Code-Based Public-Key Encryption

Part of the Mathematics for Industry book series (MFI, volume 5)


We present a short survey of public-key encryption (PKE) schemes based on hardness of general decoding. Such the schemes are believed to be resistant even against attacks using quantum computers, which makes them candidates for the so-called post-quantum cryptography. First, we briefly introduce the state-of-the-art in the area of code-based PKE. Then, we describe the McEliece PKE, two major attacks against this scheme and the proposed parameters. Finally, we survey recent results on the variants of this PKE which are proven to be indistinguishable under chosen plaintext and chosen ciphertext attacks.


Goppa codes General decoding McEliece public-key encryption Recommended parameter sets Provable security 


  1. 1.
    A. Becker, A. Joux, A. May, A. Meurer, Decoding Random Binary Linear Codes in \(2^{n/20}\): How 1 + 1 = 0 Improves Information Set Decoding. EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Heidelberg, 2009), pp. 520–536Google Scholar
  2. 2.
    M. Bellare, P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, in ACM Conference on Computer and Communications Security 1993, pp. 62–73, ACM (1993)Google Scholar
  3. 3.
    T. Berger, P. Cayrel, P. Gaborit, A. Otmani, Reducing Key Length of the McEliece Cryptosystem. AFRICACRYPT 2009. LNCS, vol. 5580 (Springer, Heidelberg, 2009), pp. 77–97Google Scholar
  4. 4.
    E. Berlekamp, R. McEliece, H. van Tilborg, On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24, 384–386 (1978)Google Scholar
  5. 5.
    D.J. Bernstein, Grover vs. McEliece, PQCrypto 2010. LNCS, vol. 6061 (Springer, Heidelberg, 2010), pp. 73–80Google Scholar
  6. 6.
    D.J. Bernstein, T. Lange, C. Peters, Smaller Decoding Exponents: Ball-Collision Decoding, CRYPTO 2011. LNCS, vol. 6841 (Springer, Heidelberg, 2011), pp. 743–760Google Scholar
  7. 7.
    D.J. Bernstein, T. Lange, D.J. Peters, Wild McEliece, Selected Areas in Cryptography 2010. LNCS, vol. 6544 (Springer, Heidelberg, 2010), pp. 143–158Google Scholar
  8. 8.
    A. Canteaut, F. Chabaud, A new algorithm for finding minimum-weight words in a linear code: application to primitive narrow-sense bch-codes of length 511. IEEE Trans. Inf. Theory 44, 367–378 (1998)Google Scholar
  9. 9.
    N. Courtois, M. Finiasz, N. Sendrier, How to Achieve a McEliece-Based Digital Signature Scheme, ASIACRYPT 2001. LNCS, vol. 2248 (Springer, Heidelberg, 2001), pp. 157–174Google Scholar
  10. 10.
    N. Döttling, R. Dowsley, J. Müller-Quade, A.C.A. Nascimento, A CCA2 secure variant of the McEliece cryptosystem. IEEE Trans. Inf. Theory 58(10), 6672–6680 (2012)Google Scholar
  11. 11.
    T. Eisenbarth, T. Güeysu, S. Heyse, C. Paar, MicroEliece: McEliece for Embedded Devices, CHES 2009. LNCS, vol. 5747 (Springer, Heidelberg, 2009), pp. 49–64Google Scholar
  12. 12.
    D. Engelbert, R. Overbeck, A. Schmidt, A summary of McEliece-Type cryptosystems and their security, J. Math. Cryptol. 1, 151–199 Walter de Gruyter (2007)Google Scholar
  13. 13.
    J. Faugère, A. Gauthier-Umaña, V. Otmani, L. Perret, J. Tillich, A distinguisher for high rate McEliece cryptosystems, in Information Theory Workshop 2011, pp. 282–286 (2011)Google Scholar
  14. 14.
    M. Finiasz, N. Sendrier, Security Bounds for the Design of Code-Based Cryptosystems, ASIACRYPT 2009, LNCS, vol. 5912 (Springer, Heidelberg, 2009), pp. 88–105Google Scholar
  15. 15.
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)Google Scholar
  16. 16.
    V. Goppa, A new class of linear error-correcting codes (in Russian). Probl. Peredachi Informacii 6, 24–30 (Russian Academy of Sciences) (1970)Google Scholar
  17. 17.
    S. Heyse, Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers, PQCrypto 2010. LNCS, vol. 7071 (Springer, Heidelberg, 2011), pp. 165–181Google Scholar
  18. 18.
    R. Hu, K. Morozov, T. Takagi, Proof of Plaintext Knowledge for Code-Based Public-Key Encryption Revisited, in ASIACCS 2013, pp. 535–540, ACM (2013)Google Scholar
  19. 19.
    G. Kabatiansky, E. Krouk, S. Semenov, Error Correcting Codes and Security for Data Networks Wiley, New York (2005)Google Scholar
  20. 20.
    J. Katz, J. Shin, Parallel and Concurrent Security of the HB and HB\(^+\) Protocols, EUROCRYPT 2006. LNCS, vol. 4004 (Springer, Heidelberg, 2006), pp. 73–87Google Scholar
  21. 21.
    K. Kobara, Imai, Semantically Secure McEliece Public-Key Cryptosystems—Conversions for McEliece PKC, in PKC2001. LNCS, vol. 1992 (Springer, Heidelberg, 2001), pp. 19–35Google Scholar
  22. 22.
    P. Lee, E. Brickell, An Observation on the Security of McEliece’s Public Key Cryptosystem, EUROCRYPT 1988. LNCS, vol. 330 (Springer, Heidelberg, 1988), pp. 275–280Google Scholar
  23. 23.
    J. Leon, A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans. Inf. Theory 34, 1354–1359 (1988)Google Scholar
  24. 24.
    Y. Li, R. Deng, X. Wang, The equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans. Inf. Theory 40, 271–273 (1994)Google Scholar
  25. 25.
    P. Loidreau, N. Sendrier, Weak keys in the McEliece public-key cryptosystem. IEEE Trans. Inf. Theory 47(3), 1207–1211 (2001)Google Scholar
  26. 26.
    F. MacWilliams, N.J.A. Sloane, The Theory of Error-Correcting Codes (North-Holland, Amsterdam, 1992)Google Scholar
  27. 27.
    P. Mathew, S. Vasant, S. Venkatesan, C.P. Rangan, An Efficient IND-CCA2 Secure Variant of the Niederreiter Encryption Scheme in the Standard Model, ACISP 2012. LNCS, vol. 7372, (Springer, Heidelberg, 2012), pp. 166–179Google Scholar
  28. 28.
    R.J. McEliece, A Public-Key Cryptosystem Based on Algebraic Coding Theory. Deep Space Network Progress Report (1978)Google Scholar
  29. 29.
    R. Misoczki, P.S.L.M. Barreto, Compact McEliece Keys from Goppa Codes, Selected Areas in Cryptography 2009. LNCS, vol. 5867 (Springer, Heidelberg, 2009), pp. 376–392Google Scholar
  30. 30.
    R. Niebuhr, M. Meziani, S. Bulygin, J. Buchmann, Selecting parameters for secure McEliece-based cryptosystems. Int. J. Inf. Secur. 11(3), 137–147 (2012)CrossRefGoogle Scholar
  31. 31.
    H. Niederreiter, Knapsack-type cryptosystems and Algebraic coding theory. Probl. Control Inf. Theory 152, 159–166 (Russian Academy of Sciences) (1986)Google Scholar
  32. 32.
    R. Nojima, H. Imai, K. Kobara, K. Morozov, Semantic security for the McEliece cryptosystem without random oracles. Des. Codes Cryptogr. 49(1–3), 289–305 (2008)MathSciNetCrossRefMATHGoogle Scholar
  33. 33.
    R. Overbeck, N. Sendrier, Code-based cryptography, in Post-Quantum Cryptography, ed. by D.J. Bernstein, J. Buchmann, E. Dahmen (Springer, Berlin, 2009), pp. 95–145CrossRefGoogle Scholar
  34. 34.
    N.J. Patterson, The Algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21, 203–207 (1975)CrossRefMATHGoogle Scholar
  35. 35.
    R. Perlner, D. Cooper, Quantum resistant public key cryptography: a survey. IDtrust 2009, 85–93 (2009)CrossRefGoogle Scholar
  36. 36.
    E. Persichetti, Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptol. 6(2), 149–169 (Walter de Gruyter) (2012)Google Scholar
  37. 37.
    C. Peters, Information-Set Decoding for Linear Codes over \(F_q\), PQCrypto 2010. LNCS, vol. 6061 (Springer, Heidelberg, 2010), pp. 81–94Google Scholar
  38. 38.
    R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    R. Roth, Introduction to Coding Theory (Cambridge University Press, Cambridge, 2006)Google Scholar
  40. 40.
    N. Sendrier, On the security of the McEliece public-key cryptosystem, in Information, Coding and Mathematics—Proceedings of Workshop honoring Prof. Bob McEliece on his 60th birthday, pp. 141–163, Kluwer (2002)Google Scholar
  41. 41.
    N. Sendrier, Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Trans. Inf. Theory 46(4), 1193–1203 (2000)MathSciNetCrossRefMATHGoogle Scholar
  42. 42.
    Sidelnikov V., Shestakov, S.: On the insecurity of cryptosystem based on generalized reed-solomon codes. Discrete Math. Appl. 2(4), 439–444 (Walter de Gruyter) (1992)Google Scholar
  43. 43.
    J. Stern, A Method for Finding Codewords of Small Weight, Coding Theory and Applications. LNCS, vol. 388 (Springer, Heidelberg, 1988), pp. 106–133Google Scholar
  44. 44.
    F. Strenzke, A Smart Card Implementation of the McEliece PKC, WISTP 2010. LNCS, vol. 6033 (Springer, Heidelberg, 2010), pp. 47–59Google Scholar

Copyright information

© Springer Japan 2014

Authors and Affiliations

  1. 1.Institute of Mathematics for IndustryKyushu UniversityFukuokaJapan

Personalised recommendations