Wild McEliece

The original McEliece cryptosystem uses length-n codes over F2 with dimension ≥ n-mt efficiently correcting t errors where 2m ≥ n. This paper presents a generalized cryptosystem that uses length-n codes over small finite fields Fq with dimension ≥ n-m(q-1)t efficiently correcting ⌊qt/2⌋ errors where qm ≥ n. Previously proposed cryptosystems with the same length and dimension corrected only ⌊(q - 1)t/2⌋ errors for q ≥ 3. This paper also presents list-decoding algorithms that efficiently correct even more errors for the same codes over Fq. Finally, this paper shows that the increase from ⌊(q - 1)t/2⌋ errors to more than ⌊qt/2⌋ errors allows considerably smaller keys to achieve the same security level against all known attacks.

[1]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[2]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[3]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[4]  Lorenz Minder,et al.  Cryptography based on error correcting codes , 2007 .

[5]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[6]  N. J. A. Sloane,et al.  Representation Theory, Group Rings, and Coding Theory , 1989 .

[7]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[8]  Raphael Overbeck,et al.  Code-based cryptography , 2009 .

[9]  Gregor Leander,et al.  Practical Key Recovery Attacks On Two McEliece Variants , 2009, IACR Cryptol. ePrint Arch..

[10]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[11]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[12]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[13]  Vincent Rijmen,et al.  Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009, Revised Selected Papers , 2009, Selected Areas in Cryptography.

[14]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[15]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[16]  Nicolas Sendrier,et al.  Finding the permutation between equivalent linear codes: The support splitting algorithm , 2000, IEEE Trans. Inf. Theory.

[17]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[18]  P. Godlewski,et al.  Coding Theory and Applications , 1986, Lecture Notes in Computer Science.

[19]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[20]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[21]  David P. Wagner,et al.  A Generalized Birthday Problem (Extended Abstract) , 2002, CRYPTO 2002.

[22]  Jintai Ding,et al.  Post-Quantum Cryptography, Second International Workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17-19, 2008, Proceedings , 2008, PQCrypto.

[23]  Peter Stevenhagen,et al.  Algorithmic Number Theory: Lattices, Number Fields, Curves and Cryptography , 2011 .

[24]  Michael Wirtz,et al.  On the parameters of Goppa codes , 1988, IEEE Trans. Inf. Theory.

[25]  Daniel J. Bernstein List Decoding for Binary Goppa Codes , 2011, IWCC.

[26]  D. J. Bernstein Fast multiplication and its applications , 2008 .

[27]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[28]  Lorenz Minder,et al.  Cryptanalysis of the McEliece cryptosystem over hyperelliptic codes , 2008 .

[29]  Oscar Moreno,et al.  McEliece Public Key Cryptosystems Using Algebraic-Geometric Codes , 1996, Des. Codes Cryptogr..

[30]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[31]  Masao Kasahara,et al.  Further results on Goppa codes and their applications to constructing efficient binary codes , 1976, IEEE Trans. Inf. Theory.

[32]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[33]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[34]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometric codes , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[35]  Nicolas Sendrier Post-Quantum Cryptography, Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25-28, 2010. Proceedings , 2010, PQCrypto.

[36]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.