-Correcting Codes, Ph.D. Thesis, EPFL, PhD thesis 3846 (2007), Citations in This Document: §4Google Scholar
  30. 30.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece Keys from Goppa Codes. In: SAC 2009 [21], pp. 376–392 (2009), Citations in This Document: §1, §6 Google Scholar
  31. 31.
    Niederreiter, H.: Knapsack-Type Cryptosystems and Algebraic Coding Theory. Problems of Control and Information Theory 15, 159–166 (1986), Citations in This Document: §1, §2 MathSciNetzbMATHGoogle Scholar
  32. 32.
    Overbeck, R., Sendrier, N.: Code-Based Cryptography. In: Post-Quantum Cryptography [6], pp. 95–145 (2009), Citations in This Document: §1, §7 Google Scholar
  33. 33.
    Patterson, N.J.: The Algebraic Decoding of Goppa Codes. IEEE Transactions on Information Theory 21, 203–207 (1975), Citations in This Document: §1, §5MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Peters, C.: Information-Set Decoding for Linear Codes over F q. In: PQCrypto 2010 [36], pp. 81–94 (2010), http://eprint.iacr.org/2009/589, Citations in This Document: §1, §4, §6, §6, §7
  35. 35.
    Preneel, B. (ed.): Progress in Cryptology -— AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. LNCS, vol. 5580. Springer, Heidelberg (2009), See [2] zbMATHGoogle Scholar
  36. 36.
    Sendrier, N. (ed.): Post-Quantum Cryptography, Third International Workshop, PQCrypto, Darmstadt, Germany, May 25-28, 2010. LNCS, vol. 6061. Springer, Heidelberg (2010), See [3], [34] zbMATHGoogle Scholar
  37. 37.
    Sendrier, N.: Finding the Permutation between Equivalent Linear Codes: The Support Splitting Algorithm. IEEE Transactions on Information Theory 46, 1193–1203 (2000), http://hal.inria.fr/docs/00/07/30/37/PDF/RR-3637.pdf, MR 2001e:94017, Citations in This Document: §6 MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Sidelnikov, V.M., Shestakov, S.O.: On an Encoding System Constructed on the Basis of Generalized Reed-Solomon Codes. Discrete Mathematics and Applications 2, 439–444 (1992), MR 94f:94009, Citations in This Document: §1, §2 MathSciNetGoogle Scholar
  39. 39.
    Stein, W. (ed.): Sage Mathematics Software (Version 4.4.3). The Sage Group (2010), http://www.sagemath.org, Citations in This Document: §5
  40. 40.
    Stern, J.: A Method for Finding Codewords of Small Weight. In: [12], pp. 106–113 (1989), Citations in This Document: §6Google Scholar
  41. 41.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: Further Results on Goppa Codes and Their Applications to Constructing Effcient Binary Codes. IEEE Transactions on Information Theory 22, 518–526 (1976), Citations in This Document: §1, §4, §4, §4 MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Wagner, D.: A Generalized Birthday Problem (Extended Abstract). In: [45], pp. 288–303 (2002); See Also Newer Version [43], http://www.cs.berkeley.edu/~daw/papers/genbday.html
  43. 43.
    Wagner, D.: A Generalized Birthday Problem (Extended Abstract) (Long Version) (2002); See Also Older Version [42], http://www.cs.berkeley.edu/~daw/papers/genbday.html, Citations in This Document: §6
  44. 44.
    Wirtz, M.: On the Parameters of Goppa Codes. IEEE Transactions on Information Theory 34, 1341–1343 (1988), Citations in This Document: §4 MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Yung, M. (ed.): Proceedings of Advances in Cryptology — CRYPTO 2002: 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 2002. LNCS, vol. 2442. Springer, Heidelberg (2002) ISBN 3-540-44050-X, See [42] zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  • Tanja Lange
    • 2
  • Christiane Peters
    • 2
  1. 1.Department of Computer ScienceUniversity of IllinoisChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands

Personalised recommendations