Abstract
Rank metric is a very promising research direction for code-based cryptography. In fact, thanks to the high complexity of generic decoding attacks against codes in this metric, it is possible to easily select parameters that yield very small data sizes. In this paper we analyze cryptosystems based on Low-Rank Parity-Check (LRPC) codes, one of the classes of codes that are efficiently decodable in the rank metric. We show how to exploit the decoding failure rate, which is an inherent feature of these codes, to devise a reaction attack aimed at recovering the private key. As a case study, we cryptanalyze the recent McNie submission to NIST’s Post-Quantum Standardization process. Additionally, we provide details of a simple implementation to validate our approach.
This work has been supported by the European Commission through the ERC Starting Grant 805031 (EPOQUE); through the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 643161; and by Sweden through the WASP expedition project Massive, Secure, and Low-Latency Connectivity for IoT Applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A circulant matrix can be defined as a special case of Toeplitz matrix; for more details about Toeplitz matrices see [19].
- 2.
Recall that in Hamming metric, weight is preserved under multiplication by permutation matrices.
References
Aragon, N., et al.: Lake. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017
Aragon, N., et al.: Locker. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017
Aragon, N., Blazy, O., Gaborit, P., Hauteville, A., Zémor, G.: Durandal: a rank metric based signature scheme. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 728–758. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_25
Baldi, M., Chiaraluce, F., Garello, R.: On the usage of quasi-cyclic low-density parity-check codes in the McEliece cryptosystem. In: Proceedings of the First International Conference on Communication and Electronics (ICEE 2006), pp. 305–310, October 2006
Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_6
Bernstein, D.J., et al.: https://classic.mceliece.org/
Bettale, L., Faugère, J.-C., Perret, L.: Cryptanalysis of HFE, multi-HFE and variants for odd and even characteristic. Des. Codes Crypt. 69(1), 1–52 (2013)
Buss, J.F., Frandsen, G.S., Shallit, J.O.: The computational complexity of some problems of linear algebra. J. Comput. Syst. Sci. 58(3), 572–596 (1999)
Courtois, N.T.: Efficient zero-knowledge authentication based on a linear algebra problem MinRank. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 402–421. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_24
Faugère, J.-C., Gligoroski, D., Perret, L., Samardjiska, S., Thomae, E.: A polynomial-time key-recovery attack on MQQ cryptosystems. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 150–174. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_7
Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_14
Gabidulin, E.M.: Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21(1), 3–16 (1985)
Gaborit, P.: Shorter keys for code based cryptography. In: International Workshop on Coding and Cryptography (WCC 2005), Bergen, Norway, pp. 81–91. ACM Press (2005)
Gaborit, P., Murat, G., Ruatta, O., Zémor, G.: Low rank parity check codes and their application to cryptography. In: Proceedings of the Workshop on Coding and Cryptography WCC, vol. 2013 (2013)
Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: New results for rank-based cryptography. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 1–12. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06734-6_1
Gallager, R.G.: Low-density parity-check codes. Ph.D. thesis, M.I.T. (1963)
Galvez, L., Kim, J.-L., Kim, M.J., Kim, Y.-S., Lee, N.: McNie: compact Mceliece-Niederreiter Cryptosystem. NIST Post-Quantum Cryptography Project, First Round Candidate Algorithms, December 2017
Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_4
Gray, R.M.: Toeplitz and circulant matrices: a review. Found. Trends® Commun. Inf. Theory 2(3), 155–239 (2006)
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 212–219. ACM, New York (1996)
Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 789–815. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_29
Hall, C., Goldberg, I., Schneier, B.: Reaction attacks against several public-key cryptosystem. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 2–12. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-540-47942-0_2
Harrow, A.W., Hassidim, A., Lloyd, S.: Quantum algorithm for linear systems of equations. Phys. Rev. Lett. 103(15), 150502 (2009)
Kim, J.-L., Kim, Y.-S., Galvez, L., Kim, M.J., Lee, N.: McNie: a code-based public-key cryptosystem. arXiv preprint arXiv:1812.05008 (2018)
Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_2
Lau, T.S.C., Tan, C.H.: Key recovery attack on McNie based on low rank parity check codes and its reparation. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 19–34. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97916-8_2
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114–116 (1978)
Melchior Aguilar, N. et al.: Locker. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017
Melchior Aguilar, C., et al.: Ouroboros-R. NIST Post-Quantum Cryptography Project: First Round Candidate Algorithms, December 2017
Minder, L., Shokrollahi, A.: Cryptanalysis of the Sidelnikov cryptosystem. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 347–360. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_20
Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_24
Misoczki, R., Tillich, J.P., Sendrier, N., Barreto, P.S.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: IEEE International Symposium on Information Theory - ISIT 2013, pp. 2069–2073, Istambul, Turkey. IEEE (2013)
Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes (2012)
Aragon, N., Gaborit, P.: A key recovery attack against LRPC using decryption failures. In: International Workshop on Coding and Cryptography (WCC 2019), Saint-Jacut-de-la-Mer, Norway (2019)
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control. Inf. Theory 15(2), 159–166 (1986)
Nilsson, A., Johansson, T., Stankovski, P.: Error amplification in code-based cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(1), 238–258 (2018)
https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions
Persichetti, E.: Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptol. 6(2), 149–169 (2012)
Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. IT 8, S5–S9 (1962)
Santini, P., Battaglioni, M., Chiaraluce, F., Baldi, M.: Analysis of reaction and timing attacks against cryptosystems based on sparse parity-check codes (2019)
Schwabe, P., Westerbaan, B.: Solving binary \(\cal{MQ}\) with Grover’s algorithm. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 303–322. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49445-6_17
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Sidelnikov, V.M.: A public-key cryptosystem based on binary Reed-Muller codes. Discrete Math. Appl. 4(3), 191–208 (1994)
Sidelnikov, V.M., Shestakov, S.O.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discrete Math. Appl. 2(4), 439–444 (1992)
The Sage Developers: SageMath, the Sage Mathematics Software System (Version 8.7) (2019). https://www.sagemath.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Samardjiska, S., Santini, P., Persichetti, E., Banegas, G. (2019). A Reaction Attack Against Cryptosystems Based on LRPC Codes. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-30530-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30529-1
Online ISBN: 978-3-030-30530-7
eBook Packages: Computer ScienceComputer Science (R0)