Security-analysis of a class of cryptosystems based on linear error-correcting codes

For arbitrarily given linear encoding schemes, this dissertation describes a new universal probabilistic decoding algorithm. To date, it is the most efficient one in its class for small and moderate code parameter values. As proved herein, its decoding complexity is equal to Information Set Decoding. The work-factor, memory-factor and complexity of this new algorithm are evaluated and then its overall performance is compared to other general decoding algorithms. Furthermore, the new algorithm is rewritten as a syndrome decoding algorithm and then extended to simultaneously process several syndromes in a batch. Finally, a slight structure modification of the batch description yields a syndrome decoding algorithm with several simple, dedicated circuits. This dissertation analyzes locally-randomized cryptosystems which make use of linear encoding schemes. In this class of cryptosystems, the message blocks are encoded into codewords and then locally randomized using random error patterns. This dissertation focuses on the McEliece locally-randomized public-key cryptosystem by first giving a detailed compilation and analysis of relevant literature describing its security. Then, this system's relation to the Niederreiter and the Stern public-key cryptosystems are briefly discussed. It is shown that the new decoding algorithms determine the range of values of the code parameters for which these locally-randomized public-key cryptosystems' security is vulnerable to cryptanalysis. Three insecure and related digital signature schemes are also identified. In contrast to the McEliece public-key cryptosystem, the Rao-Nam and Li-Wang locally-randomized secret-key cryptosystems keep their linear encoding scheme secret. It is believed that this secrecy allows simpler and smaller codes to be used, which require less storage and enable faster processing. However, this dissertation shows that for this class of secret-key cryptosystems an equivalent encoding scheme can be obtained in an efficient way. Hence, it is concluded that the code parameter values for locally-randomized secret-key cryptosystems should be as large as those for locally-randomized public-key cryptosystems.

[1]  F.M.R. Alencar,et al.  Private-Key Burst Correcting Code Encryption , 1993, Proceedings. IEEE International Symposium on Information Theory.

[2]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[3]  Rodney M. Goodman,et al.  Any code of which we cannot think is good , 1990, IEEE Trans. Inf. Theory.

[4]  G. Sacks Multiple error correction by means of parity checks , 1958 .

[5]  Gary L. Mullen,et al.  Finite fields, coding theory, and advances in communications and computing , 1993 .

[6]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[7]  Gregory J. Chaitin,et al.  Information-Theoretic Computational Complexity , 1974 .

[8]  Joos Vandewalle,et al.  A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM , 1992 .

[9]  Lev B. Levitin,et al.  A new approach to the general minimum distance decoding problem: The zero-neighbors algorithm , 1985, IEEE Trans. Inf. Theory.

[10]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[11]  J. K. Gibson,et al.  Equivalent Goppa Codes and Trapdoors to McEliece's Public Key Cryptosystem , 1991, EUROCRYPT.

[12]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[13]  G. S. Vernam,et al.  Cipher Printing Telegraph Systems For Secret Wire and Radio Telegraphic Communications , 1926, Transactions of the American Institute of Electrical Engineers.

[14]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[15]  René Struik,et al.  The Rao-Nam Scheme is Insecure Against a Chosen-Plaintext Attack , 1987, CRYPTO.

[16]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[17]  Yvo Desmedt,et al.  Chinese lotto as an exhaustive code-breaking machine , 1991, Computer.

[18]  R. M. Campello de Souza,et al.  Array codes for private-key encryption , 1994 .

[19]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[20]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[21]  C. S. Park Improving code rate of McEliece's public-key cryptosystem , 1989 .

[22]  J.L. Massey,et al.  Theory and practice of error control codes , 1986, Proceedings of the IEEE.

[23]  Johan van Tilburg,et al.  Extended Majority Voting and Private-Key Algebraic-Code Encryptions , 1991, ASIACRYPT.

[24]  R. Struik On The Rao-nam Private-key Cryptosystem Using Non Linear Codes , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.

[25]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[26]  T. R. N. Rao,et al.  Private-Key Algebraic-Coded Cryptosystems , 1986, CRYPTO.

[27]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[28]  Rodney M. Goodman,et al.  The complexity of information set decoding , 1990, IEEE Trans. Inf. Theory.

[29]  J. K. Gibson,et al.  Severely denting the Gabidulin version of the McEliece Public Key Cryptosystem , 1995, Des. Codes Cryptogr..

[30]  Hung-Lin Fu,et al.  Information rate of McEliece's public-key cryptosystem , 1990 .

[31]  Lein Harn,et al.  Cryptanalysis and modification of digital signature scheme based on error-correcting code , 1992 .

[32]  T. R. N. Rao,et al.  On Struik-Tilburg Cryptanalysis of Rao-Nam Scheme , 1987, CRYPTO.

[33]  E. Gilbert A comparison of signalling alphabets , 1952 .

[34]  Jack K. Wolf,et al.  Efficient maximum likelihood decoding of linear block codes using a trellis , 1978, IEEE Trans. Inf. Theory.

[35]  D. Kahn The codebreakers : the story of secret writing , 1968 .

[36]  John N. Pierce Limit distribution of the minimum distance of random linear codes , 1967, IEEE Trans. Inf. Theory.

[37]  Tzonelih Hwang,et al.  Private-Key Algebraic-Code Cryptosystems with High Information Rates (Extended Abstract) , 1990, EUROCRYPT.

[38]  Johan van Tilburg Two Chosen Plaintext Attacks on the Li-Wang Joint Authentication and Encryption Scheme , 1993, AAECC.

[39]  Richard A. Games,et al.  (n, K, T)-covering Systems and Error-trapping Decoding , 1981, IEEE Trans. Inf. Theory.

[40]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[41]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[42]  T. R. N. Rao,et al.  Private-key algebraic-code encryptions , 1989, IEEE Trans. Inf. Theory.

[43]  Elwyn R. Berlekamp,et al.  Algebraic coding theory , 1984, McGraw-Hill series in systems science.

[44]  Moni Naor,et al.  The hardness of decoding linear codes with preprocessing , 1990, IEEE Trans. Inf. Theory.

[45]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[46]  John P. Jordan,et al.  A variant of a public key cryptosystem based on Goppa Codes , 1983, SIGA.

[47]  David Chase,et al.  Class of algorithms for decoding block codes with channel measurement information , 1972, IEEE Trans. Inf. Theory.

[48]  " Cryptography : A New Dimension in Computer Data , 2022 .

[49]  Ernst M. Gabidulin,et al.  Ideals over a Non-Commutative Ring and thier Applications in Cryptology , 1991, EUROCRYPT.

[50]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[51]  Ibrahim A. Al-Kadit Origins of Cryptology: the Arab Contributions , 1992, Cryptologia.

[52]  Tzonelih Hwang,et al.  Secret Error-Correcting Codes (SECC) , 1988, CRYPTO.

[53]  Florent Chabaud,et al.  On the Security of Some Cryptosystems Based on Error-correcting Codes , 1994, EUROCRYPT.

[54]  Valery I. Korzhik,et al.  Cryptanalysis of McEliece's Public-Key Cryptosystem , 1991, EUROCRYPT.

[55]  Kenneth Steiglitz,et al.  Combinatorial Optimization: Algorithms and Complexity , 1981 .

[56]  Jeffrey S. Leon,et al.  A probabilistic algorithm for computing minimum weights of large error-correcting codes , 1988, IEEE Trans. Inf. Theory.

[57]  William F. Denny,et al.  Encryptions using linear and non-linear codes: implementation and security considerations , 1988 .

[58]  Vojtech Rödl,et al.  On a Packing and Covering Problem , 1985, Eur. J. Comb..

[59]  J. van Tilburg,et al.  On The Rao-nam Private-key Cryptosystem Using Linear Codes , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.

[60]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.