Revised Quantum Resistant Public Key Encryption Scheme RLCE and IND-CCA2 Security for McEliece Schemes

Recently, Wang (2016) introduced a random linear code based quantum resistant public encryption scheme RLCE which is a variant of McEliece encryption scheme. In this paper, we introduce a revised version of the RLCE encryption scheme. The revised RLCE schemes are more efficient than the original RLCE scheme. Specifically, it is shown that RLCE schemes have smaller public key sizes compared to binary Goppa code based McEliece encryption schemes for corresponding security levels. The paper further investigates message padding schemes for RLCE to achieve IND-CCA2 security. Practical RLCE parameters for the classical security levels of 128, 192, and 256 and for the quantum security levels of 85, 100, 120, and 150 are recommended. Software packages available at http://quantumca.org/

[1]  Tom Høholdt,et al.  Bounds on list decoding of MDS codes , 2001, IEEE Trans. Inf. Theory.

[2]  Anne Canteaut,et al.  Cryptanalysis of the Original McEliece Cryptosystem , 1998, ASIACRYPT.

[3]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[4]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[5]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[6]  Marco Baldi,et al.  A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[7]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[8]  Thomas A. Berson,et al.  Failure of the McEliece Public-Key Cryptosystem Under Message-Resend and Related-Message Attack , 1997, CRYPTO.

[9]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[10]  David Pointcheval,et al.  Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[11]  Venkatesan Guruswami,et al.  Limits to List Decoding Reed-Solomon Codes , 2006, IEEE Trans. Inf. Theory.

[12]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[13]  Rainer Steinwandt,et al.  Quantum circuits for 𝔽 2 n -multiplication with subquadratic gate count. , 2015 .

[14]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[15]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[16]  Jean-Pierre Tillich,et al.  Quantum Information Set Decoding Algorithms , 2017, PQCrypto.

[17]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[18]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[19]  Yongge Wang,et al.  Quantum resistant random linear code based public key encryption scheme RLCE , 2015, 2016 IEEE International Symposium on Information Theory (ISIT).

[20]  N. Sendrier,et al.  Some weak keys in McEliece public-key cryptosystem , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[21]  Yongge Wang Decoding Generalized Reed-Solomon Codes and Its Application to RLCE Encryption Schemes , 2017, IACR Cryptol. ePrint Arch..

[22]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[23]  Christian Wieschebrink,et al.  Two NP-complete Problems in Coding Theory with an Application in Code Based Cryptography , 2006, 2006 IEEE International Symposium on Information Theory.

[24]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[25]  Bruce Schneier,et al.  Reaction Attacks against several Public-Key Cryptosystems , 1999, ICICS.

[26]  Dan Boneh,et al.  Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[27]  J. Justesen,et al.  Bounds on list decoding of MDS codes , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[28]  Jeffrey S. Leon,et al.  A probabilistic algorithm for computing minimum weights of large error-correcting codes , 1988, IEEE Trans. Inf. Theory.

[29]  Nicolas Sendrier,et al.  Encoding information into constant weight words , 2005, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005..

[30]  Alain Couvreur,et al.  Distinguisher-based attacks on public-key cryptosystems using Reed–Solomon codes , 2013, Des. Codes Cryptogr..

[31]  Bruce Schneier,et al.  Reaction Attacks Against Several Public-Key Cryptosystem , 1997 .

[32]  Martin Rötteler,et al.  Post-Quantum Cryptography , 2015, Lecture Notes in Computer Science.

[33]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[34]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.