An Efficient Attack on All Concrete KKS Proposals

Otmani, Ayoub; Tillich, Jean–Pierre

doi:10.1007/978-3-642-25405-5_7

Cited by 35 publications

(34 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This lemma can be found in [OT11] and it is proved there. Let us finish now the proof of Proposition 1.…”

Section: Proof Of Propositionmentioning

confidence: 98%

“…This is very much in the spirit of the attack against the KKS scheme which is explained in Algorithm 2 which can be found in Subsection 4.4 of [OT11]. With this approach, by using the codeword which has already been found, it is much easier to find new ones belonging to the same subcode with small support by imposing that the information set used for finding low weight codewords is chosen outside the positions belonging to the support of c. The complexity of the whole attack is dominated in this case by the complexity of finding just one codeword in C when there is a good way to identify the candidates in C (which can be done by checking the weight of c).…”

Section: An Improved Attackmentioning

confidence: 99%

“…We run such an algorithm for several different sets I and will be interested in the complexity of outputting at least one codeword which belongs to C . This is basically the approach which has been very successful to break the KKS scheme [OT11] and which is the natural candidate to break the [LJ12] scheme.…”

Section: An Improved Attackmentioning

confidence: 99%

“…The support of such codes can be easily found by low weight codewords algorithms. It is worthwhile to notice that the code-based KKS signature scheme [KKS97] could be broken with exactly the same approach [OT11]. It turns out that the support of these subcodes reveals the convolutional structure.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

Landais

Tillich

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Löndahl and Johansson proposed last year a variant of the McEliece cryptosystem which replaces Goppa codes by convolutional codes. This modification is supposed to make structural attacks more difficult since the public generator matrix of this scheme contains large parts which are generated completely at random. They proposed two schemes of this kind, one of them consists in taking a Goppa code and extending it by adding a generator matrix of a time varying convolutional code. We show here that this scheme can be successfully attacked by looking for low-weight codewords in the public code of this scheme and using it to unravel the convolutional part. It remains to break the Goppa part of this scheme which can be done in less than a day of computation in the case at hand.

show abstract

“…This lemma can be found in [OT11] and it is proved there. Let us finish now the proof of Proposition 1.…”

Section: Proof Of Propositionmentioning

confidence: 98%

Section: An Improved Attackmentioning

confidence: 99%

Section: An Improved Attackmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

Landais

Tillich

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…An important weakness of the KKS scheme has been pointed out in [69], which makes a careful choice of the system parameters critical.…”

Section: Code-based Digital Signaturesmentioning

confidence: 99%

The McEliece and Niederreiter Cryptosystems

Baldi

2014

SpringerBriefs in Electrical and Computer Engineering

View full text Add to dashboard Cite

This chapter is devoted to the McEliece and Niederreiter cryptosystems, which are the first and best known examples of code-based public-key cryptosystems. The classical instances of the McEliece and Niederreiter cryptosystems are described, together with the class of Goppa codes, which are the codes originally used in these systems and which have best resisted cryptanalysis during years. The main attacks against these systems are reviewed, and their complexity is estimated in order to assess the security level. Some subsequent variants of the McEliece and Niederreiter cryptosystems are briefly reviewed.Since many years, error correcting codes have gained an important place in cryptography. In fact, in 1978, just a couple of years after the publication of the pioneeristic work of Diffie and Hellman on the use of private and public keys [1], McEliece proposed a public-key cryptosystem based on algebraic coding theory [2] that revealed to have a very high security level. The rationale of the McEliece system, that adopts a generator matrix as the private key and a transformed version of it as the public key, lies in the difficulty of decoding a large linear code with no visible structure, that in fact is known to be a hard problem [3].The original McEliece cryptosystem is still unbroken, in the sense that no polynomial-time algorithm to implement an attack has been ever found. Moreover, the system is two or three orders of magnitude faster than competing solutions, like RSA. In spite of this, less attention has been devoted to the McEliece cryptosystem with respect to other solutions, for two main reasons: (1) the large size of its public keys and (2) its low information rate (that is about 0.5). In fact, the original McEliece cryptosystem requires public keys with size in the order of several thousands of bytes, while more widespread solutions, like RSA, work with public keys of less than one thousand bytes. In addition, the McEliece cryptosystem adds redundancy during encryption, therefore the ciphertexts are longer than their corresponding cleartexts. This latter fact has most consequences only when one wishes to use the McEliece M. Baldi, QC-LDPC Code-Based Cryptography, 6 5 SpringerBriefs in Electrical and Computer Engineering,

show abstract

A new code‐based designated verifier signature scheme

Thanalakshmi

Anitha

2018

Int J Communication

View full text Add to dashboard Cite

Summary Designated verifier signature (DVS) scheme allows the verifier to verify the signature of a message but prevents from transferring the conviction to any third party. This scheme is useful in circumstances where authenticity, signer ambiguity, and signer's privacy are simultaneously needed in various applications such as electronic voting, call for tenders, etc. Most of the existing DVS schemes are based on the hard problems in number theory such as integer factorization or the discrete log problem. The construction of a large‐scale quantum computer would break those schemes. So, the National Institute of Standards and Technology Internal Report recommends to develop cryptographic systems that are secure against both the quantum and the classical computers. One such promising alternative to number theoretic cryptography is code‐based cryptography. This paper analyzes the code‐based strong designated verifier schemes proposed in 2016 by Ren et al and Koochak Shooshtari et al and shows that these schemes do not have non‐transferability which is the essential feature of a DVS scheme. Further, the paper proposed a DVS scheme built on syndrome decoding, a hard problem in coding theory, and proves its security properties such as unforgeability and non‐transferability in the random oracle model.

show abstract

An Efficient Attack on All Concrete KKS Proposals

Cited by 35 publications

References 16 publications

An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes

The McEliece and Niederreiter Cryptosystems

A new code‐based designated verifier signature scheme

Contact Info

Product

Resources

About