An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

Landais, Grégory; Tillich, Jean–Pierre

doi:10.1007/978-3-642-38616-9_7

Cited by 29 publications

(16 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This drawback motivated the search for secure code-based cryptosystems with more manageable key sizes [19,23,29,39]. Unfortunately, most of the proposed McEliece variants using codes other than Goppa codes have turned out to be insecure [14,22,25,27,35,40]. Using QC-MDPC codes to replace Goppa codes in the McEliece cryptosystem was first suggested by Misoczki et al in 2013 [26], and appears to be a promising choice.…”

Section: Previous Related Workmentioning

confidence: 99%

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

Rossi

Hamburg

Hutter

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

QcBits is a code-based public key algorithm based on a problem thought to be resistant to quantum computer attacks. It is a constanttime implementation for a quasi-cyclic moderate density parity check (QC-MDPC) Niederreiter encryption scheme, and has excellent performance and small key sizes. In this paper, we present a key recovery attack against QcBits. We first used differential power analysis (DPA) against the syndrome computation of the decoding algorithm to recover partial information about one half of the private key. We then used the recovered information to set up a system of noisy binary linear equations. Solving this system of equations gave us the entire key. Finally, we propose a simple but effective countermeasure against the power analysis used during the syndrome calculation.

show abstract

Section: Previous Related Workmentioning

confidence: 99%

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

Rossi

Hamburg

Hutter

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Moreover, there are some improvements of the CFS scheme [9] by exploiting other code families, such as the LDGM code [10] and the convolutional code [11]. However, these improvements ended in failure [12,13]. In 2014, Gaborit et al [14] proposed the RankSign scheme using the rank metric [15] and the LRPC code [16].…”

Section: Introductionmentioning

confidence: 99%

An improved Durandal signature scheme

Song

Huang

et al. 2020

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Constructing secure and effective code-based signature schemes has been an open problem. In this paper, we efficiently reduce the key size of the Durandal signature scheme introduced by Aragon et al. (EUROCRYPT 2019). We prove that the improved scheme is EUF-CMA secure by reducing its security to the advanced product spaces subspaces indistinguishability (PSSI +) problem, the decisional rank syndrome decoding (DRSD) problem, and the affine rank syndrome decoding (ARSD) problem under the random oracle model. Furthermore, our signature scheme is more secure than the Durandal scheme because recovering key attacks are equivalent to solving the rank syndrome decoding (RSD) problem, instead of the rank support learning (RSL) problem in the original Durandal scheme. Our signature scheme takes less time to generate a signature owing to the fact that our signature scheme enjoys smaller security parameters in comparison to the Duradual scheme. We compare the new scheme with existing code-based signature schemes and find that our signature scheme has advantages in terms of the public key size.

show abstract

“…A first version of the scheme based on LDPC codes proposed in [BC07] has been successfully attacked in [OTD08] (but the new scheme proposed in [BBC08] seems to be immune to this kind of attack). Some of the parameters that can be found in [BLP10,BLP11] have been successfully cryptanalyzed with a polynomial time attack in [COT14] or with an exponential time attack in [FPdP14], and finally the convolutional scheme of [LJ12] was successfully cryptanalyzed in [LT13].…”

Section: Introductionmentioning

confidence: 99%

“…All of these attacks (with the exception of [LT13]) pinpoint algebraic properties of the codes which raises the issue of looking for alternative code families with little or no algebraic structure. In this respect the proposals of [SK14,HSEA14] might be very attractive.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes

Bardet

Chaulet

Drăgoi

et al. 2016

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Polar codes discovered by Arikan form a very powerful family of codes attaining many information theoretic limits in the fields of error correction and source coding. They have in particular much better decoding capabilities than Goppa codes which places them as a serious alternative in the design of both a public-key encryption schemeà la McEliece and a very efficient signature scheme. Shrestha and Kim proposed in 2014 to use them in order to come up with a new code-based public key cryptosystem. We present a key-recovery attack that makes it possible to recover a description of the permuted polar code providing all the information required for decrypting any message.

show abstract

An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

Cited by 29 publications

References 31 publications

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

A Side-Channel Assisted Cryptanalytic Attack Against QcBits

An improved Durandal signature scheme

Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes

Contact Info

Product

Resources

About