Skip to main content

TCHo: A Code-Based Cryptosystem

  • Chapter
  • First Online:
Advances in Network Analysis and its Applications

Part of the book series: Mathematics in Industry ((MATHINDUSTRY,volume 18))

Abstract

TCHo is a public-key cryptosystem based on the hardness of finding a multiple polynomial with low weight and on the hardness of distinguishing between the output of an LFSR with noise and some random source. An early version was proposed in 2006 by Finiasz and Vaudenay with non-polynomial (though practical) decryption time. The latest version came in 2007 with more co-authors. It reached competitive (heuristic) polynomial complexity and IND-CPA security. Since then, a key-recovery chosen ciphertext attack was published by Herrmann and Leander in 2009. In this paper we review the state of the art on this cryptosystem, together with some latest improvements regarding implementation and selection of parameters. We provide also more formal results regarding correctness and we update the key generation algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A function is õ f(n) if it is Of(n) ⋅log(f(n))k for some k.

  2. 2.

    The word “tchô” happens to come from some French slang which originated from the famous Swiss cartoonist Zep who created a comics magazine for kids with this name in 1998.

  3. 3.

    Note that we can neglect the cost of the Gaussian elimination by using improved algorithms [11].

  4. 4.

    Since K may have a degree less than d, K ⊗ y may have more than  − d bits. To avoid side channels, we only use the first  − d bits, as if K had degree d.

References

  1. Ajtai, M.: Generating Hard Instances of Lattice Problems (Extended Abstract). In: STOC, pp. 99–108 (1996)

    Google Scholar 

  2. Ajtai, M., Dwork, C.: A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence. In: STOC, pp. 284–293 (1997)

    Google Scholar 

  3. Aumasson, J.P., Finiasz, M., Meier, W., Vaudenay, S.: TCHo: A Hardware-Oriented Trapdoor Cipher. In: J. Pieprzyk, H. Ghodosi, E. Dawson (eds.) ACISP, Lecture Notes in Computer Science, vol. 4586, pp. 184–199. Springer (2007)

    Google Scholar 

  4. Baignères, T., Junod, P., Vaudenay, S.: How Far Can We Go Beyond Linear Cryptanalysis? In: Lee [37], pp. 432–450

    Google Scholar 

  5. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation (Full Version) (1997). Available at http://cseweb.ucsd.edu/users/mihir

  6. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption (Extended Abstract). In: FOCS, pp. 394–403 (1997)

    Google Scholar 

  7. Berlekamp, E.: Factoring polynomials over large finite fields. Mathematics of Computation 24(111), 713–735 (1970)

    Article  MathSciNet  Google Scholar 

  8. Bernstein, D.J.: Introduction to post-quantum cryptography. In: D.J. Bernstein, J. Buchmann, E. Dahmen (eds.) Post-Quantum Cryptography, pp. 1–14. Springer (2009)

    Google Scholar 

  9. Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: J. Buchmann, J. Ding (eds.) PQCrypto, Lecture Notes in Computer Science, vol. 5299, pp. 31–46. Springer (2008)

    Google Scholar 

  10. Bindschaedler, V.: TCHo Software Implementation: Extending Firefox’s Security Services Library. EPFL Bachelor Thesis (unpublished) (2010)

    Google Scholar 

  11. Canteaut, A., Chabaud, F.: A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  12. Canteaut, A., Trabbia, M.: Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5. In: B. Preneel (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 1807, pp. 573–588. Springer (2000)

    Google Scholar 

  13. Cantor, D., Zassenhaus, H.: A new algorithm for factoring polynomials over finite fields. Mathematics of Computation 36(154), 587–592 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  14. Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. The Annals of Mathematical Statistics 23(4), 493–507 (1952)

    Article  MathSciNet  MATH  Google Scholar 

  15. Chose, P., Joux, A., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: L.R. Knudsen (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 2332, pp. 209–221. Springer (2002)

    Google Scholar 

  16. Chowdhury, S., Maitra, S.: Efficient Software Implementation of Linear Feedback Shift Registers. In: C.P. Rangan, C. Ding (eds.) INDOCRYPT, Lecture Notes in Computer Science, vol. 2247, pp. 297–307. Springer (2001)

    Google Scholar 

  17. Chowdhury, S., Maitra, S.: Efficient Software Implementation of LFSR and Boolean Function and Its Application in Nonlinear Combiner Model. In: J. Zhou, M. Yung, Y. Han (eds.) ACNS, Lecture Notes in Computer Science, vol. 2846, pp. 387–402. Springer (2003)

    Google Scholar 

  18. Coron, J.S., Handschuh, H., Joye, M., Paillier, P., Pointcheval, D., Tymen, C.: GEM: A Generic Chosen-Ciphertext Secure Encryption Method. In: B. Preneel (ed.) CT-RSA, Lecture Notes in Computer Science, vol. 2271, pp. 263–276. Springer (2002)

    Google Scholar 

  19. Courtois, N., Finiasz, M., Sendrier, N.: How to Achieve a McEliece-Based Digital Signature Scheme. In: C. Boyd (ed.) ASIACRYPT, Lecture Notes in Computer Science, vol. 2248, pp. 157–174. Springer (2001)

    Google Scholar 

  20. Didier, F., Laigle-Chapuy, Y.: Finding low-weight polynomial multiples using discrete logarithm. In: IEEE International Symposium on Information Theory, 2007 (ISIT 2007), pp. 1036–1040 (2007)

    Google Scholar 

  21. Diffie, W., Hellman, M.: New directions in cryptography. Information Theory, IEEE Transactions on 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  22. Ding, J., Schmidt, D.: Rainbow, a New Multivariable Polynomial Signature Scheme. In: J. Ioannidis, A.D. Keromytis, M. Yung (eds.) ACNS, Lecture Notes in Computer Science, vol. 3531, pp. 164–175 (2005)

    Google Scholar 

  23. Duc, A.: TCHo: a Postquantum Public-Key Cryptography Toolkit. Unpublished Report (2010)

    Google Scholar 

  24. El Aimani, L., von zur Gathen, J.: Finding low weight polynomial multiples using lattices. Cryptology ePrint Archive, Report 2007/423 (2007). http://eprint.iacr.org

  25. El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: CRYPTO, pp. 10–18 (1984)

    Google Scholar 

  26. Finiasz, M., Vaudenay, S.: When Stream Cipher Analysis Meets Public-Key Cryptography. In: E. Biham, A.M. Youssef (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 4356, pp. 266–284. Springer (2006)

    Google Scholar 

  27. Fujisaki, E., Okamoto, T.: Secure Integration of Asymmetric and Symmetric Encryption Schemes. In: M.J. Wiener (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 1666, pp. 537–554. Springer (1999)

    Google Scholar 

  28. Giesbrecht, M., Roche, D.S., Tilak, H.: Computing Sparse Multiples of Polynomials. In: O. Cheong, K.Y. Chwa, K. Park (eds.) ISAAC (1), Lecture Notes in Computer Science, vol. 6506, pp. 266–278. Springer (2010)

    Google Scholar 

  29. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: How to Encrypt with the LPN Problem. In: L. Aceto, I. Damgård, L.A. Goldberg, M.M. Halldórsson, A. Ingólfsdóttir, I. Walukiewicz (eds.) ICALP (2), Lecture Notes in Computer Science, vol. 5126, pp. 679–690. Springer (2008)

    Google Scholar 

  30. Goldreich, O., Goldwasser, S., Halevi, S.: Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem. In: Kaliski Jr. [35], pp. 105–111

    Google Scholar 

  31. Goldreich, O., Goldwasser, S., Halevi, S.: Public-Key Cryptosystems from Lattice Reduction Problems. In: Kaliski Jr. [35], pp. 112–131

    Google Scholar 

  32. Hallgren, S., Vollmer, U.: Quantum computing. In: D.J. Bernstein, J. Buchmann, E. Dahmen (eds.) Post-Quantum Cryptography, pp. 15–34. Springer (2009)

    Google Scholar 

  33. Herrmann, M., Leander, G.: A Practical Key Recovery Attack on Basic TCHo. In: S. Jarecki, G. Tsudik (eds.) Public Key Cryptography, Lecture Notes in Computer Science, vol. 5443, pp. 411–424. Springer (2009)

    Google Scholar 

  34. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: J. Buhler (ed.) ANTS, Lecture Notes in Computer Science, vol. 1423, pp. 267–288. Springer (1998)

    Google Scholar 

  35. Kaliski Jr., B.S. (ed.): Advances in Cryptology - CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 1997, Proceedings, Lecture Notes in Computer Science, vol. 1294. Springer (1997)

    Google Scholar 

  36. Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar Signature Schemes. In: J. Stern (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 1592, pp. 206–222. Springer (1999)

    Google Scholar 

  37. Lee, P.J. (ed.): Advances in Cryptology - ASIACRYPT 2004, 10th International Conference on the Theory and Application of Cryptology and Information Security, Jeju Island, Korea, December 5–9, 2004, Proceedings, Lecture Notes in Computer Science, vol. 3329. Springer (2004)

    Google Scholar 

  38. Lenstra, A., Lenstra, H., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  39. Li, Y.X., Deng, R.H., Wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Transactions on Information Theory 40(1), 271 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  40. Lu, Y., Meier, W., Vaudenay, S.: The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption. In: V. Shoup (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 3621, pp. 97–117. Springer (2005)

    Google Scholar 

  41. Lu, Y., Vaudenay, S.: Cryptanalysis of Bluetooth Keystream Generator Two-Level E0. In: Lee [37], pp. 483–499

    Google Scholar 

  42. Lu, Y., Vaudenay, S.: Faster Correlation Attack on Bluetooth Keystream Generator E0. In: M.K. Franklin (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 3152, pp. 407–425. Springer (2004)

    Google Scholar 

  43. Lu, Y., Vaudenay, S.: Cryptanalysis of an E0-like Combiner with Memory. Journal of Cryptology 21(3), 430–457 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  44. Lyubashevsky, V., Peikert, C., Regev, O.: On Ideal Lattices and Learning with Errors over Rings. In: H. Gilbert (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer (2010)

    Google Scholar 

  45. Matsumoto, T., Imai, H.: Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption. In: C.G. Günther (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 330, pp. 419–453. Springer (1988)

    Google Scholar 

  46. McEliece, R.: A public-key cryptosystem based on algebraic coding theory. DSN progress report 42(44), 114–116 (1978)

    Google Scholar 

  47. Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  48. Mozilla Corporation: Network Security Services (NSS) (2009). http://www.mozilla.org/projects/security/pki/nss/

  49. Naccache, D. (ed.): Topics in Cryptology - CT-RSA 2001, The Cryptographer’s Track at RSA Conference 2001, San Francisco, CA, USA, April 8–12, 2001, Proceedings, Lecture Notes in Computer Science, vol. 2020. Springer (2001)

    Google Scholar 

  50. Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15(2), 159–166 (1986)

    MathSciNet  MATH  Google Scholar 

  51. Okamoto, T., Pointcheval, D.: REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform. In: Naccache [49], pp. 159–175

    Google Scholar 

  52. Patarin, J.: Asymmetric Cryptography with a Hidden Monomial. In: N. Koblitz (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 1109, pp. 45–60. Springer (1996)

    Google Scholar 

  53. Patarin, J., Courtois, N., Goubin, L.: FLASH, a Fast Multivariate Signature Algorithm. In: Naccache [49], pp. 298–307

    Google Scholar 

  54. Patarin, J., Courtois, N., Goubin, L.: QUARTZ, 128-Bit Long Digital Signatures. In: Naccache [49], pp. 282–297

    Google Scholar 

  55. Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: M. Mitzenmacher (ed.) STOC, pp. 333–342. ACM (2009)

    Google Scholar 

  56. Rabin, M.: Digitalized signatures and public-key functions as intractable as factorization (1979)

    Google Scholar 

  57. Regev, O.: New lattice-based cryptographic constructions. J. ACM 51(6), 899–942 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  58. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: H.N. Gabow, R. Fagin (eds.) STOC, pp. 84–93. ACM (2005)

    Google Scholar 

  59. Regev, O.: Lattice-Based Cryptography. In: C. Dwork (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 4117, pp. 131–141. Springer (2006)

    Google Scholar 

  60. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  61. Schnorr, C.P.: A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms. Theoretical Computer Science 53, 201–224 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  62. Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  63. Shoup, V.: NTL: A Library for doing Number Theory. http://www.shoup.net/ntl/

  64. Wagner, D.: A Generalized Birthday Problem. In: M. Yung (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 2442, pp. 288–303. Springer (2002)

    Google Scholar 

  65. Zhuo, L., Prasanna, V.K.: High Performance Linear Algebra Operations on Reconfigurable Systems. In: SC, p. 2. IEEE Computer Society (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Alexandre Duc .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Duc, A., Vaudenay, S. (2012). TCHo: A Code-Based Cryptosystem. In: Kranakis, E. (eds) Advances in Network Analysis and its Applications. Mathematics in Industry, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30904-5_7

Download citation

Publish with us

Policies and ethics