Assessing and Countering Reaction Attacks Against Post-Quantum Public-Key Cryptosystems Based on QC-LDPC Codes (original) (raw)
Related papers
Security and complexity of the McEliece cryptosystem based on QC-LDPC codes
2011
In the context of public key cryptography, the McEliece cryptosystem represents a very smart solution based on the hardness of the decoding problem, which is believed to be able to resist the advent of quantum computers. Despite this, the original McEliece cryptosystem, based on Goppa codes, has encountered limited interest in practical applications, partly because of some constraints imposed by this very special class of codes. We have recently introduced a variant of the McEliece cryptosystem including low-density parity-check codes, that are state-of-the-art codes, now used in many telecommunication standards and applications. In this paper, we discuss the possible use of a bit-flipping decoder in this context, which gives a significant advantage in terms of complexity. We also provide theoretical arguments and practical tools for estimating the trade-off between security and complexity, in such a way to give a simple procedure for the system design.
LEDAkem: A Post-quantum Key Encapsulation Mechanism Based on QC-LDPC Codes
Post-Quantum Cryptography, 2018
This work presents a new code-based key encapsulation mechanism (KEM) called LEDAkem. It is built on the Niederreiter cryptosystem and relies on quasi-cyclic low-density parity-check codes as secret codes, providing high decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known statistical attacks, and takes advantage of a new decoding algorithm that provides faster decoding than the classical bit-flipping decoder commonly adopted in this kind of systems. The main attacks against LEDAkem are investigated, taking into account quantum speedups. Some instances of LEDAkem are designed to achieve different security levels against classical and quantum computers. Some performance figures obtained through an efficient C99 implementation of LEDAkem are provided.
A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes
2008
We improve our proposal of a new variant of the McEliece cryptosystem based on QC-LDPC codes. The original McEliece cryptosystem, based on Goppa codes, is still unbroken up to now, but has two major drawbacks: long key and low transmission rate. Our variant is based on QC-LDPC codes and is able to overcome such drawbacks, while avoiding the known attacks. Recently, however, a new attack has been discovered that can recover the private key with limited complexity. We show that such attack can be avoided by changing the form of some constituent matrices, without altering the remaining system parameters. We also propose another variant that exhibits an overall increased security level. We analyze the complexity of the encryption and decryption stages by adopting efficient algorithms for processing large circulant matrices. The Toom-Cook algorithm and the short Winograd convolution are considered, that give a significant speed-up in the cryptosystem operations.
A new code-based public-key cryptosystem resistant to quantum computer attacks
Journal of Physics: Conference Series, 2019
We propose a new type of public-key cryptosystems (PKC) which is based on repetition of different error-correcting codes. We give a brief analysis of some well known attacks on code-based PKC, including structural ones and show that the scheme could be used as a perspective post-quantum PKC.
LEDAcrypt: QC-LDPC Code-Based Cryptosystems with Bounded Decryption Failure Rate
Lecture Notes in Computer Science, 2019
We consider the QC-LDPC code-based cryptosystems named LEDAcrypt, which are under consideration by NIST for the second round of the post-quantum cryptography standardization initiative. LEDAcrypt is the result of the merger of the key encapsulation mechanism LEDAkem and the public-key cryptosystem LEDApkc, which were submitted to the first round of the same competition. We provide a detailed quantification of the quantum and classical computational efforts needed to foil the cryptographic guarantees of these systems. To this end, we take into account the best known attacks that can be mounted against them employing both classical and quantum computers, and compare their computational complexities with the ones required to break AES, coherently with the NIST requirements. Assuming the original LEDAkem and LEDApkc parameters as a reference, we introduce an algorithmic optimization procedure to design new sets of parameters for LEDAcrypt. These novel sets match the security levels in the NIST call and make the C99 reference implementation of the systems exhibit significantly improved figures of merit, in terms of both running times and key sizes. As a further contribution, we develop a theoretical characterization of the decryption failure rate (DFR) of LEDAcrypt cryptosystems, which allows new instances of the systems with guaranteed low DFR to be designed. Such a characterization is crucial to withstand recent attacks exploiting the reactions of the legitimate recipient upon decrypting multiple ciphertexts with the same private key, and consequentially it is able to ensure a lifecycle of the corresponding key pairs which can be sufficient for the wide majority of practical purposes.
Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC Codes
2007
We adopt a class of quasi-cyclic low-density paritycheck codes that allow to overcome the main limitations of the original McEliece cryptosystem based on Goppa codes, that are large key size and low transmission rate. The codes are designed by using a new algorithm based on "Random Difference Families", that permits to construct very large sets of equivalent codes. An extensive cryptanalysis is developed to verify the security level achievable through a selected choice of the system parameters. While previous versions of the McEliece cryptosystem based on LDPC codes are vulnerable to the considered attacks, a new scheme is proposed that ensures satisfactory system robustness with reduced key size and increased transmission rate. Moreover, it is established that the new cryptosystem can be fast enough to justify its adoption as an alternative to widespread solutions, like RSA.
Error Correcting Codes in Post-Quantum Cryptography
This thesis gives an overview of the currently most mature key encapsulation mechanisms (KEMs) based on the theory of error correcting codes. It includes an introduction to the theory of error correcting codes in so much as it applies to these systems and how it can be used to encapsulate keys through a public key (PK) cryptosystem. In order to add context to the KEMs, first the required basics of coding theory and a selection of some of the most common error correcting codes are covered. Then, we revisit public key cryptosystems, key encapsulation, and the security threat models that are being used. This is followed by a thorough description of the current NIST candidates for KEM using post-quantum cryptography: Classic McEliece, BIKE, LEDAcrypt, and HQC. We do not include rank metric methods such as ROLLO and RQC, which were NIST candidates until the second round, since they involve different features than those studied in this thesis. The thesis is intended as a survey of current methods being used in this field. We also establish some of the problems which may pose interesting for further research.
Post-Quantum Network Security:McEliece and Niederreiter Cryptosystems Analysis and Education Issues
WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL, 2020
The paper is aimed at analyzing of the classical McEliece and Niederreiter cryptosystems as well as theQuasi-Cyclic MDPC McEliece cipher in a context of the post-quantum network security. Theoretical foundations ofthe aforesaid cryptographic schemes are considered. The characteristics of the given cryptosystems and otherasymmetric encryption schemes are analyzed. The cipher metrics, which are considered in the paper, includecryptographic strength, performance, public key size and length of ciphertext. The binary Goppa codes are describedin the context of their role for the cryptanalytic resistance of the classic McEliece and Niederreiter schemes. Thecrucial advantages and drawbacks of the aforementioned cryptosystems are analyzed. The prospects for applicationof these ciphers to the network security protocols are outlined. The investigations, which are aimed at finding waysto reduce the public key sizes and improve the energy efficiency of the given ciphers, are briefly described. A...
Post-Quantum and Code-Based Cryptography—Some Prospective Research Directions
Cryptography
Cryptography has been used from time immemorial for preserving the confidentiality of data/information in storage or transit. Thus, cryptography research has also been evolving from the classical Caesar cipher to the modern cryptosystems, based on modular arithmetic to the contemporary cryptosystems based on quantum computing. The emergence of quantum computing poses a major threat to the modern cryptosystems based on modular arithmetic, whereby even the computationally hard problems which constitute the strength of the modular arithmetic ciphers could be solved in polynomial time. This threat triggered post-quantum cryptography research to design and develop post-quantum algorithms that can withstand quantum computing attacks. This paper provides an overview of the various research directions that have been explored in post-quantum cryptography and, specifically, the various code-based cryptography research dimensions that have been explored. Some potential research directions that...
Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes
2013 IEEE Symposium on Computers and Communications (ISCC), 2013
We consider the framework of the McEliece cryptosystem based on low-density parity-check (LDPC) codes, which is a promising post-quantum alternative to classical public key cryptosystems. The use of LDPC codes in this context allows to achieve good security levels with very compact keys, which is an important advantage over the classical McEliece cryptosystem based on Goppa codes. However, only regular LDPC codes have been considered up to now, while some further improvement can be achieved by using irregular LDPC codes, which are known to achieve better error correction performance than regular LDPC codes. This is shown in this paper, for the first time at our knowledge. The possible use of irregular transformation matrices is also investigated, which further increases the efficiency of the system, especially in regard to the public key size.