Abstract
Code-based public-key cryptosystems are based on the hardness of a decoding problem. Their advantages include: 1) quantum tolerant, i.e. no polynomial time algorithm is known even on quantum computers whereas number theoretic public-key cryptosystems, such as RSA, Elliptic Curve Cryptosystems, DH, DSA, are vulnerable against them. 2) arithmetic unit is small for encryption and signature verification since they consists mostly of exclusive-ors that are highly parallelizable. The drawback is, however, that the public-key size is large, which is around some hundreds KB to some MB for typical parameters. Several attempts have been conducted to reduce the public-key size. Most of them, however, failed except one, which is Quasi-Dyadic (QD) public-key (for large extention degrees). While an attack has been proposed on QD public-key (for small extension degrees), it can be prevented by making the extension degree m larger, specifically by making q ( m (m − 1)) large enough where q is the base filed and q = 2 for a binary code. QD approach can be improved further by using the method proposed in this paper. We call it “Flexible” Quasi-Dyadic (FQD) since it is flexible in its parameter choice, i.e. FQD can even achieve the maximum code length n = 2m − t with one shot for given error correction capability t whereas QD must hold n < < 2m − t (at least n ≤ 2m − 1) and the key generation is performed by trial and error. Achieving n = 2m − t or more loosely \(n = 2^m - 2^{\lceil \log_2 t \rceil}\)) is crucial for code-based digital signatures since they must make \(2^{mt}/{n \choose t}\) small enough and without making n close to 2m − t it cannot be satisfied. FQD can also be applied to code-based digital signatures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Earthquake early warning, http://en.wikipedia.org/wiki/Earthquake_Early_Warning_Japan
Dallot, L., Otmani, A., Tillich, J.P.: Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes (2008), http://arxiv.org/abs/0804.0409
Augot, D., Finiasz, M., Gaborit, P., Manuel, S., Sendrier, N.: SHA-3 proposal: FSB. SHA-3 NIST competition (2008)
Baldi, M., Chiaraluce, F.: Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes. In: Proc. of IEEE International Symposium on Information Theory, ISIT 2007, pp. 2591–2595 (2007)
Berger, T., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) Progress in Cryptology – AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)
Bernstein, D.J.: Code-based public-key cryptography, http://pqcrypto.org/code.html
Bernstein, D.J.: List decoding for binary Goppa codes (2008), http://cr.yp.to/codes/goppalist-20081107.pdf
Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)
Cui, Y., Kobara, K., Matsuura, K., Imai, H.: Lightweight privacy-preserving authentication protocols secure against active attack in an asymmetric way. IEICE Trans. E91-D(5), 1457–1465 (2008)
Schmidt, A., Engelbert, D., Overbeck, R.: A summary of McEliece-type cryptosystems and their security. Journal of Mathematical Cryptology, 1 (2007), Previous version, http://eprint.iacr.org/2006/162
Dowsley, R., Muller-Quade, J., Nascimento, A.C.A.: A CCA2 secure public key encryption scheme based on the McEliece assumptions in the standard model (2008), http://eprint.iacr.org/2008/468
Dowsley, R., van de Graaf, J., Quade, J.M., Nascimento, A.: Oblivious transfer based on the McEliece assumptions. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 107–117. Springer, Heidelberg (2008)
Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009)
Hagiwara, M., Kobara, K., Imai, H.: On the security of McEliece public key cryptosystem with LDPC code (in japanese). In: The 2007 Symposium on Cryptography and Information Security: 2C1-1 (January 2007)
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Kobara, K., Imai, H.: OAEP++ – another very simple way to fix the bug in OAEP. In: Proc. of 2002 International Symposium on Information Theory and Its Applications: S6-4-5, pp. 563–566 (2002)
Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystem. IEICE Trans. E85-A(1), 74–83 (2002)
Kobara, K., Imai, H.: On the one-wayness against chosen-plaintext attacks on the Loidreau’s modified McEliece PKC. IEEE Trans. on IT 49(12) (2003)
Kobara, K., Morozov, K., Overbeck, R.: Coding-based oblivious transfer. In: Calmet, J., Geiselmann, W., Müller-Quade, J. (eds.) Mathematical Methods in Computer Science. LNCS, vol. 5393, pp. 142–156. Springer, Heidelberg (2008)
Loidreau, P.: Strengthening McEliece cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 585–598. Springer, Heidelberg (2000)
MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes, ch. 12, Sec. 3, Pr. 5. North-Holland Mathematical Library, Amsterdam (1977)
Misoczki, R., Barreto, P.: Personal communication (2009)
Misoczki, R., Barreto, P.: Compact McEliece keys from Goppa codes. In: Rijmen, V. (ed.) SAC 2009. LNCS, vol. 5867. Springer, Heidelberg (2009)
Monico, C., Rosenthal, J., Shokrollahi, A.: Using low density parity check codes in the McEliece cryptosystem. In: Proc. of IEEE International Symposium on Information Theory, ISIT 2000, p. 215 (2000)
Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the McEliece cryptosystem without random oracles. In: Proc. of WCC 2007, pp. 257–268 (2007)
Perrig, A., Canetti, R., Tyger, J.D., Song, D.: The TESLA broadcast authentication protocol. CryptoBytes 5(2), 2–13 (Summer/Fall 2002)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26(5), 1484–1509 (1997)
Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)
Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994)
Suzuki, M., Kobara, K.: Privacy enhancing techniques on RFID systems. In: Development and Implementation of RFID Technology, January 2009, ch. 16, pp. 305–316. IN-TECH (2009) ISBN 978-3-902613-54-7
Tzeng, K.K., Zimmermann, K.: On extending Goppa codes to cyclic codes. IEEE Trans. on IT 21(6) (1975)
Umana, V.G., Leander, G.: Practical key recovery attacks on two McEliece variants (2009), http://eprint.iacr.org/2009/509
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: 1st Annual Conference on Security in Pervasive Computing (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kobara, K. (2010). Code-Based Public-Key Cryptosystems and Their Applications. In: Kurosawa, K. (eds) Information Theoretic Security. ICITS 2009. Lecture Notes in Computer Science, vol 5973. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14496-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-14496-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14495-0
Online ISBN: 978-3-642-14496-7
eBook Packages: Computer ScienceComputer Science (R0)