A new algorithm for finding minimum-weight words in large linear codes
An algorithm for finding small-weight words in large linear codes is developed and a precise analysis of its complexity is given. It is in particular able to decode random [512,256,57]-linear binary codes in 9 hours on a DEC alpha computer. We improve with it the previously best known attacks on some public-key cryptosystems and identification schemes based on error-correcting codes: for example we reduce the work factor involved in breaking McEliece's cryptosystem, since our algorithm requires 264 elementary operations that is 128 times less than Lee-Brickell's attack.
KeywordsLinear Code Work Factor Elementary Operation Goppa Code Linear Binary Code
Unable to display preview. Download preview PDF.
- 1.A. Canteaut and H. Chabanne. A further improvement of the work factor in an attempt at breaking McEliece's cryptosystem. In P. Charpin, editor, EUROCODE 94, pages 163–167. INRIA, 1994.Google Scholar
- 2.A. Canteaut and F. Chabaud. Improvements of the attacks on cryptosystems based on error-correcting codes. Rapport interne du Département Mathématiques et Informatique LIENS-95-21, Ecole Normale Supérieure, Paris, July 1995.Google Scholar
- 3.F. Chabaud. On the security of some cryptosystems based on error-correcting codes. In A. De Santis, editor, Advances in Cryptology — EUROCRYPT '94, number 950 in Lecture Notes in Computer Science, pages 131–139. Springer-Verlag, 1995.Google Scholar
- 4.M. Girault. A (non-practical) three-pass identification protocol using coding theory. In J. Seberry and J. Pieprzyk, editors, Advances in Cryptology — AUSCRYPT '90, number 453 in Lecture Notes in Computer Science, pages 265–272. Springer-Verlag, 1991.Google Scholar
- 5.P.J. Lee and E.F. Brickell. An observation on the security of McEliece's publickey cryptosystem. In C.G. Günther, editor, Advances in Cryptology — EUROCRYPT '88, number 330 in Lecture Notes in Computer Science, pages 275–280. Springer-Verlag, 1988.Google Scholar
- 7.R.J. McEliece. A public-key cryptosystem based on algebraic coding theory. DSN progress report 42–44, pages 114–116, 1978.Google Scholar
- 8.H. Niederreiter. Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory, 15(2): 159–166, 1986.Google Scholar
- 10.J. Stern. A method for finding codewords of small weight. In G. Cohen and J. Wolfmann, editors, Coding Theory and Applications, number 388 in Lecture Notes in Computer Science, pages 106–113. Springer-Verlag, 1989.Google Scholar
- 11.J. Stern. A new identification scheme based on syndrome decoding. In D.R. Stinson, editor, Advances in Cryptology — CRYPTO '93, number 773 in Lecture Notes in Computer Science. Springer-Verlag, 1994.Google Scholar
- 12.J. van Tilburg. On the McEliece public-key cryptosystem. In S. Goldwasser, editor, Advances in Cryptology — CRYPTO '88, number 403 in Lecture Notes in Computer Science, pages 119–131. Springer-Verlag, 1990.Google Scholar