Extension of Overbeck’s attack for Gabidulin-based cryptosystems
Cryptosystems based on codes in the rank metric were introduced in 1991 by Gabidulin, Paramanov, and Tretjakov (GPT) and have been studied as a promising alternative to cryptosystems based on codes in the Hamming metric. In particular, it was observed that the combinatorial solution for solving the rank analogy of the syndrome decoding problem appears significantly harder. Early proposals were often made with an underlying Gabidulin code structure. Gibson, in 1995, made a promising attack which was later extended by Overbeck in 2008 to cryptanalyze many of the systems in the literature. Improved systems were then designed to resist the attack of Overbeck and yet continue to use Gabidulin codes. In this paper, we generalize Overbeck’s attack to break the GPT cryptosystem for all possible parameter sets, and then extend the attack to cryptanalyze particular variants which explicitly resist the attack of Overbeck.
KeywordsCryptography Public key cryptography Rank metric Gabidulin codes Coding theory
Mathematics Subject Classification94B05 11T71 14G50 81P94
This work was supported by SNF Grant No. 149716.
- 2.Chabaud F., Stern J.: The cryptographic security of the syndrome decoding problem for rank distance codes. In: Advances in Cryptology—ASIACRYPT ’96, International Conference on the Theory and Applications of Cryptology and Information Security, Kyongju, Korea, November 3–7, 1996, Proceedings, pp. 368–381 (1996).Google Scholar
- 5.Gabidulin E.M., Paramonov A.V., Tretjakov O.V.: Ideals over a non-commutative ring and their application in cryptology. In: Proceedings of the 10th Annual International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’91, pp. 482–489. Springer, Berlin (1991).Google Scholar
- 6.Gabidulin E.M., Rashwan H., Honary B.: On improving security of GPT cryptosystems. In: IEEE International Symposium on Information Theory, 2009 (ISIT 2009), pp. 1110–1114 (2009).Google Scholar
- 7.Gaborit P., Ruatta O., Schrek J., Zémor G.: New results for rank-based cryptography. In: Progress in Cryptology—AFRICACRYPT 2014—7th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 28–30, 2014, Proceedings, pp. 1–12 (2014).Google Scholar
- 11.Horlemann-Trautmann A.-L., Marshall K.: New criteria for MRD and Gabidulin codes and some rank-metric code constructions. arXiv:1507.08641 (2015).
- 12.Horlemann-Trautmann A.-L., Marshall K., Rosenthal J.: Considerations for rank-based cryptosystems. In: Proceedings of the IEEE International Symposium on Information Theory (ISIT 2016), Barcelona, pp. 2544–2548 (2016).Google Scholar
- 13.Kshevetskiy A.: Security of GPT-like public-key cryptosystems based on linear rank codes. In: 3rd International Workshop on Signal Design and Its Applications in Communications, 2007 (IWSDA 2007), pp. 143–147 (2007).Google Scholar
- 14.Loidreau P.: Designing a rank metric based McEliece cryptosystem. In: Proceedings of the Third International Conference on Post-Quantum Cryptography (PQCrypto’10), pp. 142–152. Springer, Berlin (2010).Google Scholar
- 15.McEliece R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Progr. Rep. 44, 114–116 (1978).Google Scholar
- 19.Rashwan H., Gabidulin E.M., Honary B.: A smart approach for GPT cryptosystem based on rank codes. In: IEEE International Symposium on Information Theory, ISIT 2010, June 13–18, 2010, Austin, Texas, USA, Proceedings, pp. 2463–2467 (2010).Google Scholar
- 21.Silva D., Kschischang F.R.: Fast encoding and decoding of Gabidulin codes. In: IEEE International Symposium on Information Theory, 2009 (ISIT 2009), pp. 2858–2862 (2009).Google Scholar
- 24.Wan Z.-X.: Geometry of matrices. World Scientific, Singapore (1996). In memory of Professor L.K. Hua (1910–1985).Google Scholar