Reducing the Key Size of McEliece Cryptosystem from Automorphism-induced Goppa Codes via Permutations

  • Zhe LiEmail author
  • Chaoping Xing
  • Sze Ling Yeo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11443)


In this paper, we propose a new general construction to reduce the public key size of McEliece cryptosystems constructed from automorphism-induced Goppa codes. In particular, we generalize the ideas of automorphism-induced Goppa codes by considering nontrivial subsets of automorphism groups to construct Goppa codes with a nice block structure. By considering additive and multiplicative automorphism subgroups, we provide explicit constructions to demonstrate our technique. We show that our technique can be applied to automorphism-induced Goppa codes based cryptosystems to further reduce their key sizes.



Chaoping Xing was supported by the National Research Foundation, Prime Minister’s Office, Singapore under its Strategic Capability Research Centres Funding Initiative; and the Singapore MoE Tier 1 grants RG25/16 and RG21/18.


  1. 1.
  2. 2.
    Banegas, G., et al.: DAGS: key encapsulation from dyadic GS codes, June 2018.
  3. 3.
    Bardet, M., et al.: BIG QUAKE: BInary Goppa QUAsi cyclic Key Encapsulation, April 2018.
  4. 4.
    Barelli, E.: On the security of some compact keys for McEliece scheme. CoRR abs/1803.05289 (2018).
  5. 5.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2n/20: how \(1+1=0\) improves information set decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012). Scholar
  6. 6.
    Berger, T.P.: Goppa and related codes invariant under a prescribed permutation. IEEE Trans. Inf. Theory 46(7), 2628–2633 (2000). Scholar
  7. 7.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009). Scholar
  8. 8.
    Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography, 1st edn. Springer, Heidelberg (2008). Scholar
  9. 9.
    Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). Scholar
  10. 10.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to McEliece’s cryptosystem and to Narrow-Sense BCH codes of length 511. IEEE Trans. Inf. Theory 44(1), 367–378 (1998)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Chevalley, C.: Introduction to the Theory of Algebraic Functions of One Variable, vol. 6. American Mathematical Society, Providence (1951)zbMATHGoogle Scholar
  12. 12.
    Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings of 5th Joint Soviet-Swedish International Workshop Information Theory, pp. 50–52 (1991)Google Scholar
  13. 13.
    Faugère, J., Gauthier-Umaña, V., Otmani, A., Perret, L., Tillich, J.: A distinguisher for high-rate McEliece cryptosystems. IEEE Trans. Inf. Theory 59(10), 6830–6844 (2013). Scholar
  14. 14.
    Faugère, J., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.: Folding alternant and Goppa codes with non-trivial automorphism groups. IEEE Trans. Inf. Theory 62(1), 184–198 (2016). Scholar
  15. 15.
    Faugère, J., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.: Structural cryptanalysis of McEliece schemes with compact keys. Des. Codes Crypt. 79(1), 87–112 (2016). Scholar
  16. 16.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010). Scholar
  17. 17.
    Faugère, J.-C., Perret, L., de Portzamparc, F.: Algebraic attack against variants of McEliece with Goppa polynomial of a special form. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 21–41. Springer, Heidelberg (2014). Scholar
  18. 18.
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). Scholar
  19. 19.
    Janwa, H., Moreno, O.: McEliece public key cryptosystems using algebraic-geometric codes. Des. Codes Crypt. 8(3), 293–307 (1996)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems-conversions for McEliece PKC. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001). Scholar
  21. 21.
    Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988). Scholar
  22. 22.
    Lidl, R., Niederreiter, H.: Finite fields: encyclopedia of mathematics and its applications. Comput. Math. Appl. 33(7), 136–136 (1997)Google Scholar
  23. 23.
    Sidelnikov, V.M., Shestakov, S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discrete Math. Appl. 2, 439–444 (1992)MathSciNetzbMATHGoogle Scholar
  24. 24.
    MacWilliams, F., Sloane, N.: The Theory of Error Correcting Codes, Volume 2, Part 2. Mathematical Studies. North-Holland Publishing Company, Amsterdam (1978)Google Scholar
  25. 25.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). Scholar
  26. 26.
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). Scholar
  27. 27.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 44, pp. 114–116, January 1978Google Scholar
  28. 28.
    Minder, L., Shokrollahi, A.: Cryptanalysis of the Sidelnikov cryptosystem. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 347–360. Springer, Heidelberg (2007). Scholar
  29. 29.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009). Scholar
  30. 30.
    Misoczki, R., Tillich, J., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: ISIT, pp. 2069–2073. IEEE (2013)Google Scholar
  31. 31.
    Niederreiter, H.: Knapsack type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  32. 32.
    Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5–9 (1962)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Sendrier, N.: Finding the permutation between equivalent linear codes: the support splitting algorithm. IEEE Trans. Inf. Theory 46(4), 1193–1203 (2000). Scholar
  34. 34.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134 (1994).
  35. 35.
    Sidelnikov, V.M.: A public-key cryptosystem based on binary Reed-Muller codes. Discrete Math. Appl. 4(3), 191–208 (1994)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). Scholar
  37. 37.
    Torres, R.C.: CaWoF, C library for computing asymptotic exponents of generic decoding work factors, January 2017.

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.School of Physical and Mathematical SciencesNanyang Technological UniversitySingaporeSingapore
  2. 2.Institute for Infocomm Research (I2R)SingaporeSingapore

Personalised recommendations