Advertisement

The McEliece and Niederreiter Cryptosystems

  • Marco BaldiEmail author
Chapter
Part of the SpringerBriefs in Electrical and Computer Engineering book series (BRIEFSELECTRIC)

Abstract

This chapter is devoted to the McEliece and Niederreiter cryptosystems, which are the first and best known examples of code-based public-key cryptosystems. The classical instances of the McEliece and Niederreiter cryptosystems are described, together with the class of Goppa codes, which are the codes originally used in these systems and which have best resisted cryptanalysis during years. The main attacks against these systems are reviewed, and their complexity is estimated in order to assess the security level. Some subsequent variants of the McEliece and Niederreiter cryptosystems are briefly reviewed.

Keywords

McEliece cryptosystem Niederreiter cryptosystem Goppa codes Information set decoding Cryptanalysis Code-based digital signatures 

References

  1. 1.
    Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theor 22(6): 644–654Google Scholar
  2. 2.
    McEliece RJ (1978), A public-key cryptosystem based on algebraic coding theory. DSN progress report, pp 114–116Google Scholar
  3. 3.
    Berlekamp E, McEliece R, van Tilborg H (1978) On the inherent intractability of certain coding problems. IEEE Trans Inf Theor 24(3):384–386CrossRefzbMATHGoogle Scholar
  4. 4.
    Kobara K, Imai H (2003) On the one-wayness against chosen-plaintext attacks of the Loidreau’s modified McEliece PKC. IEEE Trans Inf Theor 49(12):3160–3168CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Shor PW (1997) Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput 26(5):1484–1509CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    Canteaut A, Chabaud F (1998) A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans Inf Theor 44(1):367–378CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Goppa VD (1970) A new class of linear error-correcting codes. Probl Peredach Inf 6(3):24–30zbMATHMathSciNetGoogle Scholar
  8. 8.
    Goppa VD (1971) Rational representation of codes and (l, g) codes. Probl Peredach Inf 7(3): 41–49Google Scholar
  9. 9.
    Sidelnikov V, Shestakov S (1992) On cryptosystems based on generalized Reed-Solomon codes. Diskretnaya Math 4:57–63MathSciNetGoogle Scholar
  10. 10.
    Sendrier N (1994) On the structure of a randomly permuted concatenated code. In: Proceedings of EUROCODE 94, Cote d’Or, France, pp 169–173Google Scholar
  11. 11.
    Niederreiter H (1986) Knapsack-type cryptosystems and algebraic coding theory. Probl Control Inf Theor 15:159–166zbMATHMathSciNetGoogle Scholar
  12. 12.
    MacWilliams FJ, Sloane NJA (1977) The theory of error-correcting codes. North-Holland Publishing Co I and II, North-HollandGoogle Scholar
  13. 13.
    Li YX, Deng R, Wang XM (1994) On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans Inf Theor 40(1):271–273CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Korzhik VI, Turkin AI (1991) Cryptoanalysis of McEliece’s public-key cryptosystem. In: Advances in cryptology—EUROCRYPT 91. Springer, Berlin, pp 68–70Google Scholar
  15. 15.
    Leon J (1988) A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans Inf Theor 34(5):1354–1359CrossRefMathSciNetGoogle Scholar
  16. 16.
    Stern J (1989) A method for finding codewords of small weight. In: Cohen G, Wolfmann J (eds) Coding theory and applications. 388 in Lecture notes in computer science, Springer, Berlin, pp 106–113Google Scholar
  17. 17.
    Chabaud F (1995) On the security of some cryptosystems based on error-correcting codes. In: Lecture notes in computer science, vol 950, Springer, Berlin, pp 131–139Google Scholar
  18. 18.
    Canteaut A, Sendrier N (1998) Cryptoanalysis of the original McEliece cryptosystem. In: ASIACRYPT, Beijing, China, pp 187–199Google Scholar
  19. 19.
    Johansson T, Jonsson F (2002) On the complexity of some cryptographic problems based on the general decoding problem. IEEE Trans Inf Theor 48(10):2669–2678CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    Bernstein DJ, Lange T, Peters C (2008) Attacking and defending the McEliece cryptosystem. In: Post-quantum cryptography. Lecture notes in computer science, vol 5299, Springer, Berlin, pp 31–46Google Scholar
  21. 21.
    Bernstein DJ, Lange T, Peters C (2011) Smaller decoding exponents: ball-collision decoding. In: CRYPTO 2011. Lecture notes in computer science, vol 6841, Springer, Berlin, pp 743–760Google Scholar
  22. 22.
    Becker A, Joux A, May A, Meurer A (2012) Decoding random binary linear codes in \(2^{n/20}\): how 1 + 1 = 0 improves information set decoding. In: EUROCRYPT 2012. Lecture notes in computer science, vol 7237, Springer, Berlin, pp 520–536Google Scholar
  23. 23.
    Misoczki R, Tillich JP, Sendrier N, Barreto PSLM (2012) MDPC-McEliece: new McEliece variants from moderate density parity-check codes. IACR Cryptology ePrint archive, http://eprint.iacr.org/2012/409
  24. 24.
    Hamdaoui Y, Sendrier N (2013) A non asymptotic analysis of information set decoding. IACR cryptology ePrint archive, http://eprint.iacr.org/2013/162
  25. 25.
    Adams CM, Meijer H (1987) Security-related comments regarding McEliece’s public-key cryptosystem. In: Pomerance C (ed) Advances in cryptology—eurocrypt 87 proceedings. Lecture notes in computer science vol 293, pp 224–228Google Scholar
  26. 26.
    Adams CM, Meijer H (1989) Security-related comments regarding McEliece’s public-key cryptosystem. IEEE Trans Inf Theor 35(2):454–455CrossRefMathSciNetGoogle Scholar
  27. 27.
    Prange E (1962) The use of information sets in decoding cyclic codes. IRE Trans Inf Theor 8(5):5–9CrossRefMathSciNetGoogle Scholar
  28. 28.
    Rao TRN, Nam KH (1986) Private-key algebraic cryptosystems. In: Advances in cryptology CRYPTO ’86. Santa Barbara, USA, pp 35–48Google Scholar
  29. 29.
    Lee P, Brickell E (1988) An observation on the security of McEliece’s public-key cryptosystem. In: Advances in cryptology—EUROCRYPT 88, Springer, Berlin, pp 275–280Google Scholar
  30. 30.
    van Tilburg J (1988) On the McEliece public-key cryptosystem. In: CRYPTO, Santa Barbara, USA, pp 119–131Google Scholar
  31. 31.
    Kruk EA (1989) Bounds for decoding complexity of any linear block code. Probl Inf Transm 25(3):103–107zbMATHMathSciNetGoogle Scholar
  32. 32.
    Peters C (2010) Information-set decoding for linear codes over \(F_q\). In: Post-quantum cryptography. Lecture notes in computer science, vol 6061, Springer, Berlin, pp 81–94Google Scholar
  33. 33.
    May A, Meurer A, Thomae E (2011) Decoding random linear codes in \(O(2^{0.054n})\). In: ASIACRYPT 2011. Lecture notes in computer science, vol 7073, Springer, Berlin, pp 107–124Google Scholar
  34. 34.
  35. 35.
    Brickell EF (1985) Breaking iterated knapsacks. In: Proceedings of on advances in cryptology (CRYPTO 84), Santa Barbara, USA. Lecture notes in computer science, Springer, Berlin, pp 342–358Google Scholar
  36. 36.
    Gibson JK (1991) Equivalent Goppa codes and trapdoors to McEliece’s public key cryptosystem. In: Proceedings of EUROCRYPT ’91, LNCS 547, Springer, Berlin, pp 517–521Google Scholar
  37. 37.
    Faugere JC, Gauthier-Umana V, Otmani A, Perret L, Tillich JP (2013) A distinguisher for high-rate McEliece cryptosystems. IEEE Trans Inf Theor 59(10):6830–6844CrossRefMathSciNetGoogle Scholar
  38. 38.
    Courtois N, Finiasz M, Sendrier N (2001) How to achieve a McEliece-based digital signature scheme. In: Boyd C (ed) Advances in cryptology—ASIACRYPT 2001. Lecture notes in computer science, vol 2248, Springer, Berlin, pp 157–174Google Scholar
  39. 39.
    Berson TA (1997) Failure of the McEliece public-key cryptosystem under message-resend and related-message attack. In: Advances in cryptology—crypto ’97. Lecture notes in computer science vol 1294, pp 213–220Google Scholar
  40. 40.
    Sun HM (1998) Improving the security of the McEliece public-key cryptosystem. In: ASIACRYPT, Springer, Beijing, China, pp 200–213Google Scholar
  41. 41.
    Sun HM (2000) Further cryptanalysis of the McEliece public-key cryptosystem. IEEE Commun Lett 4(1):18–19CrossRefGoogle Scholar
  42. 42.
    Kobara K, Imai H (2001), Semantically secure McEliece public-key cryptosystems—conversions for McEliece PKC. In: Lecture notes in computer science vol 1992, Springer, Berlin, pp 19–35Google Scholar
  43. 43.
    Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: Proceedings of the 19th annual international cryptology conference on advances in cryptology (CRYPTO ’99). Santa Barbara, USA. Lecture notes in computer science, vol 6110, Springer, Berlin, pp 537–554Google Scholar
  44. 44.
    Persichetti E (2012) On a CCA2-secure variant of McEliece in the standard model. IACR cryptology ePrint archive, http://eprint.iacr.org/2012/268
  45. 45.
    Preetha Mathew K, Vasant S, Venkatesan S, Pandu Rangan C (2012) An efficient IND-CCA2 secure variant of the Niederreiter encryption scheme in the standard model. In: Information security and privacy. Lecture notes in computer science, vol 7372, Springer, Berlin, pp 166–179Google Scholar
  46. 46.
    Rastaghi R (2013) An efficient CCA2-secure variant of the McEliece cryptosystem in the standard model. IACR cryptology ePrint archive, http://eprint.iacr.org/2013/040
  47. 47.
    Bernstein D, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography. In: Proceedings of cryptographic hardware and embedded systems (CHES 2013), Santa Barbara, USA. Lecture notes in computer science, vol 8086, Springer, Berlin, pp 250–272Google Scholar
  48. 48.
    Loidreau P, Sendrier N (1998) Some weak keys in McEliece public-key cryptosystem. In: Proceedings of IEEE international symposium on information theory, Cambridge, MA, p 382Google Scholar
  49. 49.
    Loidreau P (2000) Strengthening McEliece cryptosystem. In: ASIACRYPT, pp 585–598Google Scholar
  50. 50.
    Gabidulin EM, Kjelsen O (1994) How to avoid the Sidel’nikov-Shestakov attack. Selected papers from the workshop on information protection, error control, cryptology, and speech compression. Springer, London, UK, pp 25–32Google Scholar
  51. 51.
    Gibson K (1996), The security of the Gabidulin public key cryptosystem. In: Maurer U (ed) Advances in cryptology—EUROCRYPT 96. Lecture notes in computer science, Springer, Berlin, vol 1070Google Scholar
  52. 52.
    Wieschebrink C (2010) Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. In: Sendrier N (ed) Post-quantum cryptography (PQCrypto 2010). Lecture notes in computer science, vol 6061, Springer, pp 61–72Google Scholar
  53. 53.
    Wieschebrink C (2006) Two NP-complete problems in coding theory with an application in code based cryptography. In: Proceedings of IEEE international symposium on information theory (ISIT 2006), Seattle, WA, pp 1733–1737Google Scholar
  54. 54.
    Baldi M, Bianchi M, Chiaraluce F, Rosenthal J, Schipani D (2011) A variant of the McEliece cryptosystem with increased public key security. In: Proceedings of 7th international workshop on coding and cryptography (WCC 2011), Paris, France, pp 11–15Google Scholar
  55. 55.
    Baldi M, Bianchi M, Chiaraluce F, Rosenthal J, Schipani D (2014) Enhanced public key security for the McEliece cryptosystem. J of Cryptology, in pressGoogle Scholar
  56. 56.
    Couvreur A, Gaborit P, Gautier V, Otmani A, Tillich JP (2013) Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes. In: Proceedings of international workshop on coding and cryptography (WCC 13), Bergen, NorwayGoogle Scholar
  57. 57.
    Berger TP, Cayrel PL, Gaborit P, Otmani A (2009) Reducing key length of the McEliece cryptosystem. Progress in Cryptology - AFRICACRYPT 2009, vol 5580, Lecture Notes in Computer Science. Springer, Berlin Heidelberg, pp 77–97Google Scholar
  58. 58.
    Misoczki R, Barreto PSLM (2009) Compact McEliece keys from Goppa codes. In: Proceedings of selected areas in cryptography (SAC 2009), Calgary, CanadaGoogle Scholar
  59. 59.
    Faugére JC, Otmani A, Perret L, Tillich JP (2010) Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert H (ed) Advances in cryptology EUROCRYPT 2010, vol 6110. Lecture notes in computer science, Springer, Berlin, pp 279–298Google Scholar
  60. 60.
    Gabidulin EM, Paramonov AV, Trejakov OV (1991), Ideals over a non-commutative ring and their application in cryptography. In: Davies DW (ed) Advances in cryptology—EUROCRYPT 91. Lecture notes in computer science vol 547, Springer, BerlinGoogle Scholar
  61. 61.
    Overbeck R (2008) Structural attacks for public key cryptosystems based on Gabidulin codes. J Cryptol 21(2):280–301CrossRefzbMATHMathSciNetGoogle Scholar
  62. 62.
    Rashwan H, Gabidulin EM, Honary B (2011) Security of the GPT cryptosystem and its applications to cryptography. Secur Commun Netw 4(8):937–946Google Scholar
  63. 63.
    Riek J (1990) Observations on the application of error correcting codes to public key encryption. In: Proceedings of IEEE international Carnahan conference on security technology. Crime countermeasures, Lexington, USA, pp 15–18Google Scholar
  64. 64.
    Alabbadi M, Wicker S (1992) Integrated security and error control for communication networks using the McEliece cryptosystem. In: IEEE international Carnahan conference on security technology. Crime countermeasures, Lexington, USA, pp 172–178Google Scholar
  65. 65.
    Struik R, Jv Tilburg (1987) The Rao-Nam scheme is insecure against a chosen-plaintext attack. CRYPTO ’87: a conference on the theory and applications of cryptographic techniques on advances in cryptology. Springer, London, pp 445–457Google Scholar
  66. 66.
    Rao TRN (1988) On Struik-Tilburg cryptanalysis of rao-nam scheme. CRYPTO ’87: a conference on the theory and applications of cryptographic techniques on advances in cryptology. Springer, London, pp 458–460Google Scholar
  67. 67.
    Kabatianskii G, Krouk E, Smeets B (1997) A digital signature scheme based on random error correcting codes. In: Proceedings of 6th IMA international conference on cryptography and coding, London, UK, pp 161–167Google Scholar
  68. 68.
    Finiasz M (2011) Parallel-CFS. In: Biryukov A, Gong G, Stinson D (eds) Selected areas in cryptography, vol 6544, Lecture notes in computer science, Springer, Berlin, pp 159–170Google Scholar
  69. 69.
    Otmani A, Tillich JP (2011) An efficient attack on all concrete KKS proposals. In: Yang BY (ed) Post-quantum cryptography, vol 7071. Lecture notes in computer science, Springer, Berlin, pp 98–116Google Scholar
  70. 70.
    Finiasz M, Sendrier N (2009) Security bounds for the design of code-based cryptosystems. In: Matsui M (ed) Advances in cryptology ASIACRYPT 2009, vol 5912. Lecture notes in computer science, Springer, Berlin, pp 88–105Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  1. 1.DIIUniversità Politecnica delle MarcheAnconaItaly

Personalised recommendations