Pierre-Louis Cayrel - Academia.edu (original) (raw)
Papers by Pierre-Louis Cayrel
This survey provides a comparative overview of code-based signature schemes with respect to secur... more This survey provides a comparative overview of code-based signature schemes with respect to security and performance. Furthermore, we explicitly describe serveral code-based signature schemes with additional properties such as identity-based, threshold ring and blind signatures.
Bookmarks Related papers MentionsView impact
Algebra, Codes and Cryptology, 2019
Under the impulse of an elementary result that characterizes the finite dimensional vector spaces... more Under the impulse of an elementary result that characterizes the finite dimensional vector spaces (a linear application is injective if, and only if it is surjective) and partial results which are already put in place on the commutative groups by R.A. Beaumont (1945), P. Hill and C. Megibben (1966) and P. Crawly (1968). Then, for finitely generated modules over commutative rings by J. Strooker (1966), and independently by W.V. Vasconcelos (1969–1970). Finally, towards the end of the sixties, for noetherian and artinian modules by P. Ribenboim. In the beginning of eighties, A. Kaidi and M. Sangharé introduced the concept of modules satisfying the properties (I), (S) and (F ). We say that an A-module M satisfies the property (I) (resp., (S)), if each injective (resp., surjective) endomorphism of M is an automorphism of M , and we say that M satisfies the property (F ), if for each endomorphism f of M there exists an integer n ≥ 1 such that M = Im(f) ⊕ Ker(f). In 1986, V. A. Hiremath i...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
In 1978, the Syndrome Decoding Problem (SDP) was proven to be NP-complete for random binary codes... more In 1978, the Syndrome Decoding Problem (SDP) was proven to be NP-complete for random binary codes. Since then, the security of several cryptographic applications relies on its hardness. In 2009, Finiasz extended this result by demonstrating the NP-completeness of certain sub-classes of the SDP (see [9]). In this paper, we prove the NP-completeness of the SDP for a specific family of codes: the random binary quasi-dyadic codes. We use a reduction to the Four Dimensional Matching Problem (proven NP-complete).
Bookmarks Related papers MentionsView impact
In this paper we present efficient implementations of several code-based identification schemes, ... more In this paper we present efficient implementations of several code-based identification schemes, namely the Stern scheme, the Veron scheme and the Cayrel-Veron-El Yousfi scheme. For a security of 80 bits, we obtain a signature in respectively 1.048 ms, 0.987 ms and 0.594 ms.
Bookmarks Related papers MentionsView impact
This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a co... more This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a code-based candidate for the NIST PQC project. The first part focuses on the implementations, and the second part analyzes a side-channel attack and the associated countermeasures. The first implementation uses existing hardware with a crypto co-processor to speed-up operations in \({\mathbb F}_{2^m}\). The second one is a full software implementation (not using the crypto co-processor), running on the same hardware. Finally, the side-channel attack allows us to recover the secret key with only 79 ciphertexts for ROLLO-I-128. We propose countermeasures in order to protect future implementations.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Code-based cryptosystems are promising candidates for post-quantum cryptography. The increasing n... more Code-based cryptosystems are promising candidates for post-quantum cryptography. The increasing number of cryptographic schemes that are based on codes over fields different from F_2 requires an analysis of their security. Information Set Decoding (ISD) is one of the most important generic attacks against code-based cryptosystems. We give lower bounds for ISD over F_q, thereby anticipating future software and hardware improvements. Our results allow to compute conservative parameters for cryptographic applications.
Bookmarks Related papers MentionsView impact
ArXiv, 2009
In this paper, a new identity-based identification scheme based on error-correcting codes is prop... more In this paper, a new identity-based identification scheme based on error-correcting codes is proposed. Two well known code-based schemes are combined : the signature scheme by Courtois, Finiasz and Sendrier and an identification scheme by Stern. A proof of security for the scheme in the Random Oracle Model is given.
Bookmarks Related papers MentionsView impact
In this paper, we propose a dual version of the first identity-based scheme based on error-correc... more In this paper, we propose a dual version of the first identity-based scheme based on error-correcting code proposed by Cayrel et.al [CGG07]. Our scheme combines the McEliece signature and the Véron zero-knowledge identification scheme, which provide better computation complexity than the Stern one. We also propose a generalization of the Véron identification scheme in order to build a threshold ring signature scheme, which is secure in the random oracle model and has the advantage to reduce the computation complexity as well as the size of storage.
Bookmarks Related papers MentionsView impact
Code-based cryptographic schemes are promising candidates for post-quantum cryptography since the... more Code-based cryptographic schemes are promising candidates for post-quantum cryptography since they are fast, require only basic arithmetic, and because their security is well understood. While most analyses of security assume that an attacker does not have any information about the secret key, we show that in certain scenarios an attacker can gain partial knowledge of the secret key. We present how this knowledge can be used to improve the efficiency of an attack, and give new bounds for the complexity of such an attack. In this paper, we analyze two types of partial knowledge including concrete scenarios, and give an idea how to prevent the leak of such knowledge to an attacker.
Bookmarks Related papers MentionsView impact
We revisit the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and gi... more We revisit the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and give a new 5-pass protocol for which the probability of the cheater is 1/2 (instead of 2/3 in the original Stern's proposal). Furthermore, we propose to use quasi-cyclic construction in order to dramatically reduce the size of the public key. The proposed scheme is zero-knowledge and relies on an NP-complete problem coming from coding theory (namely the q-ary Syndrome Decoding problem). Taking into account a recent study of a generalization of Stern's information-set-decoding algorithm for decoding linear codes over arbitrary finite fields Fq we suggest parameters so that the public key be 34Kbits while those of Stern's scheme is about 66Kbits. This provides a very practical identification (and possibly signature) scheme which is mostly attractive for light-weight cryptography
Bookmarks Related papers MentionsView impact
The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post qu... more The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post quantum world (4) because there is no ecient quantum algorithm for the underlying problems upon which these cryptosystems are built. The CFS, Stern and KKS signature schemes are post-quantum secure because they are based on hard problems of coding theory. The purpose of this article is to describe what kind of attacks have been proposed against code-based constructions and what is missing.
Bookmarks Related papers MentionsView impact
A method of making a gasket assembly of enhanced sealing characteristics comprising the steps of ... more A method of making a gasket assembly of enhanced sealing characteristics comprising the steps of providing a gasket body having an expansive metallic core and at least one compressible fiber-elastomer facing layer and defining at least one clear-through opening, providing a silk screen through which a fluid silicone sealant material is adapted to be squeezed in a desired sealing pattern onto the gasket body, squeezing through the silk screen a fluid, moisture-carbon dioxide curable, silicone sealant material which is curable in the presence of high humidity and carbon dioxide levels into a desired sealing pattern onto the facing layer without intervening barrier coats, preheating the gasket body to a temperature of from about 170 DEG F. to about 185 DEG F. for about 30 to 60 seconds without added moisture, positioning the patterned gasket body in a chamber, and exposing the gasket body in the chamber to a conditioned atmosphere of humidity of at least about 85% relative humidity and...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
RAIRO - Theoretical Informatics and Applications
In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme wh... more In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme which is resistant against recent attacks. The security is based on the hardness of the Rank Syndrome Decoding (RSD) problem and it presents a (u|u + υ)-construction code using two different types of codes: Ideal Low Rank Parity Check (ILRPC) codes and λ-Gabidulin codes. The proposed encryption scheme benefits are a larger minimum distance, a new efficient decoding algorithm and a smaller ciphertext and public key size compared to the Loidreau’s variants and to its IND-CCA secure version.
Bookmarks Related papers MentionsView impact
The Journal of Supercomputing
Bookmarks Related papers MentionsView impact
We present in this paper an efficient implementation of the code-based cryptosystem ROLLO, a cand... more We present in this paper an efficient implementation of the code-based cryptosystem ROLLO, a candidate to the NIST PQC project, on a device available on the market. This implementation benefits of the existing hardware by using a crypto co-processor contained in an already deployed microcontroller to speed-up operations in F2m . Optimizations are then made on operations in F2m . Finally, the cryptosystem outperforms the public key exchange protocol ECDH for a security level of 192 bits showing then the possibility of the integration of this new cryptosystem in current chips. According to our implementation, the ROLLO-I-128 submission takes 173,6 ms for key generation, 12 ms for encapsulation and 79.4 ms for decapsulation on a microcontroller featuring ARM © SecurCore © SC300core running at 50 MHz.
Bookmarks Related papers MentionsView impact
Lecture Notes in Computer Science
Bookmarks Related papers MentionsView impact
Wireless Personal Communications
Bookmarks Related papers MentionsView impact
This survey provides a comparative overview of code-based signature schemes with respect to secur... more This survey provides a comparative overview of code-based signature schemes with respect to security and performance. Furthermore, we explicitly describe serveral code-based signature schemes with additional properties such as identity-based, threshold ring and blind signatures.
Bookmarks Related papers MentionsView impact
Algebra, Codes and Cryptology, 2019
Under the impulse of an elementary result that characterizes the finite dimensional vector spaces... more Under the impulse of an elementary result that characterizes the finite dimensional vector spaces (a linear application is injective if, and only if it is surjective) and partial results which are already put in place on the commutative groups by R.A. Beaumont (1945), P. Hill and C. Megibben (1966) and P. Crawly (1968). Then, for finitely generated modules over commutative rings by J. Strooker (1966), and independently by W.V. Vasconcelos (1969–1970). Finally, towards the end of the sixties, for noetherian and artinian modules by P. Ribenboim. In the beginning of eighties, A. Kaidi and M. Sangharé introduced the concept of modules satisfying the properties (I), (S) and (F ). We say that an A-module M satisfies the property (I) (resp., (S)), if each injective (resp., surjective) endomorphism of M is an automorphism of M , and we say that M satisfies the property (F ), if for each endomorphism f of M there exists an integer n ≥ 1 such that M = Im(f) ⊕ Ker(f). In 1986, V. A. Hiremath i...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
In 1978, the Syndrome Decoding Problem (SDP) was proven to be NP-complete for random binary codes... more In 1978, the Syndrome Decoding Problem (SDP) was proven to be NP-complete for random binary codes. Since then, the security of several cryptographic applications relies on its hardness. In 2009, Finiasz extended this result by demonstrating the NP-completeness of certain sub-classes of the SDP (see [9]). In this paper, we prove the NP-completeness of the SDP for a specific family of codes: the random binary quasi-dyadic codes. We use a reduction to the Four Dimensional Matching Problem (proven NP-complete).
Bookmarks Related papers MentionsView impact
In this paper we present efficient implementations of several code-based identification schemes, ... more In this paper we present efficient implementations of several code-based identification schemes, namely the Stern scheme, the Veron scheme and the Cayrel-Veron-El Yousfi scheme. For a security of 80 bits, we obtain a signature in respectively 1.048 ms, 0.987 ms and 0.594 ms.
Bookmarks Related papers MentionsView impact
This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a co... more This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a code-based candidate for the NIST PQC project. The first part focuses on the implementations, and the second part analyzes a side-channel attack and the associated countermeasures. The first implementation uses existing hardware with a crypto co-processor to speed-up operations in \({\mathbb F}_{2^m}\). The second one is a full software implementation (not using the crypto co-processor), running on the same hardware. Finally, the side-channel attack allows us to recover the secret key with only 79 ciphertexts for ROLLO-I-128. We propose countermeasures in order to protect future implementations.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Code-based cryptosystems are promising candidates for post-quantum cryptography. The increasing n... more Code-based cryptosystems are promising candidates for post-quantum cryptography. The increasing number of cryptographic schemes that are based on codes over fields different from F_2 requires an analysis of their security. Information Set Decoding (ISD) is one of the most important generic attacks against code-based cryptosystems. We give lower bounds for ISD over F_q, thereby anticipating future software and hardware improvements. Our results allow to compute conservative parameters for cryptographic applications.
Bookmarks Related papers MentionsView impact
ArXiv, 2009
In this paper, a new identity-based identification scheme based on error-correcting codes is prop... more In this paper, a new identity-based identification scheme based on error-correcting codes is proposed. Two well known code-based schemes are combined : the signature scheme by Courtois, Finiasz and Sendrier and an identification scheme by Stern. A proof of security for the scheme in the Random Oracle Model is given.
Bookmarks Related papers MentionsView impact
In this paper, we propose a dual version of the first identity-based scheme based on error-correc... more In this paper, we propose a dual version of the first identity-based scheme based on error-correcting code proposed by Cayrel et.al [CGG07]. Our scheme combines the McEliece signature and the Véron zero-knowledge identification scheme, which provide better computation complexity than the Stern one. We also propose a generalization of the Véron identification scheme in order to build a threshold ring signature scheme, which is secure in the random oracle model and has the advantage to reduce the computation complexity as well as the size of storage.
Bookmarks Related papers MentionsView impact
Code-based cryptographic schemes are promising candidates for post-quantum cryptography since the... more Code-based cryptographic schemes are promising candidates for post-quantum cryptography since they are fast, require only basic arithmetic, and because their security is well understood. While most analyses of security assume that an attacker does not have any information about the secret key, we show that in certain scenarios an attacker can gain partial knowledge of the secret key. We present how this knowledge can be used to improve the efficiency of an attack, and give new bounds for the complexity of such an attack. In this paper, we analyze two types of partial knowledge including concrete scenarios, and give an idea how to prevent the leak of such knowledge to an attacker.
Bookmarks Related papers MentionsView impact
We revisit the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and gi... more We revisit the 3-pass code-based identification scheme proposed by Stern at Crypto'93, and give a new 5-pass protocol for which the probability of the cheater is 1/2 (instead of 2/3 in the original Stern's proposal). Furthermore, we propose to use quasi-cyclic construction in order to dramatically reduce the size of the public key. The proposed scheme is zero-knowledge and relies on an NP-complete problem coming from coding theory (namely the q-ary Syndrome Decoding problem). Taking into account a recent study of a generalization of Stern's information-set-decoding algorithm for decoding linear codes over arbitrary finite fields Fq we suggest parameters so that the public key be 34Kbits while those of Stern's scheme is about 66Kbits. This provides a very practical identification (and possibly signature) scheme which is mostly attractive for light-weight cryptography
Bookmarks Related papers MentionsView impact
The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post qu... more The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post quantum world (4) because there is no ecient quantum algorithm for the underlying problems upon which these cryptosystems are built. The CFS, Stern and KKS signature schemes are post-quantum secure because they are based on hard problems of coding theory. The purpose of this article is to describe what kind of attacks have been proposed against code-based constructions and what is missing.
Bookmarks Related papers MentionsView impact
A method of making a gasket assembly of enhanced sealing characteristics comprising the steps of ... more A method of making a gasket assembly of enhanced sealing characteristics comprising the steps of providing a gasket body having an expansive metallic core and at least one compressible fiber-elastomer facing layer and defining at least one clear-through opening, providing a silk screen through which a fluid silicone sealant material is adapted to be squeezed in a desired sealing pattern onto the gasket body, squeezing through the silk screen a fluid, moisture-carbon dioxide curable, silicone sealant material which is curable in the presence of high humidity and carbon dioxide levels into a desired sealing pattern onto the facing layer without intervening barrier coats, preheating the gasket body to a temperature of from about 170 DEG F. to about 185 DEG F. for about 30 to 60 seconds without added moisture, positioning the patterned gasket body in a chamber, and exposing the gasket body in the chamber to a conditioned atmosphere of humidity of at least about 85% relative humidity and...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
RAIRO - Theoretical Informatics and Applications
In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme wh... more In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme which is resistant against recent attacks. The security is based on the hardness of the Rank Syndrome Decoding (RSD) problem and it presents a (u|u + υ)-construction code using two different types of codes: Ideal Low Rank Parity Check (ILRPC) codes and λ-Gabidulin codes. The proposed encryption scheme benefits are a larger minimum distance, a new efficient decoding algorithm and a smaller ciphertext and public key size compared to the Loidreau’s variants and to its IND-CCA secure version.
Bookmarks Related papers MentionsView impact
The Journal of Supercomputing
Bookmarks Related papers MentionsView impact
We present in this paper an efficient implementation of the code-based cryptosystem ROLLO, a cand... more We present in this paper an efficient implementation of the code-based cryptosystem ROLLO, a candidate to the NIST PQC project, on a device available on the market. This implementation benefits of the existing hardware by using a crypto co-processor contained in an already deployed microcontroller to speed-up operations in F2m . Optimizations are then made on operations in F2m . Finally, the cryptosystem outperforms the public key exchange protocol ECDH for a security level of 192 bits showing then the possibility of the integration of this new cryptosystem in current chips. According to our implementation, the ROLLO-I-128 submission takes 173,6 ms for key generation, 12 ms for encapsulation and 79.4 ms for decapsulation on a microcontroller featuring ARM © SecurCore © SC300core running at 50 MHz.
Bookmarks Related papers MentionsView impact
Lecture Notes in Computer Science
Bookmarks Related papers MentionsView impact
Wireless Personal Communications
Bookmarks Related papers MentionsView impact