McEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks

  • Hang Dinh
  • Cristopher Moore
  • Alexander Russell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

Quantum computers can break the RSA, El Gamal, and elliptic curve public-key cryptosystems, as they can efficiently factor integers and extract discrete logarithms. This motivates the development of post-quantum cryptosystems: classical cryptosystems that can be implemented with today’s computers, that will remain secure even in the presence of quantum attacks.

In this article we show that the McEliece cryptosystem over rational Goppa codes and the Niederreiter cryptosystem over classical Goppa codes resist precisely the attacks to which the RSA and El Gamal cryptosystems are vulnerable—namely, those based on generating and measuring coset states. This eliminates the approach of strong Fourier sampling on which almost all known exponential speedups by quantum algorithms are based. Specifically, we show that the natural case of the Hidden Subgroup Problem to which McEliece-type cryptosystems reduce cannot be solved by strong Fourier sampling, or by any measurement of a coset state. To do this, we extend recent negative results on quantum algorithms for Graph Isomorphism to subgroups of the automorphism groups of linear codes.

This gives the first rigorous results on the security of the McEliece-type cryptosystems in the face of quantum adversaries, strengthening their candidacy for post-quantum cryptography. We also strengthen some results of Kempe, Pyber, and Shalev on the Hidden Subgroup Problem in Sn.

References

  1. 1.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the mcEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a mcEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)Google Scholar
  3. 3.
    Dinh, H., Moore, C., Russell, A.: The McEliece cryptosystem resists quantum Fourier sampling attacks, preprint (2010), http://arxiv.org/abs/1008.2390
  4. 4.
    Engelbert, D., Overbeck, R., Schmidt, A.: A summary of McEliece-type cryptosystems and their security. J. Math. Crypt. 1, 151–199 (2007)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Fulton, W., Harris, J.: Representation Theory - A First Course. Springer-Verlag, New York Inc., Heidelberg (1991)Google Scholar
  6. 6.
    Grigni, M., Schulman, J., Vazirani, M., Vazirani, U.: Quantum mechanical algorithms for the nonabelian hidden subgroup problem. Combinatorica 24(1), 137–154 (2004)MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Hallgren, S., Moore, C., Rötteler, M., Russell, A., Sen, P.: Limitations of quantum coset states for graph isomorphism. In: STOC 2006: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, pp. 604–617 (2006)Google Scholar
  8. 8.
    Kempe, J., Shalev, A.: The hidden subgroup problem and permutation group theory. In: SODA 2005: Proceedings of the Sixteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1118–1125 (2005)Google Scholar
  9. 9.
    Kempe, J., Pyber, L., Shalev, A.: Permutation groups, minimal degrees and quantum computing. Groups, Geometry, and Dynamics 1(4), 553–584 (2007), http://xxx.lanl.gov/abs/quant-ph/0607204 MathSciNetMATHCrossRefGoogle Scholar
  10. 10.
    Li, Y.X., Deng, R.H., Wang, X.M.: On the equivalence of McElieces and Niederreiters public-key cryptosystems. IEEE Transactions on Information Theory 40(1), 271–273 (1994)MathSciNetMATHCrossRefGoogle Scholar
  11. 11.
    Loidreau, P., Sendrier, N.: Weak keys in the McEliece public-key cryptosystem. IEEE Transactions on Information Theory 47(3), 1207–1212 (2001)MathSciNetMATHCrossRefGoogle Scholar
  12. 12.
    Lomont, C.: The hidden subgroup problem - review and open problems (2004), http://arXiv.org:quantph/0411037
  13. 13.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. JPL DSN Progress Report, 114–116 (1978)Google Scholar
  14. 14.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  15. 15.
    Moore, C., Russell, A., Schulman, L.J.: The symmetric group defies strong quantum Fourier sampling. SIAM Journal of Computing 37, 1842–1864 (2008)MathSciNetMATHCrossRefGoogle Scholar
  16. 16.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory. Problemy Upravlenija i Teorii Informacii 15(2), 159–166 (1986)MathSciNetMATHGoogle Scholar
  17. 17.
    Petrank, E., Roth, R.M.: Is code equivalence easy to decide? IEEE Transactions on Information Theory 43(5), 1602–1604 (1997), doi:10.1109/18.623157Google Scholar
  18. 18.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar
  19. 19.
    Roichman, Y.: Upper bound on the characters of the symmetric groups. Invent. Math. 125(3), 451–485 (1996)MathSciNetMATHCrossRefGoogle Scholar
  20. 20.
    Ryan, J.A.: Excluding some weak keys in the McEliece cryptosystem. In: Proceedings of the 8th IEEE Africon, pp. 1–5 (2007)Google Scholar
  21. 21.
    Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Transactions on Information Theory 46(4), 1193–1203 (2000)MathSciNetMATHCrossRefGoogle Scholar
  22. 22.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26, 1484–1509 (1997)MathSciNetMATHCrossRefGoogle Scholar
  23. 23.
    Sidelnikov, V.M., Shestakov, S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discrete Mathematics and Applications 2(4), 439–444 (1992)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)MathSciNetMATHCrossRefGoogle Scholar
  25. 25.
    Stichtenoth, H.: On automorphisms of geometric Goppa codes. Journal of Algebra 130, 113–121 (1990)MathSciNetMATHCrossRefGoogle Scholar
  26. 26.
    van Lint, J.H.: Introduction to coding theory, 2nd edn. Springer, Heidelberg (1992)MATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Hang Dinh
    • 1
  • Cristopher Moore
    • 2
    • 3
  • Alexander Russell
    • 4
  1. 1.Indiana University South BendUSA
  2. 2.University of New MexicoUSA
  3. 3.Santa Fe InstituteUSA
  4. 4.University of ConnecticutUSA

Personalised recommendations