Two Approaches for Achieving Efficient Code-Based Cryptosystems

Code-based cryptography is not widely deployed in practice. Mostly due to its important drawback: huge key sizes. In this thesis, we propose two different approaches to address this issue. The first one uses algebraic codes, presenting a way to construct Goppa codes that admit compact representation. These are the p-adic Goppa codes. We show how to construct these codes to instantiate public-key encryption schemes, how to extend this approach to a signature scheme and, finally, how to generalize the approach to codes defined over characteristic greater or equal to two. In summary, we managed to produce very compact keys based on the reputable family of Goppa codes. Although efficient, p-adic Goppa codes have a non-desirable property: strong algebraic structure. This leads to our second approach, using LDPC codes of increased density, or simply MDPC codes. These are graph-based codes, which are free of algebraic structure. It is quite reasonable to assume that MPDC codes are only distinguishable by finding their dual low-weight codewords. This is an important advantage not only in comparison to all previous compact-keys McEliece-like variants but also regarding the classical McEliece based on binary Goppa codes. Here, compact keys are obtained by using a quasi-cyclic structure.

[1]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[2]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[3]  Yair Be'ery,et al.  Moderate-Density Parity-Check Codes , 2009, ArXiv.

[4]  Christian Wieschebrink,et al.  Two NP-complete Problems in Coding Theory with an Application in Code Based Cryptography , 2006, 2006 IEEE International Symposium on Information Theory.

[5]  Marco Baldi,et al.  Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC Codes , 2007, 2007 IEEE International Symposium on Information Theory.

[6]  Gregor Leander,et al.  Practical Key Recovery Attacks On Two McEliece Variants , 2009, IACR Cryptol. ePrint Arch..

[7]  Nicolas Sendrier,et al.  Decoding One Out of Many , 2011, PQCrypto.

[8]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[9]  Paulo S. L. M. Barreto,et al.  Decoding Square-Free Goppa Codes Over $\BBF_{p}$ , 2011, IEEE Transactions on Information Theory.

[10]  Kenneth K. Tzeng,et al.  On extending Goppa codes to cyclic codes (Corresp.) , 1975, IEEE Trans. Inf. Theory.

[11]  Marco Baldi,et al.  LDPC Codes in the McEliece Cryptosystem , 2007, ArXiv.

[12]  Kazukuni Kobara Flexible Quasi-Dyadic Code-Based Public-Key Encryption and Signature , 2009, IACR Cryptol. ePrint Arch..

[13]  Christiane Peters,et al.  Curves, codes, and cryptography , 2011 .

[14]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[15]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[16]  Oscar Moreno,et al.  McEliece public key cryptosystems using algebraic-geometric codes , 1996 .

[17]  J. Rosenthal,et al.  Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[18]  Edoardo Persichetti,et al.  Compact McEliece keys based on quasi-dyadic Srivastava codes , 2012, J. Math. Cryptol..

[19]  M. N. Gulamhusein,et al.  Simple matrix-theory proof of the discrete dyadic convolution theorem , 1973 .

[20]  J. K. Gibson,et al.  Severely denting the Gabidulin version of the McEliece Public Key Cryptosystem , 1995, Des. Codes Cryptogr..

[21]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[22]  Marco Baldi,et al.  A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[23]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[24]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[25]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[26]  D. Spielman,et al.  Expander codes , 1996 .

[27]  Nicolas Sendrier,et al.  Encoding information into constant weight words , 2005, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005..

[28]  Stefan Heyse Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices , 2011, PQCrypto.

[29]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[30]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[31]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[32]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[33]  Ernst M. Gabidulin,et al.  Ideals over a Non-Commutative Ring and thier Applications in Cryptology , 1991, EUROCRYPT.

[34]  V. Sidelnikov,et al.  A public-key cryptosystem based on binary Reed-Muller codes , 1994 .

[35]  N. Sendrier On the Use of Structured Codes in Code Based Cryptography1 , 2012 .

[36]  Radford M. Neal,et al.  Near Shannon Limit Performance of Low Density Parity Check Codes , 1996 .

[37]  Tim Güneysu,et al.  Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[38]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[39]  Oscar Moreno,et al.  McEliece Public Key Cryptosystems Using Algebraic-Geometric Codes , 1996, Des. Codes Cryptogr..

[40]  Radford M. Neal,et al.  Near Shannon limit performance of low density parity check codes , 1996 .

[41]  Roberto Garello,et al.  Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2007, 2007 IEEE International Conference on Communications.

[42]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[43]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[44]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[45]  F. Chiaraluce,et al.  On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2006, 2006 First International Conference on Communications and Electronics.

[46]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[47]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[48]  Gaëtan Leurent,et al.  Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes , 2008, CT-RSA.

[49]  Marco Baldi,et al.  Security and complexity of the McEliece cryptosystem based on QC-LDPC codes , 2011, ArXiv.

[50]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[51]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[52]  Ayoub Otmani,et al.  Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes , 2008, Math. Comput. Sci..

[53]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[54]  A. Youssef On the Design of Linear Transformations for Substitution Permutation Encryption Networks , 2007 .

[55]  William E. Ryan,et al.  An Introduction to LDPC Codes , 2005 .

[56]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[57]  Paulo S. L. M. Barreto,et al.  Decoding square-free Goppa codes over Fp , 2010, IACR Cryptol. ePrint Arch..

[58]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[59]  Philippe Gaborit,et al.  Shorter keys for code-based cryptography , 2005 .

[60]  Dilip V. Sarwate On the complexity of decoding Goppa codes (Corresp.) , 1977, IEEE Trans. Inf. Theory.

[61]  W. Cary Huffman,et al.  Fundamentals of Error-Correcting Codes , 1975 .

[62]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[63]  Paulo S. L. M. Barreto,et al.  Monoidic Codes in Cryptography , 2011, PQCrypto.

[64]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[65]  Lorenz Minder,et al.  Cryptanalysis of the McEliece cryptosystem over hyperelliptic codes , 2008 .

[66]  Marco Baldi,et al.  Security and complexity of the McEliece cryptosystem based on quasi-cyclic low-density parity-check codes , 2011, IET Inf. Secur..

[67]  L. J. Comrie,et al.  Mathematical Tables and Other Aids to Computation. , 1946 .

[68]  Amin Shokrollahi,et al.  Cryptanalysis of the Sidelnikov Cryptosystem , 2007, EUROCRYPT.

[69]  Robert Michael Tanner,et al.  A recursive approach to low complexity codes , 1981, IEEE Trans. Inf. Theory.

[70]  Yixian Yang Dyadic Matrices and Their Potential Significance in Cryptography , 1990, AUSCRYPT.

[71]  Gilles Zémor,et al.  Low Rank Parity Check codes and their application to cryptography , 2013 .

[72]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[73]  Paulo S. L. M. Barreto,et al.  Quasi-Dyadic CFS Signatures , 2010, Inscrypt.

[74]  Jean-Charles Faugère,et al.  A Distinguisher for High-Rate McEliece Cryptosystems , 2011, IEEE Transactions on Information Theory.

[75]  Sachin Agarwal,et al.  Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes , 2008, IWQoS.

[76]  Keith Gibson,et al.  The Security of the Gabidulin Public Key Cryptosystem , 1996, EUROCRYPT.

[77]  Dilip V. Sarwate,et al.  On the complexity of decoding goppa codes , 1977 .