Abstract
The security of McEliece cryptosystem heavily relies on the hardness of decoding a random linear code. The best known generic decoding algorithms are derived from the Information-Set Decoding (ISD) algorithm. The ISD algorithm was proposed in 1962 by Prange and improved in 1989 by Stern and later in 1991 by Dumer. Since then, there have been numerous works improving and generalizing the ISD algorithm: Peters in 2009, May, Meurer and Thomae in 2011, Becker, Joux, May and Meurer in 2012, May and Ozerov in 2015, and Hirose in 2016. Among all these improvement and generalization only those ofPeters and Hirose are over \(\mathbb {F}_q\) with q an arbitrary prime power. In Hirose’s paper, he describes the May-Ozerov nearest-neighbor algorithm generalized to work for vectors over the finite field \(\mathbb {F}_q\) with arbitrary prime power q. He also applies the generalized algorithm to the decoding problem of random linear codes over \(\mathbb {F}_q\). And he observed by a numerical analysis of asymptotic time complexity that the May-Ozerov nearest-neighbor algorithm may not contribute to the performance improvement of Stern’s ISD algorithm over \(\mathbb {F}_q\) with \(q \ge 3\). In this paper, we will extend the Becker, Joux, May, and Meurer’s ISD using the May-Ozerov algorithm for Nearest-Neighbor problem over \(\mathbb {F}_q\) with q an arbitrary prime power. We analyze the impact of May-Ozerov algorithm for Nearest-Neighbor Problem over \(\mathbb {F}_q\) on the Becker, Joux, May and Meurer’s ISD.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Andoni, A., Indyk, P., Nguyen, H.L., Razenshteyn, I.: Beyond locality-sensitive hashing. In: SODA, pp. 1018–1028 (2014)
Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02384-2_6
Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theor. 24(3), 384–386 (1978)
Becker, A., Joux, A., May, A., Meurer A.: Decoding random binary linear codes in \(2n, 20\): how \(1+1=0\) improves information set decoding. In: Eurocrypt 2012 (2012)
Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_42
Chabot, C., Legeay, M.: Using permutation group for decoding. In: Proceedings of Algebraic and Combinatorial Coding Theory 2010, pp. 86–92 (2010)
Coffey, J.T., Goodman, R.M.: The complexity of Information-Set Decoding (ISD). IEEE Trans. Inf. Theor. 36(5), 1031–1037 (1990)
Cohen, G., Wolfmann, J. (eds.): Coding Theory and Applications. LNCS, vol. 388. Springer, Heidelberg (1989)
Couvreur, A., Otmani, A., Tillich, J.-P.: Polynomial time attack on wild McEliece over quadratic extensions. Cryptology ePrint Archive 2014/112 (2014)
Dubiner, M.: Bucketing coding and information theory for the statistical high-dimensional nearest-neighbor problem. IEEE Trans. Inf. Theor. 56(8), 4166–4179 (2010)
Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings 5th Joint Soviet-Swedish International Workshop Information Theory, Moscow, pp. 50–52 (1991)
Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)
Faugére, J.-C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.-P.: Structural cryptanalysis of McEliece schemes with compact keys. Cryptology ePrint Archive: Report 2014/210 (2014)
Faugére, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Folding alternant and Goppa codes with non-nrivial automorphism groups. arXiv:1405.5101v1 [cs.IT], 20 May 2014
Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009)
Johansson, T., Löndahl, C.: An Improvement to Stern’s Algorithm
Heyse, S.: Implementation of McEliece based on quasi-dyadic goppa codes for embedded devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25405-5_10
Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), Bergen, Norway, pp. 81–91, March 2005
Hirose, S.: May-Ozerov algorithm for nearest-neighbor problem over \(\mathbb{F}_q\) and its application to information set decoding. Cryptology ePrint Archive: Report 2016/237 (2016)
Har-Peled, S., Indyk, P., Motwani, R.: Approximate nearest neighbor: towards removing the curse of dimensionality. Theor. Comput. 8(1), 321–350 (2012)
Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235–256. Springer, Heidelberg (2010)
Kobara, K.: Flexible quasi-dyadic code-based public-key encryption and signature. Cryptology ePrint Archive, Report 2009/635 (2009)
Legeay, M.: Permutation decoding: towards an approach using algebraic properties of the \(\sigma \)-subcode. In: Augot, D., Canteaut, A. (eds.) WCC 2011, pp. 193–202 (2011)
Legeay, M.: Utilisation du groupe de permutations d’un code correcteur pour améliorer l’éfficacité du décodage. Université de Rennes 1, Année (2012)
Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988). doi:10.1007/3-540-45961-8_25
Leon, J.S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans. Inf. Theor. 34, 1354–1359 (1988)
Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)
Misoczki, R., Tillich, J.P, Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: ISIT 2013, pp. 2069–2073 (2013)
McEliece, R.: A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep., Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA, pp. 114–116, January 1978
Barreto, P.S.L.M., Lindner, R., Misoczki, R.: Monoidic codes in cryptography. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 179–199. Springer, Heidelberg (2011)
May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_6
May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_9
Meurer, A.: A coding-theoretic approach to cryptanalysis. Dissertation thesis, Universität Bochum Ruhr, Novenber 2012
Niebuhr, R., Persichetti, E., Cayrel, P.-L., Bulygin, S., Buchmann, J.: On lower bounds for information set decoding over \(\mathbb{F}_q\) and on the effect of partial knowledge
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theor. 15, 159–166 (1986)
Persichetti, E.: Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptology 6(2), 149–169 (2012)
Peters, C.: Information-set decoding for linear codes over \(\mathbb{F}_q\). Cryptology ePrint Archive 2009/589 (2009)
Prange, E.: The use of Information-Sets in decoding cyclic codes. IEEE Trans. IT–8, S5–S9 (1962)
Repka, M., Zajac, P.: Overview of the McEliece cryptosystem and its security. Tatra Mountains Math. Publ. 60, 57–83 (2014). doi:10.2478/tmmp-2014-0025
Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). doi:10.1007/BFb0019850
Umana, V.G., Leander, G.: Practical key recovery attacks on two McEliece variants. In: International Conference on Symbolic Computation and Cryptography SCC 2010, vol. 2010, p. 62 (2010)
Acknowlegment
This work was carried out with financial support of CEA-MITIC for CBC project and financial support of the government of Senegal’s Ministry of Hight Education and Research for ISPQ project. The third author was supported in part by JSPS KAKENHI Grant Number JP16H02828.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
Nearest-Neighbor Algorithm over an Arbitrary Finite Field \(\mathbb {F}_q\)
We give in this section the May-Ozerov Nearest-Neighbor algorithm over \(\mathbb {F}_q\) proposed by Hirose in [19]
The complexity of May-Ozerov Nearest Neighbor algorithm is given by:
Theorem 2
[19]. Let q be a prime power. Let \(\gamma \), \(\beta \), \(\epsilon >0\) and \(\lambda \) be reals such that \(0<\gamma <\frac{1}{2}\), \(0<\beta <1\), \(\varepsilon >0\) and \(\lambda \le H_{q}(\beta )-\frac{1}{q}\sum \limits _{x\in \mathbb {F}_{q}}H_{q}(q \beta h_{x})\) with \(\sum \limits _{x\in \mathbb {F}_{q}}h_{x}=1\) and for each \(x\in \mathbb {F}_{q}\), \(\frac{\gamma }{q}< h_{x}<\frac{\gamma }{q} + \frac{1-\gamma }{q\beta }\).
Let \(y= (1-\gamma )\left( H_{q}(\beta ) -\frac{1}{q}\sum \limits _{x\in \mathbb {F}_{q}}H_{q}\left( \frac{qh_{x}-\gamma }{1-\gamma } \beta \right) \right) \). Then the MO-NN algorithm solves the \((m,\gamma , \lambda )NN\) problem over \(\mathbb {F}_{q}\) with overwhelming probability in time
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gueye, C.T., Klamti, J.B., Hirose, S. (2017). Generalization of BJMM-ISD Using May-Ozerov Nearest Neighbor Algorithm over an Arbitrary Finite Field \(\mathbb {F}_q\) . In: El Hajji, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2017. Lecture Notes in Computer Science(), vol 10194. Springer, Cham. https://doi.org/10.1007/978-3-319-55589-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-55589-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55588-1
Online ISBN: 978-3-319-55589-8
eBook Packages: Computer ScienceComputer Science (R0)