Practical Key Recovery Attacks On Two McEliece Variants

The McEliece cryptosystem is a promising alternative to conventional public key encryption systems like RSA and ECC. In particular, it is supposed to resist even attackers equipped with quantum computers. Moreover, the encryption process requires only simple binary operations making it a good candidate for low cost devices like RFID tags. However, McEliece's original scheme has the drawback that the keys are very large. Two promising variants have been proposed to overcome this disadvantage. The rst one is due to Berger et al. presented at AFRICACRYPT 2009 and the second is due to Barreto and Misoczki presented at SAC 2009. In this paper we rst present a general attack framework and apply it to both schemes subsequently. Our framework allows us to recover the private key for most parameters proposed by the authors of both schemes within at most a few days on a single PC.

[1]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[2]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[3]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[4]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[5]  Tim Güneysu,et al.  MicroEliece: McEliece for Embedded Devices , 2009, CHES.

[6]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[7]  Philippe Gaborit,et al.  Shorter keys for code-based cryptography , 2005 .

[8]  J. Rosenthal,et al.  Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[9]  Christian Wieschebrink,et al.  Two NP-complete Problems in Coding Theory with an Application in Code Based Cryptography , 2006, 2006 IEEE International Symposium on Information Theory.

[10]  Marco Baldi,et al.  Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC Codes , 2007, 2007 IEEE International Symposium on Information Theory.

[11]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[12]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .