Abstract
Several variants of the McEliece public key encryption scheme present interesting properties for post-quantum cryptography. In this article we pursue a study of one potential variation, namely the McEliece scheme based on polar codes, and, more generally, based on any weakly decreasing monomial code. Recently, both polar as well as Reed-Muller codes were redefined using a polynomial formalism using different partial orders on the set of monomials over the ring of polynomials of m variables with coefficients in \(\mathbb {F}_2\). We use this approach to study the star product of two weakly decreasing monomial codes and determine its dimension. With these results at hand, we will identify particular types of weakly decreasing monomial codes for which the star product allows for an efficient distinguisher. These results support our quest for efficient key recovery attacks against these variants of the McEliece scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arıkan, E.: Channel polarization: A method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory 55(7), 3051–3073 (2009)
Baldi, M., Bodrato, M., Chiaraluce, F.: A new analysis of the McEliece cryptosystem based on QC-LDPC codes. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85855-3_17
Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT, Nice, France, pp. 2591–2595, June 2007
Bardet, M., Chaulet, J., Dragoi, V., Otmani, A., Tillich, J.-P.: Cryptanalysis of the McEliece public key cryptosystem based on polar codes. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 118–143. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_9
Bardet, M., Dragoi, V., Otmani, A., Tillich, J.P.: Algebraic properties of polar codes from a new polynomial formalism. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT, Barcelona, Spain, pp. 230–234, July 2016
Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: How \(1+1=0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_31
Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)
Bernstein, D.J., Lange, T., Peters, C.: Wild McEliece. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 143–158. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_10
Bucerzan, D., Dragoi, V., Kalachi, H.T.: Evolution of the McEliece public key encryption scheme. In: Farshim, P., Simion, E. (eds.) SecITC 2017. LNCS, vol. 10543, pp. 129–149. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69284-5_10
Canteaut, A., Chabanne, H.: A further improvement of the work factor in an attempt at breaking McEliece’s cryptosystem. In: Proceedings of the International Symposium on Coding Theory and Applications - EUROCODE 1994, pp. 169–173 (1994)
Canto-Torres, R., Sendrier, N.: Analysis of information set decoding for a sub-linear error weight. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 144–161. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_10
Chen, L., et al.: Report on post-quantum cryptography. Technical Report, National Institute of Standards and Technology (2016)
Chizhov, I.V., Borodin, M.A.: Effective attack on the McEliece cryptosystem based on Reed-Muller codes. Discrete Math. Appl. 24(5), 273–280 (2014)
Couvreur, A., Gaborit, P., Gauthier-Umaña, V., Otmani, A., Tillich, J.P.: Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes. Des. Codes Crypt. 73(2), 641–666 (2014)
Debris-Alazard, T., Sendrier, N., Tillich, J.: A new signature scheme based on \((u | u+v)\) codes. CoRR abs/1706.08065 (2017). http://arxiv.org/abs/1706.08065
Dragoi, V.: Algebraic approach for the study of algorithmic problems coming from cryptography and the theory of error correcting codes. Ph.D. thesis, Université de Rouen, France, July 2017
Drăgoi, V., Richmond, T., Bucerzan, D., Legay, A.: Survey on cryptanalysis of code-based cryptography: From theoretical to physical attacks. In: International Conference on Computers Communications and Control - ICCCC, Oradea, Romania, pp. 215–223, May 2018
Dumer, I.: Two decoding algorithms for linear codes. Prob. Inf. Transm. 25(1), 17–23 (1989)
Faugère, J.C., Gauthier, V., Otmani, A., Perret, L., Tillich, J.P.: A distinguisher for high rate McEliece cryptosystems. IEEE Trans. Inf. Theory 59(10), 6830–6844 (2013)
Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Folding alternant and Goppa codes with non-trivial automorphism groups. IEEE Trans. Inf. Theory 62(1), 184–198 (2016)
Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Structural cryptanalysis of McEliece schemes with compact keys. Des. Codes Crypt. 79(1), 87–112 (2016)
Faugère, J.-C., Perret, L., de Portzamparc, F.: Algebraic attack against variants of McEliece with Goppa polynomial of a special form. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 21–41. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_2
Feynman, R.P.: Simulating physics with computers. Int. J. Theor. Phys. 21(6), 467–488 (1982)
Hooshmand, R., Shooshtari, M.K., Eghlidos, T., Aref, M.: Reducing the key length of McEliece cryptosystem using polar codes. In: International ISC Conference on Information Security and Cryptology - ISCISC, Teheran, Iran, pp. 104–108, September 2014
Janwa, H., Moreno, O.: McEliece public key cryptosystems using algebraic-geometric codes. Des. Codes Crypt. 8(3), 293–307 (1996)
MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes, 5th edn. North-Holland, Amsterdam (1986)
May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_6
May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_9
McEliece, R.J.: A puclic-key system based on algebraic theory, pp. 114–116. The Deep Space Network Progress Report, DSN PR 42–44, January 1978. https://tmo.jpl.nasa.gov/progress_report2/42-44/44N.PDF
Minder, L., Shokrollahi, A.: Cryptanalysis of the Sidelnikov cryptosystem. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 347–360. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_20
Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: New McEliece variants from moderate density parity-check codes. In: Proceedings of the IEEE International Symposium Information Theory - ISIT, Istanbul, Turkey, pp. 2069–2073, July 2013
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15(2), 159–166 (1986)
Otmani, A., Kalachi, H.T.: Square code attack on a modified Sidelnikov cryptosystem. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E.M. (eds.) C2SI 2015. LNCS, vol. 9084, pp. 173–183. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18681-8_14
Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 95–145. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_4
Persichetti, E.: Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptology 6(2), 149–169 (2012)
Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Sendrier, N.: On the dimension of the hull. SIAM J. Discrete Math. 10, 282–293 (1997)
Sendrier, N.: On the security of the McEliece public-key cryptosystem. In: Blaum, M., Farrell, P.G., van Tilborg, H.C.A. (eds.) Information, Coding and Mathematics, vol. 687, pp. 141–163. Springer, Boston (2002). https://doi.org/10.1007/978-1-4757-3585-7_10
Sendrier, N.: On the use of structured codes in code based cryptography. In: Coding Theory and Cryptography III, pp. 59–68 (2010)
Shrestha, S.R., Kim, Y.S.: New McEliece cryptosystem based on polar codes as a candidate for post-quantum cryptography. In: International Symposium on Communication and Information Technologies - ISCIT, Incheon, Korea, pp. 368–372, September 2014
Sidelnikov, V.M.: A public-key cryptosytem based on Reed-Muller codes. Discrete Math. Appl. 4(3), 191–207 (1994)
Wieschebrink, C.: Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. IACR Cryptology ePrint Archive, Report 2009/452 (2009)
Acknowledgement
This work was partially supported by the European Union through the European Regional Development Fund (ERDF) under the Competitiveness Operational Program (BioCell-NanoART = Novel Bio-inspired Cellular Nano-architectures, POC-A1.1.4-E-2015 nr. 30/01.09.2016).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A.1 Computing the Dimension for Weakly Decreasing Monomial Codes
A.1 Computing the Dimension for Weakly Decreasing Monomial Codes
Example 1
Let \(I=[1,x_0x_1]_{\preceq _{{\mathrm {w}}}}\cup [1,x_0x_2]_{\preceq _{{\mathrm {w}}}}\cup [1,x_1x_3]_{\preceq _{{\mathrm {w}}}}\). We observe that I is a weakly decreasing set and it is not a decreasing set. If we apply our formula step by step we obtain
-
1.
The first step is to compute the cardinality of all the intervals \([1,g_i]_{\preceq _{{\mathrm {w}}}}\).
-
\(\left| [1,x_0x_1]_{\preceq _{{\mathrm {w}}}}\right| =\left| \{1,x_0,x_1,x_0x_1\}\right| =2^2\).
-
\(\left| [1,x_0x_2]_{\preceq _{{\mathrm {w}}}}\right| =\left| \{1,x_0,x_2,x_0x_2\}\right| =2^2\).
-
\(\left| [1,x_1x_3]_{\preceq _{{\mathrm {w}}}}\right| =\left| \{1,x_1,x_3,x_1x_3\}\right| =2^2\).
which gives a total of 12 elements.
-
-
2.
The second step computes the cardinality of the intervals \([1,\gcd (g_i,g_j)]_{\preceq _{{\mathrm {w}}}}\)
-
\(\left| [1,x_0]_{\preceq _{{\mathrm {w}}}}\right| =\left| \{1,x_0\}\right| =2^1.\)
-
\(\left| [1,x_1]_{\preceq _{{\mathrm {w}}}}\right| =\left| \{1,x_1\}\right| =2^1.\)
-
\(\left| [1]\right| =\left| \{1\}\right| =2^0.\)
which gives a total of 5 elements and an updated sum of 7.
-
-
3.
The third and last step determines the cardinality of the interval \([1,\gcd (x_0x_1,x_0x_2,x_1x_3)]_{\preceq _{{\mathrm {w}}}}=\{1\}\). So, we have only one element and the dimension of the code is
$$\begin{aligned} \mathrm {dim}(\mathscr {C}(I))=8. \end{aligned}$$
Remark 2
Another way of computing the formula is to use the set of indices \(\{\text {ind}(g_i)\}_{g_i\in I_{\max _{\preceq _{{\mathrm {w}}}}}}\). Take for example \(m=5\) and
which gives the set of indices \(\text {ind}(I_{\max _{\preceq _{{\mathrm {w}}}}})=\{\{0,1,2\},\{0,2,3\},\{2,4\},\{0,1,3,4\}\}\). By applying our formula we obtain
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Drăgoi, V., Beiu, V., Bucerzan, D. (2019). Vulnerabilities of the McEliece Variants Based on Polar Codes. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)