Quantum Resistant Public Key Encryption Scheme polarRLCE

  • Jingang LiuEmail author
  • Yongge Wang
  • Zongxinag Yi
  • Dingyi Pei
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1133)


In order to reduce the key size of the original McEliece cryptosystem, several variants exploited the particular structure in the public key. Unfortunately, most of these variants are vulnerable to structural attacks because of the algebraic structure of the underlying codes. In this work, we propose the first efficient secure scheme based on polar codes (i.e., polarRLCE), which is inspired by RLCE scheme, a candidate for the NIST post-quantum cryptography standardization. We show that, with the proper choice of parameters, using polar codes, it is possible to design an encryption scheme to achieve the intended security level while keeping a reasonably small key size. In addition, possible attacks are outlined and the key size of several choices of parameters is compared to those of known schemes with the same security level. It is shown that our proposal has the apparent advantage to decrease the key size, especially on the high-security level.


McEliece cryptosystem Polar codes Code-based cryptography Post-quantum cryptography 



We would like to thank Dr. Vlad Dragoi for insightful discussions. We are also grateful to the anonymous reviewers of A2C 2019 for their valuable feedback.


  1. 1.
    Arikan, E.: Channel polarization: a method for constructing capacity achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory 55(7), 3051–3073 (2009)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Albrecht, M., Cid, C., Paterson, K.G., Tjhai, C.J., Tomlinson, M.: NTS-KEM. Accessed Aug 2019
  3. 3.
    Aragon, N., Barreto, P., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., et al.: BIKE: bit flipping key encapsulation. Accessed Aug 2019
  4. 4.
    Baldi, M., Chiaraluce, G.F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes. In: IEEE International Symposium on Information Theory - ISIT 2007, pp. 2591–2595. Nice, France, March 2007Google Scholar
  5. 5.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008). Scholar
  6. 6.
    Baldi, M., Bianchi, M., Chiaraluce, F., Rosenthal, J., Schipani, D.: Enhanced public key security for the McEliece cryptosystem. J. Cryptology 29(1), 1–27 (2016)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bardet, M., Chaulet, J., Dragoi, V., Otmani, A., Tillich, J.-P.: Cryptanalysis of the McEliece public key cryptosystem based on polar codes. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 118–143. Springer, Cham (2016). Scholar
  8. 8.
    Bernstein, D.J., Persichetti, E.: Towards KEM unification. IACR Cryptology ePrint Archive, Report 2018/526 (2018)Google Scholar
  9. 9.
    Bernstein, D.J., Chou, T., Lange, T., von Maurich, I., Misoczki, R., et al.: Classic McEliece. Accessed Aug 2019
  10. 10.
    Baldi M., Barenghi A., Chiaraluce F., Pelosi G., Santini P.: LEDAcrypt. Accessed Aug 2019
  11. 11.
    Couvreur, A., Gaborit, P., Gauthier-Umaa, V., Otmani, A., Tillich, J.P.: Distinguisher based attacks on public-key cryptosystems using Reed-Solomon codes. Des. Codes Crypt. 73(2), 641–666 (2014)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Couvreur, A., Marquez, C.I., Pellikaan, R.: A polynomial time attack against algebraic geometry code based public key cryptosystems. In: Proceedings of IEEE International Symposium on Information Theory - ISIT, vol. 2014, pp. 1446–1450 (2014)Google Scholar
  13. 13.
    Cascudo, I., Cramer, R., Mirandola, D., Zmor, G.: Squares of random linear codes. IEEE Trans. Inf. Theory 61(3), 1159–1173 (2015)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Couvreur, A., Lequesne, M., Tillich, J.-P.: Recovering short secret keys of RLCE in polynomial time. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 133–152. Springer, Cham (2019). Scholar
  15. 15.
    Dragoi, V.: Algebraic approach for the study of algorithmic problems coming from cryptography and the theory of error correcting codes. Ph.D. thesis, University of Rouen, France, July 2017Google Scholar
  16. 16.
    Drăgoi, V., Beiu, V., Bucerzan, D.: Vulnerabilities of the McEliece variants based on polar codes. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 376–390. Springer, Cham (2019). Scholar
  17. 17.
    Eaton, E., Lequesne, M., Parent, A., Sendrier, N.: QC-MDPC: a timing attack and a CCA2 KEM. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 47–76. Springer, Cham (2018). Scholar
  18. 18.
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). Scholar
  19. 19.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM press, May 1996Google Scholar
  20. 20.
    Gaborit, P., Murat, G., Ruatta, O., Zemor, G.: Low rank parity check codes and their application in cryptography. In: The Proceedings of Workshop on Coding and Cryptography, WCC 2013, Borgen, Norway, pp. 167–179 (2013)Google Scholar
  21. 21.
    Gueye, C.T., Mboup, E.H.M.: Secure cryptographic scheme based on modified Reed Muller codes. Int. J. Secur. Appl. 7(3), 55–64 (2013)Google Scholar
  22. 22.
    Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). Scholar
  23. 23.
    Hooshmand, R., Shooshtari, M.K., Eghlidos, T., Aref, M.R.: Reducing the key length of McEliece cryptosystem using polar codes. In: 2014 11th International ISC Conference on Information Security and Cryptology (ISCISC), pp. 104–108. IEEE (2014)Google Scholar
  24. 24.
    Janwa, H., Moreno, O.: McEliece public key cryptosystems using algebraic-geometric codes. Des. Codes Crypt. 8(3), 293–307 (1996)MathSciNetCrossRefGoogle Scholar
  25. 25.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Jet Propulsion Laboratory DSN Progress Report, 42–44, pp. 114–116 (1978)Google Scholar
  26. 26.
    Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: Proceedings of IEEE International Symposium on Information Theory - ISIT 2000, Sorrento, Italy, p. 215, June 2000Google Scholar
  27. 27.
    Minder, L., Shokrollahi, A.: Cryptanalysis of the Sidelnikov cryptosystem. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 347–360. Springer, Heidelberg (2007). Scholar
  28. 28.
    Mahdavifar, H., El-Khamy, M., Lee, J., Kang, I.: Performance limits and practical decoding of interleaved Reed-Solomon polar concatenated codes. IEEE Trans. Commun. 62(5), 1406–1417 (2014)CrossRefGoogle Scholar
  29. 29.
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). Scholar
  30. 30.
    Niederreiten, H.: Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inform. Theory 15(2), 159–166 (1986)MathSciNetGoogle Scholar
  31. 31.
    NIST: Post quantum crypto project (2017). Accessed 19 May 2017
  32. 32.
    Nilsson, A., Johansson, T., Wagner, P.S.: Error amplification in code-based cryptography. IACR Trans. Cryptographic Hardware Embed. Syst. 2019(1), 238–258 (2019)Google Scholar
  33. 33.
    Otmani, A., Kalachi, H.T.: Square code attack on a modified Sidelnikov cryptosystem. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E.M. (eds.) C2SI 2015. LNCS, vol. 9084, pp. 173–183. Springer, Cham (2015). Scholar
  34. 34.
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  35. 35.
    Peters, C.: Information-set decoding for linear codes over \(\mathbb{F}_{q}\). In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 81–94. Springer, Heidelberg (2010). Scholar
  36. 36.
    Persichetti, E.: On the CCA2 security of McEliece in the standard model. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 165–181. Springer, Cham (2018). Scholar
  37. 37.
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). Scholar
  38. 38.
    Sidelnikov, V.M., Shestakov, S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discrete Math. Appl. 2(4), 439–444 (1992)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Shor, P.W.: Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 289–289. Springer, Heidelberg (1994). Scholar
  40. 40.
    Sidelnikov, V.M.: A public-key cryptosystem based on binary Reed-Muller codes. Discrete Math. Appl. 4(3), 191–208 (1994)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Trans. Inf. Theory 46(4), 1193–1203 (2000)MathSciNetCrossRefGoogle Scholar
  42. 42.
    Shrestha, S.R., Kim, Y.S.: New McEliece cryptosystem based on polar codes as a candidate for post-quantum cryptography. In: 14th International Symposium on Communications and Information Technologies (ISCIT), pp. 368–372. IEEE (2014)Google Scholar
  43. 43.
    Canto Torres, R., Sendrier, N.: Analysis of information set decoding for a sub-linear error weight. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 144–161. Springer, Cham (2016). Scholar
  44. 44.
    Wieschebrink, C.: Two NP-complete problems in coding theory with an application in code based cryptography. In: IEEE International Symposium on Information Theory - ISIT 2006, Seattle, USA, pp. 1733–1737. IEEE, Los Alamitos (2006)Google Scholar
  45. 45.
    Wang, Y.: Quantum resistant random linear code based public key encryption scheme RLCE. In: IEEE International Symposium on Information Theory - ISIT 2006, pp. 2519–2523. IEEE, Barcelona (2016)Google Scholar
  46. 46.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jingang Liu
    • 1
    Email author
  • Yongge Wang
    • 2
  • Zongxinag Yi
    • 1
  • Dingyi Pei
    • 1
  1. 1.Guangzhou UniversityGuangzhouChina
  2. 2.UNC CharlotteCharlotteUSA

Personalised recommendations