An Observation on the Security of McEliece’s Public-Key Cryptosystem
The best known cryptanalytic attack on McEliece’s public-key cryptosystem based on algebraic coding theory is to repeatedly select k bits at random from an n-bit ciphertext vector, which is corrupted by at most t errors, in hope that none of the selected k bits are in error until the cryptanalyst recovers the correct message. The method of determining whether the recovered message is the correct one has not been throughly investigated. In this paper, we suggest a systematic method of checking, and describe a generalized version of the cryptanalytic attack which reduces the work factor significantly (factor of 211 for the commonly used example of n=1024 Goppa code case). Some more improvements are also given. We also note that these cryptanalytic algorithms can be viewed as generalized probabilistic decoding algorithms for any linear error correcting codes.
KeywordsWork Factor Error Correction Capability Goppa Code Correct Message Cryptanalytic Attack
- R. J. McEliece, “A public-key cryptosystem based on algebraic coding theory,” CA, May 1978.Google Scholar
- T.R.N. Rao and K.-H. Nam, “Private-key algebraic-coded cryptosystems,” Proc. Crypto’ 86, pp. 35–48, Aug. 1986Google Scholar
- C. M. Adams and H. Meijer, “Security-related comments regarding McEliece’s public-key cryptosystem,” to appear in Roc. Crypto’ 87, Aug. 1987Google Scholar
- D. E. Knuth, The Art of Computer Programming, Vol. 2. Seminumerical Algorithms, Addison-Wesley, 1981Google Scholar