Assessing and Countering Reaction Attacks Against Post-Quantum Public-Key Cryptosystems Based on QC-LDPC Codes

  • Paolo Santini
  • Marco BaldiEmail author
  • Franco Chiaraluce
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)


Code-based public-key cryptosystems based on QC-LDPC and QC-MDPC codes are promising post-quantum candidates to replace quantum-vulnerable classical alternatives. However, a new type of attacks based on Bob’s reactions have recently been introduced and appear to significantly reduce the length of the life of any keypair used in these systems. In this paper we estimate the complexity of all known reaction attacks against QC-LDPC and QC-MDPC code-based variants of the McEliece cryptosystem. We also show how the structure of the secret key and, in particular, the secret code rate affect the complexity of these attacks. It follows from our results that QC-LDPC code-based systems can indeed withstand reaction attacks, on condition that some specific decoding algorithms are used and the secret code has a sufficiently high rate.


Code-based cryptography McEliece cryptosystem Niederreiter cryptosystem Post-quantum cryptography Quasi-cyclic low-density parity-check codes 



The authors wish to thank Tomáš Fabšič for fruitful discussion about the FHZ attack.


  1. 1.
    Aragon, N., et al.: BIKE: Bit Flipping Key Encapsulation. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017.
  2. 2.
    Baldi, M., Bodrato, M., Chiaraluce, F.: A new analysis of the McEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008). Scholar
  3. 3.
    Baldi, M., Santini, P., Cancellieri, G.: Post-quantum cryptography based on codes: state of the art and open challenges. In: 2017 AEIT International Annual Conference, pp. 1–6, September 2017Google Scholar
  4. 4.
    Baldi, M., Barenghi, A., Chiaraluce, F., Pelosi, G., Santini, P.: LEDApkc: Low dEnsity coDe-bAsed public key cryptosystem. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017.
  5. 5.
    Baldi, M., Barenghi, A., Chiaraluce, F., Pelosi, G., Santini, P.: LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 3–24. Springer, Cham (2018). Scholar
  6. 6.
    Baldi, M., Bianchi, M., Chiaraluce, F.: Security and complexity of the McEliece cryptosystem based on QC-LDPC codes. IET Inf. Secur. 7(3), 212–220 (2012)CrossRefGoogle Scholar
  7. 7.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: how \(1+1=0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). Scholar
  8. 8.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Bernstein, D.J.: Grover vs. McEliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 73–80. Springer, Heidelberg (2010). Scholar
  10. 10.
    Eaton, E., Lequesne, M., Parent, A., Sendrier, N.: QC-MDPC: a timing attack and a CCA2 KEM. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 47–76. Springer, Cham (2018). Scholar
  11. 11.
    Fabšič, T., Hromada, V., Stankovski, P., Zajac, P., Guo, Q., Johansson, T.: A reaction attack on the QC-LDPC McEliece cryptosystem. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 51–68. Springer, Cham (2017). Scholar
  12. 12.
    Fabsic, T., Hromada, V., Zajac, P.: A reaction attack on LEDApkc. Cryptology ePrint Archive, Report 2018/140 (2018).
  13. 13.
    Gallager, R.G.: Low-Density Parity-Check Codes. MIT Press, Cambridge (1963)zbMATHGoogle Scholar
  14. 14.
    Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). Scholar
  15. 15.
    Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems -conversions for McEliece PKC. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001). Scholar
  16. 16.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). Scholar
  17. 17.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Progress Report, pp. 114–116 (1978)Google Scholar
  18. 18.
    Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: 2013 IEEE International Symposium on Information Theory, pp. 2069–2073, July 2013Google Scholar
  19. 19.
    National Institute of Standards and Technology: Post-quantum crypto project, December 2016.
  20. 20.
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Shooshtari, M.K., Ahmadian-Attari, M., Johansson, T., Aref, M.R.: Cryptanalysis of McEliece cryptosystem variants based on quasi-cyclic low-density parity check codes. IET Inf. Secur. 10(4), 194–202 (2016)CrossRefGoogle Scholar
  22. 22.
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Università Politecnica delle MarcheAnconaItaly

Personalised recommendations