Generalization of BJMM-ISD Using May-Ozerov Nearest Neighbor Algorithm over an Arbitrary Finite Field \(\mathbb {F}_q\)

  • Cheikh Thiécoumba Gueye
  • Jean Belo KlamtiEmail author
  • Shoichi Hirose
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10194)


The security of McEliece cryptosystem heavily relies on the hardness of decoding a random linear code. The best known generic decoding algorithms are derived from the Information-Set Decoding (ISD) algorithm. The ISD algorithm was proposed in 1962 by Prange and improved in 1989 by Stern and later in 1991 by Dumer. Since then, there have been numerous works improving and generalizing the ISD algorithm: Peters in 2009, May, Meurer and Thomae in 2011, Becker, Joux, May and Meurer in 2012, May and Ozerov in 2015, and Hirose in 2016. Among all these improvement and generalization only those ofPeters and Hirose are over \(\mathbb {F}_q\) with q an arbitrary prime power. In Hirose’s paper, he describes the May-Ozerov nearest-neighbor algorithm generalized to work for vectors over the finite field \(\mathbb {F}_q\) with arbitrary prime power q. He also applies the generalized algorithm to the decoding problem of random linear codes over \(\mathbb {F}_q\). And he observed by a numerical analysis of asymptotic time complexity that the May-Ozerov nearest-neighbor algorithm may not contribute to the performance improvement of Stern’s ISD algorithm over \(\mathbb {F}_q\) with \(q \ge 3\). In this paper, we will extend the Becker, Joux, May, and Meurer’s ISD using the May-Ozerov algorithm for Nearest-Neighbor problem over \(\mathbb {F}_q\) with q an arbitrary prime power. We analyze the impact of May-Ozerov algorithm for Nearest-Neighbor Problem over \(\mathbb {F}_q\) on the Becker, Joux, May and Meurer’s ISD.


Code-based cryptography Information-Set Decoding (ISD) algorithm Linear code Nearest neighbor 



This work was carried out with financial support of CEA-MITIC for CBC project and financial support of the government of Senegal’s Ministry of Hight Education and Research for ISPQ project. The third author was supported in part by JSPS KAKENHI Grant Number JP16H02828.

Supplementary material


  1. 1.
    Andoni, A., Indyk, P., Nguyen, H.L., Razenshteyn, I.: Beyond locality-sensitive hashing. In: SODA, pp. 1018–1028 (2014)Google Scholar
  2. 2.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02384-2_6 CrossRefGoogle Scholar
  3. 3.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theor. 24(3), 384–386 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Becker, A., Joux, A., May, A., Meurer A.: Decoding random binary linear codes in \(2n, 20\): how \(1+1=0\) improves information set decoding. In: Eurocrypt 2012 (2012)Google Scholar
  5. 5.
    Bernstein, D.J., Lange, T., Peters, C.: Smaller decoding exponents: ball-collision decoding. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 743–760. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_42 CrossRefGoogle Scholar
  6. 6.
    Chabot, C., Legeay, M.: Using permutation group for decoding. In: Proceedings of Algebraic and Combinatorial Coding Theory 2010, pp. 86–92 (2010)Google Scholar
  7. 7.
    Coffey, J.T., Goodman, R.M.: The complexity of Information-Set Decoding (ISD). IEEE Trans. Inf. Theor. 36(5), 1031–1037 (1990)CrossRefzbMATHGoogle Scholar
  8. 8.
    Cohen, G., Wolfmann, J. (eds.): Coding Theory and Applications. LNCS, vol. 388. Springer, Heidelberg (1989)Google Scholar
  9. 9.
    Couvreur, A., Otmani, A., Tillich, J.-P.: Polynomial time attack on wild McEliece over quadratic extensions. Cryptology ePrint Archive 2014/112 (2014)Google Scholar
  10. 10.
    Dubiner, M.: Bucketing coding and information theory for the statistical high-dimensional nearest-neighbor problem. IEEE Trans. Inf. Theor. 56(8), 4166–4179 (2010)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Dumer, I.: On minimum distance decoding of linear codes. In: Proceedings 5th Joint Soviet-Swedish International Workshop Information Theory, Moscow, pp. 50–52 (1991)Google Scholar
  12. 12.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Faugére, J.-C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.-P.: Structural cryptanalysis of McEliece schemes with compact keys. Cryptology ePrint Archive: Report 2014/210 (2014)Google Scholar
  14. 14.
    Faugére, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Folding alternant and Goppa codes with non-nrivial automorphism groups. arXiv:1405.5101v1 [cs.IT], 20 May 2014
  15. 15.
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Johansson, T., Löndahl, C.: An Improvement to Stern’s AlgorithmGoogle Scholar
  17. 17.
    Heyse, S.: Implementation of McEliece based on quasi-dyadic goppa codes for embedded devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25405-5_10 CrossRefGoogle Scholar
  18. 18.
    Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), Bergen, Norway, pp. 81–91, March 2005Google Scholar
  19. 19.
    Hirose, S.: May-Ozerov algorithm for nearest-neighbor problem over \(\mathbb{F}_q\) and its application to information set decoding. Cryptology ePrint Archive: Report 2016/237 (2016)Google Scholar
  20. 20.
    Har-Peled, S., Indyk, P., Motwani, R.: Approximate nearest neighbor: towards removing the curse of dimensionality. Theor. Comput. 8(1), 321–350 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235–256. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Kobara, K.: Flexible quasi-dyadic code-based public-key encryption and signature. Cryptology ePrint Archive, Report 2009/635 (2009)Google Scholar
  23. 23.
    Legeay, M.: Permutation decoding: towards an approach using algebraic properties of the \(\sigma \)-subcode. In: Augot, D., Canteaut, A. (eds.) WCC 2011, pp. 193–202 (2011)Google Scholar
  24. 24.
    Legeay, M.: Utilisation du groupe de permutations d’un code correcteur pour améliorer l’éfficacité du décodage. Université de Rennes 1, Année (2012)Google Scholar
  25. 25.
    Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988). doi: 10.1007/3-540-45961-8_25 Google Scholar
  26. 26.
    Leon, J.S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans. Inf. Theor. 34, 1354–1359 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Misoczki, R., Tillich, J.P, Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: ISIT 2013, pp. 2069–2073 (2013)Google Scholar
  29. 29.
    McEliece, R.: A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep., Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA, pp. 114–116, January 1978Google Scholar
  30. 30.
    Barreto, P.S.L.M., Lindner, R., Misoczki, R.: Monoidic codes in cryptography. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 179–199. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  31. 31.
    May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\tilde{\cal{O}}(2^{0.054n})\). In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25385-0_6 CrossRefGoogle Scholar
  32. 32.
    May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 203–228. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_9 Google Scholar
  33. 33.
    Meurer, A.: A coding-theoretic approach to cryptanalysis. Dissertation thesis, Universität Bochum Ruhr, Novenber 2012Google Scholar
  34. 34.
    Niebuhr, R., Persichetti, E., Cayrel, P.-L., Bulygin, S., Buchmann, J.: On lower bounds for information set decoding over \(\mathbb{F}_q\) and on the effect of partial knowledgeGoogle Scholar
  35. 35.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theor. 15, 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  36. 36.
    Persichetti, E.: Compact McEliece keys based on quasi-dyadic Srivastava codes. J. Math. Cryptology 6(2), 149–169 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Peters, C.: Information-set decoding for linear codes over \(\mathbb{F}_q\). Cryptology ePrint Archive 2009/589 (2009)Google Scholar
  38. 38.
    Prange, E.: The use of Information-Sets in decoding cyclic codes. IEEE Trans. IT–8, S5–S9 (1962)MathSciNetGoogle Scholar
  39. 39.
    Repka, M., Zajac, P.: Overview of the McEliece cryptosystem and its security. Tatra Mountains Math. Publ. 60, 57–83 (2014). doi:10.2478/tmmp-2014-0025 MathSciNetzbMATHGoogle Scholar
  40. 40.
    Stern, J.: A method for finding codewords of small weight. In: Cohen, G., Wolfmann, J. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989). doi: 10.1007/BFb0019850 CrossRefGoogle Scholar
  41. 41.
    Umana, V.G., Leander, G.: Practical key recovery attacks on two McEliece variants. In: International Conference on Symbolic Computation and Cryptography SCC 2010, vol. 2010, p. 62 (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Cheikh Thiécoumba Gueye
    • 1
  • Jean Belo Klamti
    • 1
    Email author
  • Shoichi Hirose
    • 2
  1. 1.Faculté des Sciences et Techniques, DMI, LACGAAUniversité Cheikh Anta DiopDakarSenegal
  2. 2.Graduate School of EngineeringUniversity of FukuiFukuiJapan

Personalised recommendations