Reducible rank codes and their applications to cryptography

We propose the new rank-metric code-based cryptosystem which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence resists the GOT attack. We also prove that the public-key encryption version of is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of are short ciphertext sizes and (relatively) small key sizes. Further, guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.

show abstract

“…2 , where the last inequality follows from (18). The claim follows by combining the two bounds with (19).…”

Section: Lemma 8 An F Q M -Linear Mrd Code [N K] Q M Has a Basis Consisting Of Codewords Of F Q -Rank Nmentioning

confidence: 90%

“…We derive the result using the relation Pr d rk,min (A ) < t ≥ Pr d rk,min (A ) < t|S Pr S . (19) First note that Lemma 7 gives us Pr d rk,min (A ) < t ≤ q mζ − 1 (q m − 1)(q mw − 1)…”

Section: Lemma 8 An F Q M -Linear Mrd Code [N K] Q M Has a Basis Consisting Of Codewords Of F Q -Rank Nmentioning

confidence: 99%

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

Renner

Puchinger

Wachter-Zeh

2021

Des. Codes Cryptogr.

View full text Add to dashboard Cite

show abstract

“…Most variants of the original GPT cryptosystem were proposed in order to avoid Gibson's attacks from [10,11]. In [9], the authors proposed to substitute the underlying code by a reducible rank code:…”

Section: Gpt With Reducible Rank Codesmentioning

confidence: 99%

“…Using reducible rank codes for the McEliece cryptosystem is quite a natural extension (RRC-GPT). In the examples from [9] the authors propose to take two Gabidulin codes G 1 and G 2 over F q m (with length n i and dimension k i , i = 1, 2) and a random matrix…”

Section: Gpt With Reducible Rank Codesmentioning

confidence: 99%

“…over F q is less than t i for i = 1, 2. Using this construction, the authors of [9] propose that the random errors added at encryption should have a rank less than r = min i=1,2 ( n i −k i 2 −t i ), where en-and decryption work as with GGPT. The authors of [9] considered every parameter set with m i ≥ 24 and r ≥ 4 to provide sufficient security, even if X 1 and X 2 are zero matrices.…”

Section: Gpt With Reducible Rank Codesmentioning

confidence: 99%

See 1 more Smart Citation

Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes

Overbeck

2007

J Cryptol

125

View full text Add to dashboard Cite

show abstract

Security of the GPT cryptosystem and its applications to cryptography

Rashwan

Gabidulin

Honary

2010

Security Comm Networks

View full text Add to dashboard Cite

The public key cryptosystem (PKC) based on rank error correcting codes (the GPT cryptosystem) was proposed in 1991. Use of rank codes in cryptographic applications is advantageous since it is practically impossible to utilize combinatoric decoding. This enabled using public keys of a smaller size. Several attacks against this system were published, including Gibson's attacks and more recently Overbeck's attacks. A few modifications were proposed withstanding Gibson's attack but at least one of them was broken by the stronger attacks by Overbeck. A tool to prevent Overbeck's attack is presented by Gabidulin, which makes the cryptographer define a proper column scrambler matrix over the extension field without violating the standard mode of GPT cryptosystem. In this paper, we apply this tool to another variant of the GPT cryptosystem. Furthermore we increase the security of the proposed system against all known attacks and reduce the public key size to 4 Kbits instead of 10 Kbits.

show abstract

Reducible rank codes and their applications to cryptography

Cited by 49 publications

References 3 publications

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes

Security of the GPT cryptosystem and its applications to cryptography

Contact Info

Product

Resources

About