Failure of the McEliece public-key cryptosystem under message-resend and related-message attack

  • Thomas A. Berson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)

Abstract

The McEliece public-key cryptosystem fails to protect any message which is sent to a recipient more than once using different random error vectors. In general, it fails to protect any messages sent to a recipient which have a known linear relation to one another. Under these conditions, which are easily detectable, the cryptosystem is subject to a devastating attack which reveals plaintext with a work factor which is 1015 times better than the best general attack.

Keywords

McEliece public-key cryptosystem randomization error-correcting codes error vectors message-resend attack related-message attack protocol failure cryptanalysis 

References

  1. 1.
    C. Adams and H. Meijer, “Security-related comments regarding McEliece's public-key cryptosystem”, Advances in Cryptology—Crypto '87 (LNCS 293), 224–228, 1988.MathSciNetGoogle Scholar
  2. 2.
    C. Adams and H. Meijer, “Security-related comments regarding McEliece's public-key cryptosystem”, IEEE Transactions on Information Theory, 35 (1989), 454–455.CrossRefMathSciNetGoogle Scholar
  3. 3.
    M. Bellare and P. Rogaway, “Optimal asymmetric encryption”, Advances in Cryptology — EUROCRYPT 94 (LNCS 950), 232–249, 1994.MathSciNetGoogle Scholar
  4. 4.
    E.R. Berlekamp, R.J. McEliece, and H.C.A. van Tilborg, “On the inherent intractability of certain coding problems”, IEEE Transactions on Information Theory, 24 (1978), 384–386.CrossRefMATHGoogle Scholar
  5. 5.
    E.M. Gabidulin, A.V. Paramonov, and O.V. Tretjakov, “Ideals over a non-commutative ring and their application in cryptology”. Advances in Cryptology—EUROCRYPT '91 (LNCS 547), 482–489, 1991.MathSciNetGoogle Scholar
  6. 6.
    J.K. Gibson, “Severely denting the Gabidulin version of the McEliece public key cryptosystem”, Designs, Codes and Cryptography, 6 (1995), 37–45.CrossRefMathSciNetMATHGoogle Scholar
  7. 7.
    J.K. Gibson, “The security of the Gabidulin public key cryptosystem”, Advances in Cryptology—EUROCRYPT '96 (LNCS 1070), 212–223, 1996.Google Scholar
  8. 8.
    R. Heiman, “On the security of cryptosystems based on linear error-correcting codes”, M.Sc. Thesis, Feinburg Graduate School, Weitzmann Institute of Science, Rehovot, August, 1987.Google Scholar
  9. 9.
    P.J.M. Hin, “Channel-error-correcting privacy cryptosystems”, M.Sc. Thesis, Delft University of Technology, Delft, 1986.Google Scholar
  10. 10.
    F. Jorissen, “A security evaluation of the public-key cipher system proposed by R.J. McEliece, used as a combined scheme”, Technical report, Katholieke Universiteit Leuven, Dept. Elektrotechniek, January, 1986.Google Scholar
  11. 11.
    V.I. Korzhik and A.I. Turkin, “Cryptanalysis of McEliece's public-key cryptosystem”, Advances in Cryptology—EUROCRYPT 91 (LNCS 547), 68–70, 1991.Google Scholar
  12. 12.
    P.J. Lee and E.F. Brickell, “An observation on the security of McEliece's public-key cryptosystem”, Advances in Cryptology—EUROCRYPT '88 (LNCS 330), 275–280, 1988.MathSciNetGoogle Scholar
  13. 13.
    Y.X. Li, R.H. Deng, and X.M. Wang, “On the equivalence of McEliece's and Neiderreiter's public-key cryptosystem”, IEEE Transactions on Information Theory, 40 (1994), 271–273.CrossRefMathSciNetMATHGoogle Scholar
  14. 14.
    R.J. McEliece, “A public-key cryptosystem based on algebraic coding theory”, DSN Progress Report 42-44, Jet Propulsion Laboratory, Pasadena, 1978.Google Scholar
  15. 15.
    H. Neiderreiter, “Knapsack-type cryptosystems and algebraic coding theory”, Problems of Control and Information Theory, 15 (1986), 159–166.Google Scholar
  16. 16.
    J. Van Tilburg, “On the McEliece public-key cryptosystem”, Advances in Cryptology—Crypto '88 (LNCS 403), 119–131, 1990.Google Scholar
  17. 17.
    J. Van Tilburg, “Security analysis of a class of cryptosystems based on linear error-correcting codes”, Ph.D. Thesis, Technische Universiteit Eindhoven, Eindhoven, November, 1994.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Thomas A. Berson
    • 1
  1. 1.Anagram LaboratoriesPalo AltoUSA

Personalised recommendations