Olivier Ruatta scite author profile

Abstract. In this paper we propose two new generic attacks on the Rank Syndrome Decoding (RSD) problem Let C be a random [n, k] rank code over GF (q m ) and let y = x + e be a received word such that x ∈ C and the Rank(e) = r. The first attack is combinatorial and permits to recover an error e of rank weight r in min. This attack dramatically improves on previous attack by introducing the length n of the code in the exponent of the complexity, which was not the case in previous generic attacks. which can be considered The second attack is based on a algebraic attacks: based on the theory of q-polynomials introduced by Ore we propose a new algebraic setting for the RSD problem that permits to consider equations and unknowns in the extension field GF (q m ) rather than in GF (q) as it is usually the case. We consider two approaches to solve the problem in this new setting. Linearization technics show that if n ≥ (k + 1)(r + 1) − 1 the RSD problem can be solved in polynomial time, more generally we prove that if ⌈ (r+1)(k+1)−(n+1) r ⌉ ≤ k, the problem can be solved with an average complexity O(rWe also consider solving with Gröbner bases for which which we discuss theoretical complexity, we also consider consider hybrid solving with Gröbner bases on practical parameters. As an example of application we use our new attacks on all proposed recent cryptosystems which reparation the GPT cryptosystem, we break all examples of published proposed parameters, some parameters are broken in less than 1 s in certain cases.

show abstract

An Algebraic Attack on Rank Metric Code-Based Cryptosystems

Bardet

Briaud

Bros

et al. 2020

View full text Add to dashboard Cite

Efficient Computation of Algebraic Immunity for Algebraic and Fast Algebraic Attacks

Armknecht

Carlet

Gaborit

et al. 2006

View full text Add to dashboard Cite

Abstract. In this paper we propose several efficient algorithms for assessing the resistance of Boolean functions against algebraic and fast algebraic attacks when implemented in LFSR-based stream ciphers. An algorithm is described which permits to compute the algebraic immu-operations necessary in all previous algorithms. Our algorithm is based on multivariate polynomial interpolation. For assessing the vulnerability of arbitrary Boolean functions with respect to fast algebraic attacks, an efficient generic algorithm is presented that is not based on interpolation. This algorithm is demonstrated to be particularly efficient for symmetric Boolean functions. As an application it is shown that large classes of symmetric functions are very vulnerable to fast algebraic attacks despite their proven resistance against conventional algebraic attacks.

show abstract

Low Rank Parity Check Codes: New Decoding Algorithms and Applications to Cryptography

Aragon

Gaborit

Hauteville

et al. 2019

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

We introduce a new family of rank metric codes: Low Rank Parity Check codes (LRPC), for which we propose an efficient probabilistic decoding algorithm. This family of codes can be seen as the equivalent of classical LDPC codes for the rank metric. We then use these codes to design cryptosystems à la McEliece: more precisely we propose two schemes for key encapsulation mechanism (KEM) and public key encryption (PKE). Unlike rank metric codes used in previous encryption algorithms -notably Gabidulin codes -LRPC codes have a very weak algebraic structure. Our cryptosystems can be seen as an equivalent of the NTRU cryptosystem (and also to the more recent MDPC [35] cryptosystem) in a rank metric context. The present paper is an extended version of the article introducing LRPC codes, with important new contributions. We have improved the decoder thanks to a new approach which allows for decoding of errors of higher rank weight, namely up to 2 3 (n − k) when the previous decoding algorithm only decodes up to n−k 2 errors. Our codes therefore outperform the classical Gabidulin code decoder which deals with weights up to n−k 2 . This comes at the expense of probabilistic decoding, but the decoding error probability can be made arbitrarily small. The new approach can also be used to decrease the decoding error probability of previous schemes, which is especially useful for cryptography. Finally, we introduce ideal rank codes, which generalize double-circulant rank codes and allow us to avoid known structural attacks based on folding. To conclude, we propose different parameter sizes for our schemes and we obtain a public key of 3337 bits for key exchange and 5893 bits for public key encryption, both for 128 bits of security.Among potential candidates for alternative cryptography, lattice-based and code-based cryptography are strong candidates. Rank-based cryptography relies on the difficulty of decoding error-correcting codes embedded in a rank metric space (often over extension fields of fields of prime order), when code-based cryptography relies on difficult problems related to error-correcting codes embedded in Hamming metric spaces (often over small fields F q ) and when lattice-based cryptography is mainly based on the study of q-ary lattices, which can be seen as codes over rings of type Z/qZ (for large q), embedded in Euclidean metric spaces.The particular appeal of the rank metric is that the practical difficulty of the decoding problems grows very quickly with the size of parameters. In particular, it is possible to reach a complexity of 2 80 for random instances with size only a few thousand bits, while for lattices or codes, at least a hundred thousand bits are needed. Of course with codes and lattices it is possible to decrease the size to a few thousand bits but with additional structure like quasi-cyclicity [7], which comes at the cost of losing reductions to known difficult problems. The rank metric was introduced by Delsarte and Gabidulin [15], along with Gabidulin codes which are a rank-metric equivalent ...

show abstract

New Results for Rank-Based Cryptography

Gaborit

Ruatta

Schrek

et al. 2014

View full text Add to dashboard Cite

Key Exchange and Encryption Schemes Based on Non-commutative Skew Polynomials

Boucher

Gaborit

Geiselmann

et al. 2010

View full text Add to dashboard Cite

In this paper we introduce a new key exchange algorithm (Diffie-Hellman like) based on so called (non-commutative) skew polynomials. The algorithm performs only polynomial multiplications in a special small field and is very efficient. The security of the scheme can be interpretated in terms of solving binary quadratic equations or exhaustive search of a set obtained through linear equations. We give an evaluation of the security in terms of precise experimental heuristics and usual bounds based on Groebner basis solvers. We also derive an El Gamal like encryption protocol. We propose parameters which give 3600 bits exchanged for the key exchange protocol and a size of key of 3600 bits for the encryption protocol, with a complexity of roughly 223 binary operations for performing each protocol. Overall this new approach based on skew polynomials, seems very promising, as a good tradeoff between size of keys and efficiency

show abstract

RankSign: An Efficient Signature Algorithm Based on the Rank Metric

Gaborit

Ruatta

Schrek

et al. 2014

View full text Add to dashboard Cite

We propose a new approach to code-based signatures that makes use in particular of rank metric codes. When the classical approach consists in finding the unique preimage of a syndrome through a decoding algorithm, we propose to introduce the notion of mixed decoding of erasures and errors for building signature schemes. In that case the difficult problem becomes, as is the case in lattice-based cryptography, finding a preimage of weight above the Gilbert-Varshamov bound (case where many solutions occur) rather than finding a unique preimage of weight below the Gilbert-Varshamov bound. The paper describes RankSign: a new signature algorithm for the rank metric based on a new mixed algorithm for decoding erasures and errors for the recently introduced Low Rank Parity Check (LRPC) codes. We explain how it is possible (depending on choices of parameters) to obtain a full decoding algorithm which is able to find a preimage of reasonable rank weight for any random syndrome with a very strong probability. We study the semantic security of our signature algorithm and show how it is possible to reduce the unforgeability to direct attacks on the public matrix, so that no information leaks through signatures. Finally, we give several examples of parameters for our scheme, some of which with public key of size 11, 520 bits and signature of size 1728 bits. Moreover the scheme can be very fast for small base fields.

show abstract

Low Rank Parity Check Codes: New Decoding Algorithms and Applications to Cryptography

Aragon¹,

Gaborit²,

Hauteville³

et al. 2019

Preprint

View full text Add to dashboard Cite

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Olivier Ruatta

On the Complexity of the Rank Syndrome Decoding Problem

An Algebraic Attack on Rank Metric Code-Based Cryptosystems

Efficient Computation of Algebraic Immunity for Algebraic and Fast Algebraic Attacks

Low Rank Parity Check Codes: New Decoding Algorithms and Applications to Cryptography

New Results for Rank-Based Cryptography

Key Exchange and Encryption Schemes Based on Non-commutative Skew Polynomials

RankSign: An Efficient Signature Algorithm Based on the Rank Metric

Low Rank Parity Check Codes: New Decoding Algorithms and Applications to Cryptography

Contact Info

Product

Resources

About