A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes

  • Marco Baldi
  • Marco Bodrato
  • Franco Chiaraluce
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


We improve our proposal of a new variant of the McEliece cryptosystem based on QC-LDPC codes. The original McEliece cryptosystem, based on Goppa codes, is still unbroken up to now, but has two major drawbacks: long key and low transmission rate. Our variant is based on QC-LDPC codes and is able to overcome such drawbacks, while avoiding the known attacks. Recently, however, a new attack has been discovered that can recover the private key with limited complexity. We show that such attack can be avoided by changing the form of some constituent matrices, without altering the remaining system parameters. We also propose another variant that exhibits an overall increased security level. We analyze the complexity of the encryption and decryption stages by adopting efficient algorithms for processing large circulant matrices. The Toom-Cook algorithm and the short Winograd convolution are considered, that give a significant speed-up in the cryptosystem operations.


McEliece cryptosystem QC-LDPC codes Cryptanalysis Toom-Cook Winograd 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Progress Report, 114–116 (1978)Google Scholar
  2. 2.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inform. Theory 24, 384–386 (1978)zbMATHCrossRefGoogle Scholar
  3. 3.
    Lee, P., Brickell, E.: An observation on the security of McEliece’s public-key cryptosystem. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988)Google Scholar
  4. 4.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans. Inform. Theory 44, 367–378 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Contr. and Inform. Theory 15, 159–166 (1986)zbMATHMathSciNetGoogle Scholar
  6. 6.
    Li, Y.X., Deng, R., Wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans. Inform. Theory 40, 271–273 (1994)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Riek, J.: Observations on the application of error correcting codes to public key encryption. In: Proc. IEEE International Carnahan Conference on Security Technology. Crime Countermeasures, Lexington, KY, USA, October 1990, pp. 15–18 (1990)Google Scholar
  8. 8.
    Richardson, T., Urbanke, R.: The capacity of low-density parity-check codes under message-passing decoding. IEEE Trans. Inform. Theory 47, 599–618 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes. In: Proc. IEEE ISIT 2007, Nice, France, June 2007, pp. 2591–2595 (2007)Google Scholar
  10. 10.
    Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: Proc. IEEE ISIT 2000, Sorrento, Italy, June 2000, p. 215 (2000)Google Scholar
  11. 11.
    Otmani, A., Tillich, J.P., Dallot, L.: Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes. In: Proc. First International Conference on Symbolic Computation and Cryptography (SCC 2008), Beijing, China (April 2008)Google Scholar
  12. 12.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proc. Int. Workshop on Coding and Cryptography WCC, Bergen, Norway, March 2005, pp. 81–90 (2005)Google Scholar
  13. 13.
    Richardson, T., Urbanke, R.: Efficient encoding of low-density parity-check codes. IEEE Trans. Inform. Theory 47, 638–656 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Neal, R.M.: Faster encoding for low-density parity check codes using sparse matrix methods (1999),
  15. 15.
    Stern, J.: A method for finding codewords of small weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)CrossRefGoogle Scholar
  16. 16.
    Baldi, M., Chiaraluce, F.: LDPC Codes in the McEliece Cryptosystem (September 2007),
  17. 17.
    Karatsuba, A.A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics Doklady 7, 595–596 (1963)Google Scholar
  18. 18.
    Toom, A.L.: The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Mathematics Doklady 3, 714–716 (1963)Google Scholar
  19. 19.
    Cook, S.A.: On the minimum computation time of functions. PhD thesis, Dept. of Mathematics, Harvard University (1966)Google Scholar
  20. 20.
    Bodrato, M., Zanoni, A.: Integer and polynomial multiplication: Towards optimal Toom-Cook matrices. In: Brown, C.W. (ed.) Proceedings of the ISSAC 2007 Conference, July 2007, pp. 17–24. ACM Press, New York (2007)Google Scholar
  21. 21.
    Cantor, D.G.: On arithmetical algorithms over finite fields. Journal of Combinatorial Theory A 50, 285–300 (1989)MathSciNetGoogle Scholar
  22. 22.
    Schönhage, A.: Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica 7, 395–398 (1977)zbMATHCrossRefGoogle Scholar
  23. 23.
    Brent, R.P., Zimmermann, P., Gaudry, P., Thomé, E.: Faster multiplication in GF(2)[x]. In: van der Poorten, A.J., Stein, A. (eds.) ANTS-VIII 2008. LNCS, vol. 5011, pp. 153–166. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Bodrato, M.: Towards optimal Toom-Cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 116–133. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    Jebelean, T.: An algorithm for exact division. Journal of Symbolic Computation 15, 169–180 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Winograd, S.: Arithmetic Complexity of Computations. CBMS-NSF Regional Conference Series in Mathematics, vol. 33. SIAM, Philadelphia (1980)zbMATHGoogle Scholar
  27. 27.
    Micciancio, D.: Generalized compact knapsacks, cyclic lattices and efficient one-way functions. Computational Complexity 16, 365–411 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Silverman, J.H.: High-speed multiplication of (truncated) polynomials. Technical Report 10, NTRU CryptoLab (January 1999)Google Scholar
  29. 29.
    Weimerskirch, A., Stebila, D., Shantz, S.C.: Generic GF(2) arithmetic in software and its application to ECC. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 79–92. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Marco Baldi
    • 1
  • Marco Bodrato
    • 2
  • Franco Chiaraluce
    • 1
  1. 1.DEIT, Università Politecnica delle MarcheAnconaItaly
  2. 2.Centro Vito VolterraUniversità di Roma Tor VergataRomaItaly

Personalised recommendations