RankSign: An Efficient Signature Algorithm Based on the Rank Metric

In this paper we propose a new approach to code-based signatures that makes use in particular of rank metric codes. When the classical approach consists in finding the unique preimage of a syndrome through a decoding algorithm, we propose to introduce the notion of mixed decoding of erasures and errors for building signature schemes. In that case the difficult problem becomes, as is the case in lattice-based cryptography, finding a preimage of weight above the Gilbert-Varshamov bound (case where many solutions occur) rather than finding a unique preimage of weight below the Gilbert-Varshamov bound. The paper describes RankSign: a new signature algorithm for the rank metric based on a new mixed algorithm for decoding erasures and errors for the recently introduced Low Rank Parity Check (LRPC) codes. We explain how it is possible (depending on choices of parameters) to obtain a full decoding algorithm which is able to find a preimage of reasonable rank weight for any random syndrome with a very strong probability. We study the semantic security of our signature algorithm and show how it is possible to reduce the unforgeability to direct attacks on the public matrix, so that no information leaks through signatures. Finally, we give several examples of parameters for our scheme, some of which with public key of size $11,520$ bits and signature of size $1728$ bits. Moreover the scheme can be very fast for small base fields.

[1]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[2]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[3]  Ludovic Perret,et al.  Cryptanalysis of MinRank , 2008, CRYPTO.

[4]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[5]  Frank R. Kschischang,et al.  Communication Over Finite-Field Matrix Channels , 2008, IEEE Transactions on Information Theory.

[6]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[7]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[8]  Léo Ducas,et al.  Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures , 2012, ASIACRYPT.

[9]  Antoine Joux,et al.  A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic , 2013, IACR Cryptol. ePrint Arch..

[10]  Jean-Charles Faugère,et al.  Computing loci of rank defects of linear matrices using Gröbner bases and applications to cryptology , 2010, ISSAC.

[11]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2009, Journal of Cryptology.

[12]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[13]  Pierre Loidreau,et al.  Properties of codes in rank metric , 2006, ArXiv.

[14]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[15]  Gilles Zémor,et al.  Full Cryptanalysis of the Chen Identification Protocol , 2011, PQCrypto.

[16]  Jacques Stern,et al.  The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes , 1996, ASIACRYPT.

[17]  Raphael Overbeck,et al.  Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes , 2008, Journal of Cryptology.

[18]  Ernst M. Gabidulin,et al.  Ideals over a Non-Commutative Ring and thier Applications in Cryptology , 1991, EUROCRYPT.

[19]  Thomas Johansson,et al.  New Technique for Decoding Codes in the Rank Metric and Its Cryptography Applications , 2002, Probl. Inf. Transm..

[20]  Antoine Joux,et al.  A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic , 2014, EUROCRYPT.

[21]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[22]  Thierry P. Berger,et al.  Designing an Efficient and Secure Public-Key Cryptosystem Based on Reducible Rank Codes , 2004, INDOCRYPT.

[23]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[24]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[25]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[26]  Jacques Stern,et al.  A new paradigm for public key identification , 1996, IEEE Trans. Inf. Theory.

[27]  Gilles Zémor,et al.  Low Rank Parity Check codes and their application to cryptography , 2013 .