Assessing and countering reaction attacks against post-quantum public-key cryptosystems based on QC-LDPC codes

Code-based public-key cryptosystems based on QC-LDPC and QC-MDPC codes are promising post-quantum candidates to replace quantum-vulnerable classical alternatives. However, a new type of attacks based on Bob’s reactions have recently been introduced and appear to significantly reduce the length of the life of any keypair used in these systems. In this paper we estimate the complexity of all known reaction attacks against QC-LDPC and QC-MDPC code-based variants of the McEliece cryptosystem. We also show how the structure of the secret key and, in particular, the secret code rate affect the complexity of these attacks. It follows from our results that QC-LDPC code-based systems can indeed withstand reaction attacks, on condition that some specific decoding algorithms are used and the secret code has a sufficiently high rate.

[1]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[2]  Marco Baldi,et al.  Security and complexity of the McEliece cryptosystem based on quasi-cyclic low-density parity-check codes , 2011, IET Inf. Secur..

[3]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[4]  Marco Baldi,et al.  Security and complexity of the McEliece cryptosystem based on QC-LDPC codes , 2011, ArXiv.

[5]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[6]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[7]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[8]  Mohammad Reza Aref,et al.  Cryptanalysis of McEliece cryptosystem variants based on quasi-cyclic low-density parity check codes , 2016, IET Inf. Secur..

[9]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[10]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[11]  Alexander Meurer,et al.  Decoding Random Linear Codes in $\tilde{\mathcal{O}}(2^{0.054n})$ , 2011, ASIACRYPT.

[12]  Alessandro Barenghi,et al.  LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes , 2018, PQCrypto.

[13]  Pavol Zajac,et al.  A Reaction Attack on LEDApkc , 2018, IACR Cryptol. ePrint Arch..

[14]  Marco Baldi,et al.  Post-quantum cryptography based on codes: State of the art and open challenges , 2017, 2017 AEIT International Annual Conference.

[15]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[16]  Marco Baldi,et al.  A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[17]  Edward Eaton,et al.  QC-MDPC: A Timing Attack and a CCA2 KEM , 2018, IACR Cryptol. ePrint Arch..

[18]  Paulo S. L. M. Barreto,et al.  BIKE: Bit Flipping Key Encapsulation , 2017 .

[19]  Thomas Johansson,et al.  A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors , 2016, ASIACRYPT.

[20]  Pavol Zajac,et al.  A Reaction Attack on the QC-LDPC McEliece Cryptosystem , 2017, PQCrypto.

[21]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[22]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .