Abstract
We propose and analyze \(\textsf{LowMS}\), a new rank-based key encapsulation mechanism (KEM). The acronym stands for Loidreau with Multiple Syndromes, since our work combines the cryptosystem of Loidreau (presented at PQCrypto 2017) together with the multiple syndromes approach, that allows to reduce parameters by sending several syndromes with the same error support in one ciphertext. Our scheme is designed without using ideal structures. Considering cryptosystems without such an ideal structure, like the FrodoKEM cryptosystem, is important since structure allows to compress objects, but gives reductions to specific problems whose security may potentially be weaker than for unstructured problems. For 128 bits of security, we propose parameters with a public key size of 4.8 KB and a ciphertext size of 1.1 KB. To the best of our knowledge, our scheme is the smallest among all existing unstructured post-quantum lattice or code-based algorithms, when taking into account the sum of the public key size and the ciphertext size. In that sense, our scheme is for instance about 4 times shorter than FrodoKEM. Our system relies on the hardness of the Rank Support Learning problem, a well-known variant of the Rank Syndrome Decoding problem, and on the problem of indistinguishability of distorted Gabidulin codes, i.e., Gabidulin codes multiplied by a homogeneous matrix of given rank. The latter problem was introduced by Loidreau in his paper.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
Notes
In the comparison paper [45], r is noted \(t_{\text {pub}}\).
We traditionally choose m prime to avoid any potential attacks.
References
Aguilar M.C., Nicolas A., Slim B., Loïc B., Olivier B., Jean-Christophe D., Philippe G., Gilles Z.: Rank quasi cyclic (RQC). First round submission to the NIST post-quantum cryptography call (November 2017).
Aguilar M.C., Nicolas A., Slim B., Loïc B., Olivier B., Jean-Christophe D., Philippe G., Edoardo P., Gilles Z., Jurjen B.: HQC. Round 3 Submission to the NIST Post-Quantum Cryptography Call (June 2021). https://pqc-hqc.org/.
Aguilar-Melchor C., Nicolas A., Victor D., Philippe G., Gilles Z.: LRPC codes with multiple syndromes: near ideal-size KEMs without ideals. In: International Conference on Post-Quantum Cryptography, pp. 45–68. Springer, Cham (2022).
Al Abdouli A.S., Ali M.A., Bellini E., Caullery F., Hasikos A., Manzano M., Mateu V.: DRANKULA: a McEliece-like rank metric based cryptosystem implementation. Cryptology. ePrint Archive (2018).
Alkim E., Bos J.W., Ducas L., Longa P., Mironov I.: FrodoKEM. In: 3rd Round Submission to the NIST (2021).
Aragon N., Gaborit P., Hauteville A., Tillich J.-P.: A new algorithm for solving the rank syndrome decoding problem. In: Proceedings of IEEE ISIT (2018).
Aragon N., Blazy O., Deneuville J.-C., Gaborit P., Hauteville Adrien R.O., Tillich J.-P., Zémor G., Melchor C.A., Bettaieb S., Bidoux L., Magali B., Otmani A.: ROLLO (merger of Rank-Ouroboros, LAKE and LOCKER). In: Second Round Submission to the NIST Post-quantum Cryptography Call (March 2019).
Aragon N., Blazy O., Gaborit P., Hauteville A., Zémor G:. Durandal: a rank metric based signature scheme. In: Advances in Cryptology—EUROCRYPT 2019, pp. 728–758. Springer, Cham (2019).
Aragon N., Gaborit P., Hauteville A., Ruatta O., Zémor G.: Low rank parity check codes: new decoding algorithms and applications to cryptography. IEEE Trans. Inf. Theory 65(12), 7697–7717 (2019).
Bardet M., Briaud P.: An algebraic approach to the rank support learning problem. In: Cheon J.H., Tillich J.-P. (eds.) Post-quantum Cryptography. LNCS. Springer, Cham (2021).
Berger T.P., Loidreau P.: Designing an efficient and secure public-key cryptosystem based on reducible rank codes. In: Progress in Cryptology–INDOCRYPT 2004, vol. 3348, pp. 218–229. LNCS. Springer, Berlin (2004).
Bardet M., Bros M., Cabarcas D., Gaborit P., Perlner R., Smith-Tone D., Tillich J.-P., Verbel J.: Improvements of algebraic attacks for solving the rank decoding and Minrank problems. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 507–536. Springer, Cham (2020).
Bernstein D.J., Chou T., Lange T., von Maurich I., Misoczki R., Niederhagen R., Persichetti E., Peters C., Schwabe P., Sendrier N., et al.: Classic McEliece. Eindhoven University of Technology, Eindhoven (2017).
Bidoux L., Briaud P., Bros M., Gaborit P.: RQC revisited and more cryptanalysis for rank-based cryptography. arXiv preprint (2022). arXiv:2207.01410.
Bos J., Ducas L., Kiltz E., Lepoint T., Lyubashevsky V., Schanck J.M., Schwabe P., Seiler G., Stehlé D.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 353–367. IEEE, Piscataway (2018).
Briaud P., Loidreau P.: Cryptanalysis of rank-metric schemes based on distorted Gabidulin codes. In: Post-Quantum Cryptography 14th International Workshop PQCrypto (2023).
Coggia D., Couvreur A.: On the security of a Loidreau rank metric code based encryption scheme. Des. Codes Cryptogr. 88(9), 1941–1957 (2020).
Debris-Alazard T., Tillich J.-P.: Two attacks on rank metric code-based schemes: Ranksign and an identity-based-encryption scheme. In: Advances in Cryptology - ASIACRYPT 2018 (2018).
Elleuch M., Wachter-Zeh A., Zeh A.: A public-key cryptosystem from interleaved Goppa codes. arXiv preprint (2018). arXiv:1809.03024.
Faure C., Loidreau P.: A new public-key cryptosystem based on the problem of reconstructing p-polynomials. In: Coding and Cryptography, International Workshop, WCC 2005 (2005).
Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: Advances in Cryptology-CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, 15–19 August 1999 Proceedings, pp. 537–.554. Springer, Berlin (1999).
Gabidulin E.M.: Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21(1), 3–16 (1985).
Gabidulin E.M.: Attacks and counter-attacks on the GPT public key cryptosystem. Des. Codes Cryptogr. 48(2), 171–177 (2008).
Gabidulin E.M., Paramonov A.V., Tretjakov O.V.: Ideals over a non-commutative ring and their applications to cryptography. In: Advances in Cryptology - EUROCRYPT’91, Brighton (1991).
Gaborit P., Zémor G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inform. Theory 62(12), 7245–7252 (2016).
Gaborit P., Murat G., Ruatta O., Zémor G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the Workshop on Coding and Cryptography WCC, vol. 2013 (2013).
Gaborit P., Hauteville A., Phan D.H., Tillich J.-P.: Identity-based encryption from rank metric. In: Advances in Cryptology—CRYPTO (2017).
Ghatak A.: Extending Coggia-Couvreur attack on Loidreau’s rank-metric cryptosystem. Des. Codes Cryptogr. 90(1), 215–238 (2022).
Hofheinz D., Hövelmanns K., Kiltz E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Theory of Cryptography Conference, pp. 341–371. Springer, Cham (2017).
Holzbaur L., Liu H., Puchinger S., Wachter-Zeh A.: On decoding and applications of interleaved Goppa codes. In: IEEE International Symposium on Information Theory (ISIT) (July 2019).
Kim J.-L., Kim Y.-S., Galvez L.E., Kim M.J.: A modified dual-Ouroboros public-key encryption using Gabidulin codes. Appl. Algebra Eng. Commun. Comput. 32(2), 147–156 (2021).
Lau T.S.C., Tan C.-H., Prabowo T.F.: On the security of the modified Dual-Ouroboros PKE using Gabidulin codes. Appl. Algebra Eng. Commun. Comput. 32(6), 681–699 (2021).
Legeay M.: Permutation decoding: towards an approach using algebraic properties of the \(\sigma \)-subcode. In: Augot D., Canteaut A. (eds.) WCC 2011, pp. 193–202 (2011).
Loidreau P.: Analysis of a public-key encryption scheme based on distorted Gabidulin codes. In: Proceedings of the 12th International Workshop on coding and Cryptography (WCC 2022). https://www.wcc2022.uni-rostock.de/storages/uni-rostock/TAGUNGEN/WCC2022/Papers/WCC_2022_paper_5.pdf.
Loidreau P.: Metrique rang et cryptographie. HDR thesis, Université Pierre et Marie Curie-Paris VI (2007).
Loidreau P.: Decoding rank errors beyond the error-correcting capability. In: ACCT 2010, 10th international workshop on Algebraic and Combinatorial Coding Theory (2006).
Loidreau P.: A new rank metric codes based encryption scheme. In: Post-Quantum Cryptography 2017, vol. 10346. LNCS, pp. 3–17. Springer, Cham (2017).
Loidreau P., Overbeck R.: Decoding rank errors beyond the error-correction capability. In: Proceedings of the 10th International Workshop on Algebraic and Combinatorial Coding Theory, ACCT-10, pp. 168–190 (2006).
Loidreau P., Pham B.-D.: An analysis of Coggia-Couvreur attack on Loidreau’s rank-metric public key encryption scheme in the general case. CoRR (2021). arXiv:2112.12445.
McEliece R.J.: A public-key system based on algebraic coding theory, pp. 114–116. Jet Propulsion Lab (1978). DSN Progress Report 44.
Metzner J.J., Kapturowski E.J.: A general decoding technique applicable to replicated file disagreement location and concatenated code decoding. IEEE Trans. Inf. Theory 36(4), 911–917 (1990).
Niederreiter H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15(2), 159–166 (1986).
Overbeck R.: Structural attacks for public key cryptosystems based on Gabidulin codes. J. Cryptol. 21(2), 280–301 (2008).
Pham B.D.: Étude et conception de nouvelles primitives de chiffrement fondées sur les codes correcteurs d’erreurs en métrique rang. PhD thesis, Rennes 1 (2021).
Renner J., Puchinger S., Wachter-Zeh A.: Interleaving Loidreau’s rank-metric cryptosystem. In: 2019 XVI International Symposium “Problems of Redundancy in Information and Control Systems” (REDUNDANCY), pp. 127–132. IEEE, Piscataway (2019).
Renner J., Puchinger S., Wachter-Zeh A.: Decoding high-order interleaved rank-metric codes. In: 2021 IEEE International Symposium on Information Theory (ISIT), pp. 19–24. IEEE, Piscataway (2021).
Shor P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: Goldwasser S. (ed.) FOCS, pp. 124–134. IEEE Computer Society Press, Los Alamitos (1994).
Sidorenko V., Jiang L., Bossert M.: Skew-feedback shift-register synthesis and decoding interleaved Gabidulin codes. IEEE Trans. Inf. Theory 57(2), 621–632 (2011).
Wang L.-P.: Loong: a new IND-CCA-secure code-based KEM. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 2584–2588. IEEE, Piscataway (2019).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by T. Helleseth.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Aragon, N., Dyseryn, V., Gaborit, P. et al. LowMS: a new rank metric code-based KEM without ideal structure. Des. Codes Cryptogr. 92, 1075–1093 (2024). https://doi.org/10.1007/s10623-023-01330-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-023-01330-5