Improved algorithms for finding low-weight polynomial multiples in $$\mathbb {F}_{2}^{}[x]$$F2[x] and some cryptographic applications

In this paper we present an improved algorithm for finding low-weight multiples of polynomials over the binary field using coding theoretic methods. The associated code defined by the given polynomial has a cyclic structure, allowing an algorithm to search for shifts of the sought minimum-weight codeword. Therefore, a code with higher dimension is constructed, having a larger number of low-weight codewords and through some additional processing also reduced minimum distance. Applying an algorithm for finding low-weight codewords in the constructed code yields a lower complexity for finding low-weight polynomial multiples compared to previous approaches. As an application, we show a key-recovery attack against  that has a lower complexity than the chosen security level indicate. Using similar ideas we also present a new probabilistic algorithm for finding a multiple of weight 4, which is faster than previous approaches. For example, this is relevant in correlation attacks on stream ciphers.

[1]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[2]  Yann Laigle-Chapuy,et al.  Finding low-weight polynomial multiples using discrete logarithm , 2007, 2007 IEEE International Symposium on Information Theory.

[3]  J. D. Golic Computation of low-weight parity-check polynomials , 1996 .

[4]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[5]  Joachim von zur Gathen,et al.  Finding Low Weight Polynomial Multiples Using Lattices , 2007, IACR Cryptol. ePrint Arch..

[6]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[7]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[8]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[9]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[10]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[11]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[12]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[13]  Daniel J. Bernstein,et al.  Introduction to post-quantum cryptography , 2009 .

[14]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[15]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[16]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[17]  Gregor Leander,et al.  A Practical Key Recovery Attack on Basic TCHo , 2009, Public Key Cryptography.

[18]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[19]  Antoine Joux,et al.  Algorithmic Cryptanalysis , 2009 .

[20]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[21]  Willi Meier,et al.  TCHo: A Hardware-Oriented Trapdoor Cipher , 2007, ACISP.

[22]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[23]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[24]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[25]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[26]  Martin Hell,et al.  Improved message passing techniques in fast correlation attacks on stream ciphers , 2012, 2012 7th International Symposium on Turbo Codes and Iterative Information Processing (ISTC).

[27]  Serge Vaudenay,et al.  When Stream Cipher Analysis Meets Public-Key Cryptography , 2006, Selected Areas in Cryptography.

[28]  P. Godlewski,et al.  Coding Theory and Applications , 1986, Lecture Notes in Computer Science.

[29]  Thomas Johansson,et al.  An improvement to Stern's algorithm ⋆ , 2011 .

[30]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[31]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[32]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .