An IND-CCA-Secure Code-Based Encryption Scheme Using Rank Metric

Shehhi, Hamad Al; Bellini, Emanuele; Borba, Filipe; Caullery, Florian; Manzano, Marc; Mateu, Víctor

doi:10.1007/978-3-030-23696-0_5

Cited by 8 publications

(12 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…5 Note that in LIGA we can use a similar representation of the secret key and public key as in RQC, see [2,Section 2.3.3]. More Table 4 Comparison of memory costs of sk, pk and the ciphertext ct in Byte with IND-CCA-secure Loidreau [42] and the NIST proposals RQC [2], ROLLO [1], BIKE [3] and Classic McEliece [8]. The entry 'yes' in the column DFR indicates that a scheme has a decryption failure rate larger than 0 precisely, we just store a seed of size 40 bytes to generate the secret key sk = (x, P [w+1,n] ) which leads to secret key size of 40 bytes.…”

Section: Parameters and Key Sizesmentioning

confidence: 99%

See 1 more Smart Citation

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

Renner

Puchinger

Wachter-Zeh

2021

Des. Codes Cryptogr.

View full text Add to dashboard Cite

We propose the new rank-metric code-based cryptosystem which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence resists the GOT attack. We also prove that the public-key encryption version of is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of are short ciphertext sizes and (relatively) small key sizes. Further, guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.

show abstract

Section: Parameters and Key Sizesmentioning

confidence: 99%

“…The size of the secret key of Loidreau's system is not shown since the authors of[42] do not state how they represent sk.…”

mentioning

confidence: 99%

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

Renner

Puchinger

Wachter-Zeh

2021

Des. Codes Cryptogr.

View full text Add to dashboard Cite

show abstract

“…We denote by D 1 a decoding Algorithm 1 for the LRPC code C 1 which decodes up to t (1) errors and by D 2 the error-erasure decoding Algorithm 2 of λ-Gabidulin code C 2 which decodes up to t (2) errors. Therefore, the error correcting capacity of C is:…”

Section: Decoding Algorithmmentioning

confidence: 99%

“…It is more advantageous than the indistinguishability under chosen-plaintext attack (IND-CPA) which is equivalent to the property of semantic security. Al Shehhi et al was proposed in [2] an IND-CCA secure version of Loidreau's PKE scheme with an overhead of 23% in the computational cost for encryption algorithm.…”

Section: Introductionmentioning

confidence: 99%

A Novel Niederreiter-like cryptosystem based on the (u|u + υ)-construction codes

Mahdjoubi

Cayrel

Akleylek

et al. 2021

RAIRO-Theor. Inf. Appl.

View full text Add to dashboard Cite

In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme which is resistant against recent attacks. The security is based on the hardness of the Rank Syndrome Decoding (RSD) problem and it presents a (u|u + υ)-construction code using two different types of codes: Ideal Low Rank Parity Check (ILRPC) codes and λ-Gabidulin codes. The proposed encryption scheme benefits are a larger minimum distance, a new efficient decoding algorithm and a smaller ciphertext and public key size compared to the Loidreau’s variants and to its IND-CCA secure version.

show abstract

“…Compared to lattice and code-based cryptography, rank-based cryptography is a relatively new and less explored field. Although the first rank-based cryptosystem, the Gabidulin-Paramonov-Tretjakov (GPT) public key encryption scheme [23], was introduced in 1991, and many analyses were presented in the subsequent years (such as [22,25,36,37]), only recently new schemes have been proposed, such as [5,6,11,12,20,33], some of which have also been submitted to the NIST PQC standardization process. Up until the algebraic attack recently presented in [10], these schemes seemed to provide appealing performance levels and key and ciphertext sizes, which enabled ROLLO [2] (merge of LAKE, LOCKER, and Rank-Ouroboros) and RQC [3] to pass the first round of the NIST PQC standardization process.…”

Section: Introductionmentioning

confidence: 99%

Constant Time Algorithms for ROLLO-I-128

et al. 2021

Self Cite

View full text Add to dashboard Cite

In this work, we propose different techniques that can be used to implement the rank-based key encapsulation methods and public key encryption schemes of the ROLLO, and partially RQC, family of algorithms in a standalone, efficient and constant time library. For simplicity, we focus our attention on one specific instance of this family, ROLLO-I-128. For each of these techniques, we present explicit code (including intrinsics), or pseudo-code and performance measures to show their impact. More precisely, we use a combination of original and known results and describe procedures for Gaussian reduction of binary matrices, generation of vectors of given rank, multiplication with lazy reduction and inversion of polynomials in a composite Galois field. We also carry out a global performance analysis to show the impact of these improvements on ROLLO-I-128. Through the SUPERCOP framework, we compare it to other 128-bit secure KEMs in the NIST competition. To our knowledge, this is the first optimized full constant time implementation of ROLLO-I-128.

show abstract

An IND-CCA-Secure Code-Based Encryption Scheme Using Rank Metric

Cited by 8 publications

References 18 publications

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

A Novel Niederreiter-like cryptosystem based on the (u|u + υ)-construction codes

Constant Time Algorithms for ROLLO-I-128

Contact Info

Product

Resources

About