Attacking Code-Based Cryptosystems with Information Set Decoding Using Special-Purpose Hardware

In this work, we describe the first implementation of an information set decoding (ISD) attack against code-based cryptosystems like McEliece or Niederreiter using special-purpose hardware. We show that in contrast to other ISD attacks due to Lee and Brickel [7], Leon [8], Stern [15] and recently [9] (May et al) and [2] (Becket et al), reconfigurable hardware requires a different implementation and optimization approach: Proposed time-memory trade-off techniques are not possible in the desired parameter sets. We thus derive new parameter sets from all steps involved in the ISD attack, taking a near cycle-accurate runtime estimation as well as the communication overhead into account.

[1]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[2]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[3]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[4]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[5]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[6]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[7]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[8]  Todd A. Brun,et al.  Quantum Computing , 2011, Computer Science, The Hardware, Software and Heart of It.

[9]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[10]  Raphael Overbeck,et al.  Code-based cryptography , 2009 .

[11]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[12]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[13]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[14]  P. Godlewski,et al.  Coding Theory and Applications , 1986, Lecture Notes in Computer Science.

[15]  Niklaus Wirth,et al.  Advances in Cryptology — EUROCRYPT ’88 , 2000, Lecture Notes in Computer Science.

[16]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[17]  Jeffrey S. Leon,et al.  A probabilistic algorithm for computing minimum weights of large error-correcting codes , 1988, IEEE Trans. Inf. Theory.

[18]  Tanja Lange,et al.  Wild McEliece , 2010, IACR Cryptol. ePrint Arch..