An Observation on the Security of McEliece’s Public-Key Cryptosystem

  • P. J. Lee
  • E. F. Brickell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 330)


The best known cryptanalytic attack on McEliece’s public-key cryptosystem based on algebraic coding theory is to repeatedly select k bits at random from an n-bit ciphertext vector, which is corrupted by at most t errors, in hope that none of the selected k bits are in error until the cryptanalyst recovers the correct message. The method of determining whether the recovered message is the correct one has not been throughly investigated. In this paper, we suggest a systematic method of checking, and describe a generalized version of the cryptanalytic attack which reduces the work factor significantly (factor of 211 for the commonly used example of n=1024 Goppa code case). Some more improvements are also given. We also note that these cryptanalytic algorithms can be viewed as generalized probabilistic decoding algorithms for any linear error correcting codes.


Work Factor Error Correction Capability Goppa Code Correct Message Cryptanalytic Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    R. J. McEliece, “A public-key cryptosystem based on algebraic coding theory,” CA, May 1978.Google Scholar
  2. [2]
    E. R. Berlekamp, “Goppa codes,” IEEE Trans. Info. Theory, Vol. IT-19, pp. 590–592, Sept. 1913.MathSciNetGoogle Scholar
  3. [3]
    T.R.N. Rao and K.-H. Nam, “Private-key algebraic-coded cryptosystems,” Proc. Crypto’ 86, pp. 35–48, Aug. 1986Google Scholar
  4. [4]
    C. M. Adams and H. Meijer, “Security-related comments regarding McEliece’s public-key cryptosystem,” to appear in Roc. Crypto’ 87, Aug. 1987Google Scholar
  5. [5]
    D. E. Knuth, The Art of Computer Programming, Vol. 2. Seminumerical Algorithms, Addison-Wesley, 1981Google Scholar
  6. [6]
    E. R. Berlekamp, et al., “On the inherent intactability of certain coding problems,” IEEE Trans. Info. Theory, Vol. IT-22, pp. 644–654, May 1978.MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1988

Authors and Affiliations

  • P. J. Lee
    • 1
  • E. F. Brickell
    • 1
  1. 1.Bell Communications ResearchMorristownUSA

Personalised recommendations