Security and complexity of the McEliece cryptosystem based on quasi-cyclic low-density parity-check codes

In the context of public key cryptography, the McEliece cryptosystem represents a very smart solution based on the hardness of the decoding problem, which is believed to be able to resist the advent of quantum computers. Despite this, the original McEliece cryptosystem based on Goppa codes, has encountered limited interest in practical applications, partly because of some constraints imposed by this very special class of codes. The authors have recently introduced a variant of the McEliece cryptosystem including low-density parity-check codes, that are state-of-the-art codes, now used in many telecommunication standards and applications. In this study, the authors discuss the possible use of a bit-flipping decoder in this context, which gives a significant advantage in terms of complexity. The authors also provide theoretical arguments and practical tools for estimating the trade-off between security and complexity, in such a way to give a simple procedure for the system design.

[1]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[2]  Morgan Barbier,et al.  Key reduction of McEliece's cryptosystem using list decoding , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[3]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[4]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[5]  Antoine Joux,et al.  Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding , 2012, IACR Cryptol. ePrint Arch..

[6]  Marco Baldi,et al.  On a Family of Circulant Matrices for Quasi-Cyclic Low-Density Generator Matrix Codes , 2011, IEEE Transactions on Information Theory.

[7]  Judea Pearl,et al.  Reverend Bayes on Inference Engines: A Distributed Hierarchical Approach , 1982, AAAI.

[8]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[9]  Christiane Peters,et al.  Information-Set Decoding for Linear Codes over Fq , 2010, PQCrypto.

[10]  Christian Wieschebrink Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Subcodes , 2010, PQCrypto.

[11]  Amir H. Banihashemi,et al.  Threshold values and convergence properties of majority-based algorithms for decoding regular low-density parity-check codes , 2004, IEEE Transactions on Communications.

[12]  Jean-Charles Faugère,et al.  A Distinguisher for High-Rate McEliece Cryptosystems , 2011, IEEE Transactions on Information Theory.

[13]  David J. C. MacKay,et al.  Good Error-Correcting Codes Based on Very Sparse Matrices , 1997, IEEE Trans. Inf. Theory.

[14]  Robert Michael Tanner,et al.  A recursive approach to low complexity codes , 1981, IEEE Trans. Inf. Theory.

[15]  Marco Baldi,et al.  Finite-Precision Analysis of Demappers and Decoders for LDPC-Coded M-QAM Systems , 2009, IEEE Transactions on Broadcasting.

[16]  Jacques Stern,et al.  A method for finding codewords of small weight , 1989, Coding Theory and Applications.

[17]  Marco Baldi,et al.  A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[18]  Ayoub Otmani,et al.  Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes , 2008, Math. Comput. Sci..

[19]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[20]  Joachim Hagenauer,et al.  Iterative decoding of binary block and convolutional codes , 1996, IEEE Trans. Inf. Theory.

[21]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[22]  Rüdiger L. Urbanke,et al.  The renaissance of Gallager's low-density parity-check codes , 2003, IEEE Commun. Mag..

[23]  Hung-Min Sun,et al.  Improving the Security of the McEliece Public-Key Cryptosystem , 1998, ASIACRYPT.

[24]  Tanja Lange,et al.  Smaller decoding exponents: ball-collision decoding , 2011, IACR Cryptol. ePrint Arch..

[25]  Shu Lin,et al.  Near-Shannon-limit quasi-cyclic low-density parity-check codes , 2004, IEEE Trans. Commun..

[26]  Ming Gu,et al.  Overlap-free Karatsuba-Ofman polynomial multiplication algorithms , 2010 .

[27]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[28]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[29]  J. Rosenthal,et al.  Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[30]  Raphael Overbeck,et al.  Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes , 2008, Journal of Cryptology.

[31]  Mohammad Reza Aref,et al.  Efficient secure channel coding based on quasi-cyclic low-density parity-check codes , 2009, IET Commun..

[32]  Rüdiger L. Urbanke,et al.  The capacity of low-density parity-check codes under message-passing decoding , 2001, IEEE Trans. Inf. Theory.

[33]  Enrico Thomae,et al.  Decoding Random Linear Codes in Õ(20.054n) , 2012 .

[34]  S. Winograd Arithmetic complexity of computations , 1980 .

[35]  Wonyong Sung,et al.  Adaptive Threshold Technique for Bit-Flipping Decoding of Low-Density Parity-Check Codes , 2010, IEEE Communications Letters.

[36]  Ernest F. Brickell,et al.  An Observation on the Security of McEliece's Public-Key Cryptosystem , 1988, EUROCRYPT.

[37]  Roberto Garello,et al.  Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2007, 2007 IEEE International Conference on Communications.

[38]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of McEliece Variants with Compact Keys , 2010, EUROCRYPT.

[39]  Nenad Miladinovic,et al.  Improved bit-flipping decoding of low-density parity-check codes , 2002, IEEE Transactions on Information Theory.

[40]  Kazukuni Kobara Code-Based Public-Key Cryptosystems and Their Applications , 2009, ICITS.

[41]  F. Chiaraluce,et al.  On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem , 2006, 2006 First International Conference on Communications and Electronics.

[42]  Marco Baldi LDPC Codes in the McEliece Cryptosystem: Attacks and Countermeasures , 2009, Enhancing Cryptographic Primitives with Techniques from Error Correcting Codes.

[43]  Anne Canteaut,et al.  Attaques de cryptosystemes a mots de poids faible et construction de fonctions t-resilientes , 1996 .

[44]  Marco Baldi,et al.  Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC Codes , 2007, 2007 IEEE International Symposium on Information Theory.

[45]  Gregor Leander,et al.  Practical Key Recovery Attacks On Two McEliece Variants , 2009, IACR Cryptol. ePrint Arch..