Modeling Bit Flipping Decoding Based on Nonorthogonal Check Sums With Application to Iterative Decoding Attack of McEliece Cryptosystem

In this correspondence, iteration-1 of bit flipping decoding based on a set of nonorthogonal check sums is analyzed for both regular and irregular models. In particular, the tradeoff between the Hamming weight (and overlapping) of the check sums and the number of redundant check sums required to start converging under iterative decoding is investigated. The model is then applied to an iterative attack of McEliece public-key cryptosystem since a successful attack of this system can be achieved by algebraic bounded distance decoding of a random code. Based on this model, the attack can be decomposed into two phases: a preprocessing phase which, for one particular key kappa, consists of finding a sufficiently large set S of check sums up to a certain Hamming weight, and a bit flipping decoding phase which uses the set S for each message encrypted with the key kappa

[1]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[2]  B. Gnedenko,et al.  Limit distributions for sums of shrunken random variables , 1954 .

[3]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[4]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[5]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[6]  Robert Michael Tanner,et al.  A recursive approach to low complexity codes , 1981, IEEE Trans. Inf. Theory.

[7]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[8]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[9]  Oscar Moreno,et al.  Exponential sums and Goppa codes: II , 1989, IEEE Trans. Inf. Theory.

[10]  Oscar Moreno,et al.  The MacWilliams-Sloane conjecture on the tightness of the Carlitz-Uchiyama bound and the weights of duals of BCH codes , 1994, IEEE Trans. Inf. Theory.

[11]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[12]  Radford M. Neal,et al.  Near Shannon limit performance of low density parity check codes , 1996 .

[13]  Simon Litsyn,et al.  Estimates for the range of binomiality in codes' spectra , 1997, IEEE Trans. Inf. Theory.

[14]  D.J.C. MacKay,et al.  Good error-correcting codes based on very sparse matrices , 1997, Proceedings of IEEE International Symposium on Information Theory.

[15]  Simon Litsyn,et al.  Parameters of Goppa codes revisited , 1997, IEEE Trans. Inf. Theory.

[16]  Jung-Fu Cheng,et al.  Turbo Decoding as an Instance of Pearl's "Belief Propagation" Algorithm , 1998, IEEE J. Sel. Areas Commun..

[17]  I. Krasikov,et al.  On the distance distribution of duals of BCH codes , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[18]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[19]  Hideki Imai,et al.  Critical Noise for Convergence of Iterative Probabilistic Decoding with Belief Propagation in Cryptographic Applications , 1999, AAECC.

[20]  J. Rosenthal,et al.  Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[21]  Rüdiger L. Urbanke,et al.  Design of capacity-approaching irregular low-density parity-check codes , 2001, IEEE Trans. Inf. Theory.

[22]  Simon Litsyn,et al.  Estimates of the distance distribution of codes and designs , 2001, IEEE Trans. Inf. Theory.

[23]  Pierre Loidreau,et al.  Weak keys in the McEliece public-key cryptosystem , 2001, IEEE Trans. Inf. Theory.

[24]  Daniel A. Spielman,et al.  Efficient erasure correcting codes , 2001, IEEE Trans. Inf. Theory.

[25]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[26]  Daniel A. Spielman,et al.  Improved low-density parity-check codes using irregular graphs and belief propagation , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[27]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[28]  Miodrag J. Mihaljevic An algorithm for cryptanalysis of certain keystream generators suitable for high-speed software and hardware implementations , 2001 .

[29]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[30]  Thomas Johansson,et al.  On the complexity of some cryptographic problems based on the general decoding problem , 2002, IEEE Trans. Inf. Theory.

[31]  K. Neammanee LIMIT DISTRIBUTIONS FOR SUMS OF RECIPROCALS OF INDEPENDENT RANDOM VARIABLES , 2002 .

[32]  Alexander Vardy,et al.  On the effect of parity-check weights in iterative decoding , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[33]  Gérard D. Cohen,et al.  Bounds on distance distributions in codes of known size , 2004, IEEE Transactions on Information Theory.

[34]  Marc P. C. Fossorier,et al.  Iterative Decoding of Multiple-Step Majority Logic Decodable Codes , 2007, IEEE Transactions on Communications.

[35]  F. E. An Observation on the Security of McEliece ' s Public-Key Cryptosystem , 2007 .