LDPC Codes in the McEliece Cryptosystem: Attacks and Countermeasures
نویسنده
چکیده
The McEliece cryptosystem is a public-key cryptosystem based on coding theory that has successfully resisted cryptanalysis for thirty years. The original version, based on Goppa codes, is able to guarantee a high level of security, and is faster than competing solutions, like RSA. Despite this, it has been rarely considered in practical applications, due to two major drawbacks: i) large size of the public key and ii) low transmission rate. Several attempts have been made for overcoming such drawbacks, but the adoption of most families of codes has not been possible without compromising the system security. Low-Density Parity-Check (LDPC) codes are state-of-art forward error correcting codes that permit to approach the Shannon limit while ensuring limited complexity. Quasi-Cyclic (QC) LDPC codes are a particular class of LDPC codes, able to join low complexity encoding of QC codes with high-performing and low-complexity decoding techniques based on the belief propagation principle. In a previous work it has been proposed to adopt a particular family of QC-LDPC codes in the McEliece cryptosystem to reduce the key size and increase the transmission rate. It has been shown that such variant is able to counter all the classic attacks, and also attacks that can compromise the security of previous LDPC-based versions. Recently, however, new attacks have been found that are able to exploit a flaw in the transformation from the private key to the public one. Such attacks can be effectively countered by changing the form of some constituent matrices, without altering the system parameters. This change has marginal effects on the complexity of the cryptosystem that, instead, preserves its security against all known attacks. This work gives an overview of the QC-LDPC codes-based McEliece cryptosystem and its cryptanalysis. Two recent versions are considered, and their ability to counter all the currently known attacks is discussed. A third version able to reach a higher security level is also proposed. Finally, it is shown that the new QC-LDPC codes-based cryptosystem scales favorably when larger keys are needed, as very recently pointed out by the successful implementation of an attack against the original cryptosystem.
منابع مشابه
LDPC Codes in the McEliece Cryptosystem
The original McEliece cryptosystem, based on Goppa codes, has two important drawbacks: long keys and low transmission rate. LDPC codes seem natural candidates to overcome such drawbacks, because of their sparse parity-check matrices, that could form the public keys, and the flexibility in transmission rates. Moreover, quasi-cyclic (QC) LDPC codes could permit to further reduce the key length. S...
متن کاملImproving the Rao-Nam secret key cryptosystem using regular EDF-QC-LDPC codes
This paper proposes an efficient joint secret key encryption-channel coding cryptosystem, based on regular Extended Difference Family Quasi-Cyclic Low-Density Parity-Check codes. The key length of the proposed cryptosystem decreases up to 85 percent using a new efficient compression algorithm. Cryptanalytic methods show that the improved cryptosystem has a significant security advantage over Ra...
متن کاملA New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes
We improve our proposal of a new variant of the McEliece cryptosystem based on QC-LDPC codes. The original McEliece cryptosystem, based on Goppa codes, is still unbroken up to now, but has two major drawbacks: long key and low transmission rate. Our variant is based on QC-LDPC codes and is able to overcome such drawbacks, while avoiding the known attacks. Recently, however, a new attack has bee...
متن کاملOn the Usage of LDPC Codes in the McEliece Cryptosystem
In this paper, a new variant of the McEliece cryptosystem, based on Low-Density Parity-Check (LDPC) codes, is studied. Random-based techniques allow to design large families of LDPC codes with equivalent error correction capability; therefore, in principle, such codes can substitute Goppa codes, originally used by McEliece in his cryptosystem. Furthermore, Quasi-Cyclic (QC) LDPC codes can be ad...
متن کاملMasking Large Keys in Hardware: A Masked Implementation of McEliece
Instantiations of the McEliece cryptosystem which are considered computationally secure even in a post-quantum era still require hardening against side channel attacks for practical applications. Recently, the first differential power analysis attack on a McEliece cryptosystem successfully recovered the full secret key of a state-of-the-art FPGA implementation of QC-MDPC McEliece. In this work ...
متن کامل