Compact McEliece Keys from Goppa Codes

  • Rafael Misoczki
  • Paulo S. L. M. Barreto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)


The classical McEliece cryptosystem is built upon the class of Goppa codes, which remains secure to this date in contrast to many other families of codes but leads to very large public keys. Previous proposals to obtain short McEliece keys have primarily centered around replacing that class by other families of codes, most of which were shown to contain weaknesses, and at the cost of reducing in half the capability of error correction. In this paper we describe a simple way to reduce significantly the key size in McEliece and related cryptosystems using a subclass of Goppa codes, while also improving the efficiency of cryptographic operations to \(\tilde{O}(n)\) time, and keeping the capability of correcting the full designed number of errors in the binary case.


Security Level Goppa Code Cauchy Matrix Cryptographic Purpose Binary Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC code. In: IEEE International Symposium on Information Theory – ISIT 2007, Nice, France, pp. 2591–2595. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  2. 2.
    Baldi, M., Chiaraluce, F., Bodrato, M.: A new analysis of the mcEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009), CrossRefGoogle Scholar
  4. 4.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3), 384–386 (1978)zbMATHCrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J.: List decoding for binary Goppa codes (2008) (preprint),
  6. 6.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post-Quantum Cryptography. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the mcEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008), CrossRefGoogle Scholar
  8. 8.
    Gaborit, P.: Shorter keys for code based cryptography. In: International Workshop on Coding and Cryptography – WCC 2005, Bergen, Norway, pp. 81–91. ACM Press, New York (2005)Google Scholar
  9. 9.
    Gaborit, P., Girault, M.: Lightweight code-based authentication and signature. In: IEEE International Symposium on Information Theory – ISIT 2007, Nice, France, pp. 191–195. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  10. 10.
    Gibson, J.K.: Severely denting the Gabidulin version of the McEliece public key cryptosystem. Designs, Codes and Cryptography 6(1), 37–45 (1995)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Gibson, J.K.: The security of the Gabidulin public key cryptosystem. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 212–223. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Gulamhusein, M.N.: Simple matrix-theory proof of the discrete dyadic convolution theorem. Electronics Letters 9(10), 238–239 (1973)CrossRefGoogle Scholar
  13. 13.
    IEEE P1363 Working Group. IEEE 1363-1: Standard Specifications for Public-Key Cryptographic Techniques Based on Hard Problems over Lattices, Draft (2009),
  14. 14.
    Loidreau, P., Sendrier, N.: Some weak keys in McEliece public-key cryptosystem. In: IEEE International Symposium on Information Theory – ISIT 1998, Boston, USA, p. 382. IEEE, Los Alamitos (1998)Google Scholar
  15. 15.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes. North-Holland Mathematical Library, vol. 16 (1977)Google Scholar
  16. 16.
    McEliece, R.: A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42–44 (1978),
  17. 17.
    Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity 16(4), 365–411 (2007)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: IEEE International Symposium on Information Theory – ISIT 2000, Sorrento, Italy, p. 215. IEEE, Los Alamitos (2000)Google Scholar
  19. 19.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15(2), 159–166 (1986)zbMATHMathSciNetGoogle Scholar
  20. 20.
    European Network of Excellence in Cryptology (ECRYPT). ECRYPT yearly report on algorithms and keysizes (2007-2008). D.SPA.28 Rev. 1.1, IST-2002-507932 ECRYPT, 07/2008 (2008),
  21. 21.
    National Institute of Standards and Technology (NIST). Recommendation for key management – part 1: General (2007),
  22. 22.
    Otmani, A., Tillich, J.-P., Dallot, L.: Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes (2008) (preprint),
  23. 23.
    Patterson, N.J.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21(2), 203–207 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Sarwate, D.V.: On the complexity of decoding Goppa codes. IEEE Transactions on Information Theory 23(4), 515–516 (1977)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Schechter, S.: On the inversion of certain matrices. Mathematical Tables and Other Aids to Computation 13(66), 73–77 (1959), zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Transactions on Information Theory 46(4), 1193–1203 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Sidelnikov, V., Shestakov, S.: On cryptosystems based on generalized Reed-Solomon codes. Discrete Mathematics 4(3), 57–63 (1992)MathSciNetGoogle Scholar
  28. 28.
    Tzeng, K.K., Zimmermann, K.: On extending Goppa codes to cyclic codes. IEEE Transactions on Information Theory 21, 721–726 (1975)CrossRefMathSciNetGoogle Scholar
  29. 29.
    Wieschebrink, C.: Two NP-complete problems in coding theory with an application in code based cryptography. In: IEEE International Symposium on Information Theory – ISIT 2006, Seattle, USA, pp. 1733–1737. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Rafael Misoczki
    • 1
  • Paulo S. L. M. Barreto
    • 1
  1. 1.Departamento de Engenharia de Computação e Sistemas Digitais (PCS), Escola PolitécnicaUniversidade de São PauloBrazil

Personalised recommendations