A Reaction Attack against Cryptosystems based on LRPC Codes

Rank metric is a very promising research direction for code-based cryptography. In fact, thanks to the high complexity of generic decoding attacks against codes in this metric, it is possible to easily select parameters that yield very small data sizes. In this paper we analyze cryptosystems based on Low-Rank Parity-Check (LRPC) codes, one of the classes of codes that are efficiently decodable in the rank metric. We show how to exploit the decoding failure rate, which is an inherent feature of these codes, to devise a reaction attack aimed at recovering the private key. As a case study, we cryptanalyze the recent McNie submission to NIST’s Post-Quantum Standardization process. Additionally, we provide details of a simple implementation to validate our approach.

[1]  Jeffrey Shallit,et al.  The Computational Complexity of Some Problems of Linear Algebra , 1996 .

[2]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[3]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[5]  A. Harrow,et al.  Quantum algorithm for linear systems of equations. , 2008, Physical review letters.

[6]  Nicolas Courtois,et al.  Efficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank , 2001, ASIACRYPT.

[7]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[8]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[9]  Jon-Lark Kim,et al.  McNie: A code-based public-key cryptosystem , 2018, ArXiv.

[10]  Bruce Schneier,et al.  Reaction Attacks Against Several Public-Key Cryptosystem , 1997 .

[11]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[12]  Gilles Zémor,et al.  Low Rank Parity Check codes and their application to cryptography , 2013 .

[13]  Bruce Schneier,et al.  Reaction Attacks against several Public-Key Cryptosystems , 1999, ICICS.

[14]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[15]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[16]  Louis Goubin,et al.  Cryptanalysis of the TTM Cryptosystem , 2000, ASIACRYPT.

[17]  V. Sidelnikov,et al.  A public-key cryptosystem based on binary Reed-Muller codes , 1994 .

[18]  Luk Bettale,et al.  Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic , 2012, Designs, Codes and Cryptography.

[19]  Philippe Gaborit,et al.  Shorter keys for code-based cryptography , 2005 .

[20]  Chik How Tan,et al.  Key Recovery Attack on McNie Based on Low Rank Parity Check Codes and Its Reparation , 2018, IWSEC.

[21]  Edoardo Persichetti,et al.  Compact McEliece keys based on quasi-dyadic Srivastava codes , 2012, J. Math. Cryptol..

[22]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[23]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[24]  Eugene Prange,et al.  The use of information sets in decoding cyclic codes , 1962, IRE Trans. Inf. Theory.

[25]  F. Chiaraluce,et al.  On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2006, 2006 First International Conference on Communications and Electronics.

[26]  Thomas Johansson,et al.  A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors , 2016, ASIACRYPT.

[27]  Gilles Zémor,et al.  New Results for Rank-Based Cryptography , 2014, AFRICACRYPT.

[28]  Danilo Gligoroski,et al.  A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems , 2014, Public Key Cryptography.

[29]  Adrien Hauteville,et al.  Durandal: a rank metric based signature scheme , 2019, IACR Cryptol. ePrint Arch..

[30]  Peter Schwabe,et al.  Solving Binary MQ with Grover's Algorithm , 2016, SPACE.

[31]  Robert M. Gray,et al.  Toeplitz and Circulant Matrices: A Review , 2005, Found. Trends Commun. Inf. Theory.

[32]  Marco Baldi,et al.  Analysis of reaction and timing attacks against cryptosystems based on sparse parity-check codes , 2019, CBC.

[33]  Amin Shokrollahi,et al.  Cryptanalysis of the Sidelnikov Cryptosystem , 2007, EUROCRYPT.

[34]  Alexander Nilsson,et al.  Error Amplification in Code-based Cryptography , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[35]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.