Skip to main content
Springer Nature Link
Log in

On the security of the modified Dual-ouroboros PKE using Gabidulin codes

  • Original Paper
  • Published:
Applicable Algebra in Engineering, Communication and Computing Aims and scope

Abstract

Recently, Kim et al. proposed a modified Dual-Ouroboros public-key encryption (\({\textsf{PKE}}\)) using Gabidulin codes to overcome the limitation of having decryption failure in the original Dual-Ouroboros using low rank parity check codes. This modified Dual-Ouroboros \({\textsf{PKE}}\) using Gabidulin codes is proved to be INDCPA secure, with very compact public key size of 738 bytes achieving 128-bit security level. However, they did not specify on their choice of the secret key S used in their \({\textsf{PKE}}\). In this paper, we analyze different possible choices for S in the modified Dual-Ouroboros \({\textsf{PKE}}\) using Gabidulin codes. More specifically, we show that if S is invertible over \({\mathbb{F}}_{q^m}\) without any restriction, then the decryption algorithm will fail. Furthermore, we show that Kim et al.’s proposal of the modified Dual-Ouroboros \({\textsf{PKE}}\) using Gabidulin codes has secret key S over \({\mathbb{F}}_q\) for its decryption algorithm to be correct. Then, we proposed two attacks: key recovery attack and plaintext recovery attack on their \({\textsf{PKE}}\) with S over \({\mathbb{F}}_q\). We are able to recover the secret key for all the proposed parameters within 235 seconds. Moreover, we show that the public key matrix in their proposal generates a subcode of Gabidulin code. As a consequence, we can apply the Frobenius weak attack on their proposal and recover the plaintext for all the proposed paramters within 0.614 second. Finally, we give a proposal for the modified Dual-Ouroboros \({\textsf{PKE}}\) using Gabidulin codes such that it is correct and secure, by considering certain restrictions on S over \({\mathbb{F}}_{q^m}\).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Aguilar-Melchor, C., Aragon, A., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Hauteville, A., Zémor, G.: Ouroboros-R. http://pqc-ouroborosr.org (2017). Accessed 8 Dec 2019

  2. Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.-P.: A new algorithm for solving the rank syndrome decoding problem. In: Proceedings of IEEE International Symposium on Information Theory (ISIT 2018), pp. 2421–2425 (2018)

  3. Berlekamp, E., McEliece, R., Tilborg, H.V.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)

    Article  MathSciNet  Google Scholar 

  4. Bardet, M., Briaud, P., Brox, M., Gaborit, P., Neiger, V., Ruatta, O., Tillich, J.-P.: An Algebraic Attack on Rank Metric Code-based Cryptosystems. CoRR abs/1910.00810 (2019)

  5. Gabidulin, E.M.: Theory of codes with maximum rank distance. Probl. Peredachi Inf. 21(1), 3–16 (1985)

    MathSciNet  MATH  Google Scholar 

  6. Gaborit, P.: Attack on McNie—Post-Quantum Cryptography, Round 1 Submisions, McNie, Official Comments. https://csrc.nist.gov/CSRC/media/ Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/ McNie-official-comment.pdf (2017). Accessed 8 Dec 2019

  7. Gaborit, P., Galvez, L., Hauteville, A., Kim, J.-L., Kim, M.J., Kim, Y.-S.: Dual-Ouroboros: an improvement of the McNie scheme. Adv. Math. Commun. (2019). https://doi.org/10.3934/amc.2020021

    Article  MATH  Google Scholar 

  8. Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016)

    Article  MathSciNet  Google Scholar 

  9. Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: New results for rank-based cryptography. In: Proceedings of Progress in Cryptology (AFRICACRYPT 2014), pp. 1–12 (2014)

  10. Galvez, L., Kim, J., Kim, M.J., Kim, Y., Lee, N.: McNie: Compact McEliece–Niederreiter Cryptosystem—A Public-key Encryption proposal for the NIST’s call. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/McNie.zip (2017). Accessed 8 Dec 2019

  11. Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2016)

    Article  MathSciNet  Google Scholar 

  12. Horlemann-Trautmann, A., Marshall, K., Rosenthal, J.: Considerations for rank-based cryptosystems. In: Proceedings of IEEE International Symposium on Information (ISIT 2016), pp. 2544–2548 (2016)

  13. Horlemann-Trautmann, A., Marshall, K., Rosenthal, J.: Extension of overbeck’s attack for Gabidulin based cryptosystems. Des. Codes Cryptogr. 86(2), 319–340 (2018)

    Article  MathSciNet  Google Scholar 

  14. Kim, J.-L., Kim, Y.-S., Galvez, L.E., Kim, M.J.: A modified Dual-Ouroboros public-key encryption using Gabidulin codes. Appl. Algebra Eng. Commun. Comput. (2019). https://doi.org/10.1007/s00200-019-00406-x

    Article  MATH  Google Scholar 

  15. Marshall, K.: A study of cryptographic systems based on Rank metric codes. Ph.D. Dissertation, University of Zurich (2016)

  16. Loidreau, P.: A Welch–Berlekamp like algorithm for decoding Gabidulin codes. In: Proceedings of the International Workshop on Coding and Cryptography (WCC 2005), pp. 36–45 (2005)

  17. Loidreau, P.: A new rank metric codes based encryption scheme. In: Proceedings of the 8th International Conference on Post-Quantum Cryptography (PQCrypto 2017), pp. 3–17 (2017)

  18. Lau, T.S.C., Tan, C.H.: Key recovery attack on McNie based on low rank parity check codes and its reparation. In: Proceedings of Advances in Information and Computer Security (IWSEC 2018), pp. 19–34 (2018)

  19. Lau, T.S.C., Tan, C.H.: New rank codes based encryption scheme using partial circulant matrices. Des. Codes Cryptogr. 87(12), 2979–2999 (2019)

    Article  MathSciNet  Google Scholar 

  20. Overbeck, R.: Structural attacks for public key cryptosystems based on Gabidulin codes. J. Cryptol. 21(2), 280–301 (2008)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

We are grateful to the anonymous reviewers for their careful reading of our manuscript and their many insightful comments and suggestions which have greatly improved this manuscript.

Author information

Authors and Affiliations

  1. Temasek Laboratories, National University of Singapore, 5A Engineering Drive 1, #09-02, Singapore, 117411, Singapore

    Terry Shue Chien Lau, Chik How Tan & Theo Fanuela Prabowo

Authors
  1. Terry Shue Chien Lau
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Chik How Tan
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Theo Fanuela Prabowo
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Terry Shue Chien Lau.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lau, T.S.C., Tan, C.H. & Prabowo, T.F. On the security of the modified Dual-ouroboros PKE using Gabidulin codes. AAECC 32, 681–699 (2021). https://doi.org/10.1007/s00200-020-00419-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00200-020-00419-x

Keywords

Mathematics Subject Classification