Squaring attacks on McEliece public-key cryptosystems using quasi-cyclic codes of even dimension

Löndahl, Carl; Johansson, Thomas; Shooshtari, Masoumeh Koochak; Ahmadian-Attari, Mahmoud; Aref, Mohammad Reza

doi:10.1007/s10623-015-0099-x

Cited by 28 publications

(13 citation statements)

References 19 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…where ε PSSI + is the bound on the successful probability that the PPT adversary solves the PSSI + problem. (1) To avoid attacks [31,[37][38][39] and according to [28], m and n must be two different primes, and…”

Section: Proof Of Securitymentioning

confidence: 99%

An improved Durandal signature scheme

Song

Huang

et al. 2020

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Constructing secure and effective code-based signature schemes has been an open problem. In this paper, we efficiently reduce the key size of the Durandal signature scheme introduced by Aragon et al. (EUROCRYPT 2019). We prove that the improved scheme is EUF-CMA secure by reducing its security to the advanced product spaces subspaces indistinguishability (PSSI +) problem, the decisional rank syndrome decoding (DRSD) problem, and the affine rank syndrome decoding (ARSD) problem under the random oracle model. Furthermore, our signature scheme is more secure than the Durandal scheme because recovering key attacks are equivalent to solving the rank syndrome decoding (RSD) problem, instead of the rank support learning (RSL) problem in the original Durandal scheme. Our signature scheme takes less time to generate a signature owing to the fact that our signature scheme enjoys smaller security parameters in comparison to the Duradual scheme. We compare the new scheme with existing code-based signature schemes and find that our signature scheme has advantages in terms of the public key size.

show abstract

Section: Proof Of Securitymentioning

confidence: 99%

An improved Durandal signature scheme

Song

Huang

et al. 2020

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…According to the characteristics of a dyadic matrix, the first row of each dyadic sub-matrix can generate an entire quasi-dyadic matrix. In this paper, we take the finite field F 2 8 as an example to analyze the efficiency of the novel McEliece cryptosystem. The size of a public key is 8 * , where p is taken from [2 11 , 2 14 ].…”

Section: • Key Size and Bit Ratementioning

confidence: 99%

“…However, the large key size of the original McEliece makes it difficult to be applied in practice on embedded devices with limited resources [4]. Recently, to reduce the key size, some improved McEliece cryptosystems have been developed based on various types of error correcting codes such as the LDPC, MDPC, QC-MDPC, and QD-Goppa codes [5][6][7][8]. Although these improved cryptosystems satisfy the application requirements of embedded devices, they cannot defend against side channel attacks [9].…”

Section: Introductionmentioning

confidence: 99%

Higher-Order Masking Scheme against DPA Attack in Practice: McEliece Cryptosystem Based on QD-MDPC Code

2019

KSII TIIS

View full text Add to dashboard Cite

A code-based cryptosystem can resist quantum-computing attacks. However, an original system based on the Goppa code has a large key size, which makes it unpractical in embedded devices with limited sources. Many special error-correcting codes have recently been developed to reduce the key size, and yet these systems are easily broken through side channel attacks, particularly differential power analysis (DPA) attacks, when they are applied to hardware devices. To address this problem, a higher-order masking scheme for a McEliece cryptosystem based on the quasi-dyadic moderate density parity check (QD-MDPC) code has been proposed. The proposed scheme has a small key size and is able to resist DPA attacks. In this paper, a novel McEliece cryptosystem based on the QD-MDPC code is demonstrated. The key size of this novel cryptosystem is reduced by 78 times, which meets the requirements of embedded devices. Further, based on the novel cryptosystem, a higher-order masking scheme was developed by constructing an extension Ishai-Sahai-Wagne (ISW) masking scheme. The authenticity and integrity analysis verify that the proposed scheme has higher security than conventional approaches. Finally, a side channel attack experiment was also conducted to verify that the novel masking system is able to defend against high-order DPA attacks on hardware devices. Based on the experimental validation, it can be concluded that the proposed higher-order masking scheme can be applied as an advanced protection solution for devices with limited resources.

show abstract

“…Finally, we choose r such that 2 is primitive modulo r. First, this will force r to be prime, thwarting the so-called squaring attack [33]. Also, it implies that x r − 1 only has two irreducible factors (one of them being x − 1).…”

Section: How To Choose Mdpc Parametersmentioning

confidence: 99%

CAKE: Code-Based Algorithm for Key Encapsulation

Barreto

Gueron

Güneysu

et al. 2017

Cryptography and Coding

View full text Add to dashboard Cite

Current widely-used key exchange (KE) mechanisms will be vulnerable to quantum attacks when sufficiently strong quantum computers become available. Therefore, devising quantum-resistant replacements that combine efficiency with solid security guarantees is an important and challenging task. This paper proposes several contributions towards this goal. First, we introduce "CAKE", a key encapsulation algorithm based on the QC-MDPC McEliece encryption scheme, with two major improvements: a) the use of ephemeral keys that defeats a recent reaction attack against MDPC decoding of the corresponding encryption scheme and b) a highly efficient key generation procedure for QC-MDPCbased cryptosystems. Then, we present an authenticated key exchange protocol based on CAKE, which is suitable for the Internet Key Exchange (IKE) standard. We prove that CAKE is IND-CPA secure, that the protocol is SK-Secure, and suggest practical parameters. Compared to other post-quantum schemes, we believe that CAKE is a promising candidate for post-quantum key exchange standardization.

show abstract

Squaring attacks on McEliece public-key cryptosystems using quasi-cyclic codes of even dimension

Cited by 28 publications

References 19 publications

An improved Durandal signature scheme

An improved Durandal signature scheme

Higher-Order Masking Scheme against DPA Attack in Practice: McEliece Cryptosystem Based on QD-MDPC Code

CAKE: Code-Based Algorithm for Key Encapsulation

Contact Info

Product

Resources

About