New Results for Rank-Based Cryptography

Gaborit, Philippe; Ruatta, Olivier; Schrek, Julien; Zémor, Gilles

doi:10.1007/978-3-319-06734-6_1

Cited by 49 publications

(41 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There has been some recent progress in this area for another metric, namely the rank metric. A hash and sign signature scheme was proposed, RankSign [GRSZ14], that enjoys remarkably small key sizes, but it got broken too in [DT18]. On the other hand, following the Schnorr-Lyubashevsky [Lyu09a] approach, a new scheme was recently proposed, namely Durandal [ABG + 18].…”

Section: Introductionmentioning

confidence: 99%

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

Debris-Alazard

Sendrier

Tillich

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present here a new family of trapdoor one-way Preimage Sampleable Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is one-way under two computational assumptions: the hardness of generic decoding for high weights and the indistinguishability of generalized (U, U + V )-codes. Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we ensure the proper distribution for the trapdoor inverse output. The domain sampling property of our family is ensured by using and proving a variant of the left-over hash lemma. We instantiate the new Wave-PSF family with ternary generalized (U, U + V )-codes to design a "hash-and-sign" signature scheme which achieves existential unforgeability under adaptive chosen message attacks (EUF-CMA) in the random oracle model. For 128 bits of classical security, signature sizes are in the order of 15 thousand bits, the public key size in the order of 4 megabytes, and the rejection rate is limited to one rejection every 10 to 12 signatures.

show abstract

Section: Introductionmentioning

confidence: 99%

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

Debris-Alazard

Sendrier

Tillich

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…It should be noted that unlike the syndrome decoding problem in the Hamming metric, the rank syndrome decoding problem is not known to be NP-hard. Other related work has been done in improving algorithms for the rank syndrome decoding problem [7], and also designing rank-metric based cryptosystems which do not rely on Gabidulin codes [8].…”

Section: Introductionmentioning

confidence: 99%

Extension of Overbeck’s attack for Gabidulin-based cryptosystems

Horlemann-Trautmann

Marshall

Rosenthal

2017

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Cryptosystems based on codes in the rank metric were introduced in 1991 by Gabidulin, Paramanov, and Tretjakov (GPT) and have been studied as a promising alternative to cryptosystems based on codes in the Hamming metric. In particular, it was observed that the combinatorial solution for solving the rank analogy of the syndrome decoding problem appears significantly harder. Early proposals were often made with an underlying Gabidulin code structure. Gibson, in 1995, made a promising attack which was later extended by Overbeck in 2008 to cryptanalyze many of the systems in the literature. Improved systems were then designed to resist the attack of Overbeck and yet continue to use Gabidulin codes. In this paper, we generalize Overbeck's attack to break the GPT cryptosystem for all possible parameter sets, and then generalize the attack to cryptanalyze particular variants which explicitly resist the attack of Overbeck. * This work was supported by SNF grant no. 149716.1. If k ≤ n, then M has dimension k, and minimum rank distance n − k + 1.2. If k < n, then dim( M ∩ M (q) ) = k − 1 and dim( M + M (q) ) = k + 1.

show abstract

“…If dim(E * V) = tλ a basis for E can be recovered with an estimated error probability of 2 −(n−k+1−tλ) , [GRSZ14].…”

Section: Probabilistic Decoding Based Cryptosystemsmentioning

confidence: 99%

“…Table 2 proposes some parameters for an expected security, and with a ciphertext expansion between 1.6 and 1.8. Since the parameters on can consider to decrease the key-size by increasing the expansion factor, but the designer has to note that case other types of decoding attacks can occur and should be taken into account, [GRSZ14].…”

Section: Security Argumentsmentioning

confidence: 99%

See 1 more Smart Citation

A New Rank Metric Codes Based Encryption Scheme

Loidreau

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

To cite this version:Pierre Loidreau. A new rank metric codes based encryption scheme. PQCrypto 2017, Jun 2017 A new rank metric codes based encryption scheme Pierre LoidreauDGA MI and Université de Rennes 1Abstract. We design a new McEliece-like rank metric based encryption scheme from Gabidulin codes. We explain why it is not affected by the invariant subspace attacks also known as Overbeck's attacks. The idea of the design mixes two existing approaches designing rank metric based encryption schemes. For a given security our public-keys are more compact than for the same security in the Hamming metric based settings.

show abstract

New Results for Rank-Based Cryptography

Cited by 49 publications

References 20 publications

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes

Extension of Overbeck’s attack for Gabidulin-based cryptosystems

A New Rank Metric Codes Based Encryption Scheme

Contact Info

Product

Resources

About