Recovering Short Secret Keys of RLCE in Polynomial Time
We present a key recovery attack against Y. Wang’s Random Linear Code Encryption (RLCE) scheme recently submitted to the NIST call for post-quantum cryptography. The public key of this code based encryption scheme is a generator matrix of a generalised Reed Solomon code whose columns are mixed in a certain manner with purely random columns. In this paper, we show that it is possible to recover the underlying structure when there are not enough random columns. The attack reposes on a distinguisher on the dimension of the square code. This process allows to recover the secret key for all the short key parameters proposed by the author in \(O(n^5)\) operations. Our analysis explains also why RLCE long keys stay out of reach of our attack.
KeywordsCode based cryptography McEliece scheme RLCE Distinguisher Key recovery attack Generalised Reed Solomon codes Schur product of codes
The authors are supported by French Agence nationale de la recherche grants ANR-15-CE39-0013 Manta, ANR-17-CE39-0007 CBCrypt and by the Commission of the European Communities through the Horizon 2020 program under project number 645622 (PQCRYPTO). Computer aided calculations have been performed using softwares Sage and Magma .
- 3.Berger, T.P., Loidreau, P.: Security of the Niederreiter form of the GPT public-key cryptosystem. In: Proceedings IEEE International Symposium on Information Theory - ISIT 2002, p. 267. IEEE, June 2002Google Scholar
- 4.Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography, November 2017. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/Classic_McEliece.zip, first round submission to the NIST post-quantum cryptography call
- 14.McEliece, R.J.: A Public-Key System Based on Algebraic Coding Theory, pp. 114–116. Jet Propulsion Lab (1978). DSN Progress Report 44Google Scholar
- 16.Wang, Y.: Quantum resistant random linear code based public key encryption scheme RLCE. In: Proceedings of the IEEE International Symposium on Information Theory - ISIT 2016, pp. 2519–2523. IEEE, Barcelona, July 2016. https://doi.org/10.1109/ISIT.2016.7541753
- 17.Wang, Y.: RLCE-KEM (2017). http://quantumca.org, first round submission to the NIST post-quantum cryptography call
- 18.Wieschebrink, C.: Two NP-complete problems in coding theory with an application in code based cryptography. In: Proceedings IEEE International Symposium Information Theory - ISIT, pp. 1733–1737 (2006)Google Scholar