The cryptographic security of the syndrome decoding problem for rank distance codes

  • F. Chabaud
  • J. Stern
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)


We present an algorithm that achieves general syndrome decoding of a (n, k, r) linear rank distance code over GF(q m ) in O(nr + m)3q(m−r)(r−1)) elementary operations. As a consequence, the cryptographical schemes [Che94, Che96] which rely on this problem are not secure with the proposed parameters. We also derive from our algorithm a bound on the minimal rank distance of a linear code which shows that the parameters from [Che94] are inconsistent.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BMT78]
    E.R. Berlekamp, R.J. McEliece, and H.C.A. Van Tilborg. On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory, IT-24(3):384–386, May 1978.CrossRefGoogle Scholar
  2. [Che94]
    K. Chen. Improved Girault identification scheme. IEE Electronic Letters, 30(19):1590–1591, sep 1994.CrossRefGoogle Scholar
  3. [Che96]
    K. Chen. A new identification algorithm. In Cryptography Policy and Algorithms conference, volume 1029, pages 244–249. LNCS, 1996.Google Scholar
  4. [CL96]
    F. Chabaud and R. Lercier. Zen: A new toolbox for finite extensions in finite fields. Rapport de recherche, Laboratoire d'Informatique de l'Ecole Polytechnique, 91128 Palaiseau Cedex, France, 1996. in preparation.Google Scholar
  5. [FS96]
    J.-B. Fischer and J. Stern. An efficient pseudo-random generator provably as secure as syndrome decoding. In Advances in Cryptology — EUROCRYPT '96, volume to appear. LNCS, 1996.Google Scholar
  6. [Gab85]
    E.M. Gabidulin. Theory of codes with maximum rank distance. Problems of Information Transmission, 21:1–12, 1985.Google Scholar
  7. [Gir90]
    M. Girault. A (non practical) three-pass identification protocol using coding theory. In Proc. Auscrypt'90, volume 453, pages 265–272. LNCS, 1990.Google Scholar
  8. [Har89]
    S. Harari. A new authentication algorithm. In Coding Theory and Applications, volume 388, pages 204–211. LNCS, 1989.Google Scholar
  9. [LN83]
    R. Lidl and H. Niederreiter. Finite fields. In Gian-Carlo Rota, editor, Encyclopedia of Mathematics and its applications. Addison-Wesley Publishing Company, 1983.Google Scholar
  10. [MS83]
    F.J. MacWilliams and N.J.A. Sloane. The Theory of Error-correcting Codes. North-Holland, 1983.Google Scholar
  11. [Ste]
    J. Stern. A new paradigm for public key identification. IEEE Trans. Inform. Theory. to be published.Google Scholar
  12. [Ste90]
    J. Stern. An alternative to the Fiat-Shamir protocol. In Advances in Cryptology — EUROCRYPT '89, pages 173–180. LNCS, 1990.Google Scholar
  13. [Ste94]
    J. Stern. A new identification scheme based on syndrome decoding. In Advances in Cryptology — CRYPTO '93, volume 773. LNCS, 1994.Google Scholar
  14. [Vér95a]
    P. Véron. Cryptanalysis of Harari's identification scheme. In Cryptography and Coding, volume 1025, pages 264–269. LNCS, 1995.Google Scholar
  15. [Vér95b]
    P. Véron. Problème SD, Opérateur Trace, Schémas d'identification et Codes de Goppa. PhD thesis, Université de Toulon et du Var, juillet 1995.Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • F. Chabaud
    • 1
  • J. Stern
    • 1
  1. 1.Laboratoire d'Informatique de l'École Normale SupérieureParis cedex 05

Personalised recommendations