An Efficient Attack on All Concrete KKS Proposals

  • Ayoub Otmani
  • Jean-Pierre Tillich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7071)


Kabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme based on a couple of random error-correcting codes. A variation of this scheme was proposed recently and was proved to be EUF-1CMA secure in the random oracle model. In this paper we investigate the security of these schemes and suggest a simple attack based on (essentially) Stern’s algorithm for finding low weight codewords. It efficiently recovers the private key of all schemes of this type existing in the literature. This is basically due to the fact that we can define a code from the available public data with unusual properties: it has many codewords whose support is concentrated in a rather small subset. In such a case, Stern’s algorithm performs much better and we provide a theoretical analysis substantiating this claim. Our analysis actually shows that the insecurity of the proposed parameters is related to the fact that the rates of the couple of random codes used in the scheme were chosen to be too close. This does not compromise the security of the whole KKS scheme. It just points out that the region of weak parameters is really much larger than previously thought.


Code-based cryptography digital signature random error-correcting codes cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BF02]
    Barg, A., Forney, G.D.: Random codes: Minimum distances and error exponents. IEEE Transactions on Information Theory 48(9), 2568–2573 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [BLP11]
    Bernstein, D.J., Lange, T., Peters, C.: Smaller Decoding Exponents: Ball-Collision Decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. [BMJ11]
    Barreto, P.S.L.M., Misoczki, R., Simplicio Jr., M.A.: One-time signature scheme from syndrome decoding over generic error-correcting codes. Journal of Systems and Software 84(2), 198 (2011)CrossRefGoogle Scholar
  4. [CFS01]
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to Achieve a McEliece-Based Digital Signature Scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [Com74]
    Comtet, L.: Advanced Combinatorics. Reidel, Dordrecht (1974)CrossRefzbMATHGoogle Scholar
  6. [COV07]
    Cayrel, P.-L., Otmani, A., Vergnaud, D.: On Kabatianskii-Krouk-Smeets Signatures. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 237–251. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. [dC97]
    de Caen, D.: A lower bound on the probability of a union. Discrete Mathematics 169, 217–220 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  8. [Dum91]
    Dumer, I.: On minimum distance decoding of linear codes. In: Proc. 5th Joint Soviet-Swedish Int. Workshop Inform. Theory, Moscow, pp. 50–52 (1991)Google Scholar
  9. [Dum96]
    Dumer, I.: Suboptimal decoding of linear codes: partition techniques. IEEE Transactions on Information Theory 42(6), 1971–1986 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  10. [FGO+10]
    Faugère, J.-C., Gauthier, V., Otmani, A., Perret, L., Tillich, J.-P.: A distinguisher for high rate McEliece cryptosystems. Cryptology ePrint Archive, Report 2010/331 (2010),
  11. [FS09]
    Finiasz, M., Sendrier, N.: Security Bounds for the Design of Code-Based Cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. [KKS97]
    Kabatianskii, G., Krouk, E., Smeets, B.: A Digital Signature Scheme Based on Random Error-Correcting Codes. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 161–167. Springer, Heidelberg (1997)Google Scholar
  13. [KKS05]
    Kabatiansky, G., Krouk, E., Semenov, S.: Error Correcting Coding and Security for Data Networks: Analysis of the Superchannel Concept. John Wiley & Sons (2005)Google Scholar
  14. [MS86]
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, 5th edn. North–Holland, Amsterdam (1986)zbMATHGoogle Scholar
  15. [Sen11]
    Sendrier, N.: Decoding one out of many (preprint, 2011)Google Scholar
  16. [Ste88]
    Stern, J.: A Method for Finding Codewords of Small Weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ayoub Otmani
    • 1
    • 2
  • Jean-Pierre Tillich
    • 1
  1. 1.SECRET Project - INRIA RocquencourtLe Chesnay CedexFrance
  2. 2.GREYC - Université de Caen - EnsicaenCaen CedexFrance

Personalised recommendations