Advertisement

Key Recovery Attack on McNie Based on Low Rank Parity Check Codes and Its Reparation

  • Terry Shue Chien LauEmail author
  • Chik How Tan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)

Abstract

Recently, Galvez et al. submitted McNie, a new public key encryption scheme to NIST as a candidate for the standard of post-quantum cryptography. They claimed that their parameters achieve 128-bit security with small key size by using Quasi-Cyclic Low Rank Parity Check codes (QC-LRPC) and block circulant matrices as the public key and secret key for the encryption. However, McNie based on QC-LRPC has several limitations in its design. In addition, Gaborit suggested an attack against the McNie encryption, which reduces the security levels of Galvez et al.’s proposals. Moreover, McNie based on LRPC codes has decryption failure. We propose a key recovery attack which recovers the secret key of their encryption of the claimed security level for all the proposed parameters. Even Galvez et al. revised their parameters against Gaborit’s attack, we are still able to recover the secret key for the revised parameters by our key recovery attack. We propose a new McNie encryption based on Gabidulin codes with appropriate choices of secret key. Our McNie based on Gabidulin codes has error free decryption.

Keywords

Code-based cryptography McEliece Niederreiter Key recovery attack Public-key encryption 

References

  1. 1.
    Aragon, N., Gaborit, P., Hauteville, A., Tillich, J.P.: Improvement of Generic Attacks on the Rank Syndrome Decoding Problem (2017). \(<\)hal-01618464\(>\)Google Scholar
  2. 2.
    Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_16CrossRefGoogle Scholar
  3. 3.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptology 26(1), 80–101 (2013)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Gabidulin, E.M.: Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21(1), 3–16 (1985)MathSciNetzbMATHGoogle Scholar
  5. 5.
    Gaborit, P.: Attack on McNie. In: Post-Quantum Cryptography, Round 1 Submmisions, McNie, Official Comments. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/McNie-official-comment.pdf
  6. 6.
    Gaborit, P., Hauteville, A., Phan, D.H., Tillich, J.-P.: Identity-based encryption from codes with rank metric. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 194–224. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_7CrossRefGoogle Scholar
  7. 7.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Gaborit, P., Murat, G., Ruatta, O., Zémor, G.: Low Rank Parity Check codes and their application to cryptography. In: The Proceedings of Workshop on Coding and Cryptography (WCC) 2013, Borgen, Norway, pp. 168–180 (2013)Google Scholar
  9. 9.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. IEEE Trans. Inf. Theory 62(12), 7245–7252 (2016)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Galvez, L., Kim, J., Kim, M.J., Kim, Y., Lee, N.: McNie: Compact McEliece-Niederreiter Cryptosystem. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/McNie.zip
  11. 11.
    Galvez, L., Kim, J., Kim, M.J., Kim, Y., Lee, N.: New McNie parameters. In: Post-Quantum Cryptography, Round 1 Submmisions, McNie, Official Comments. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/McNie-official-comment.pdf
  12. 12.
    Goubin, L., Courtois, N.T.: Cryptanalysis of the TTM cryptosystem. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 44–57. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_4CrossRefGoogle Scholar
  13. 13.
    Levy-dit-Vehel, F., Perret, L.: Algebraic decoding of rank metric codes. In: Proceedings of YACC 2006, pp. 142–152 (2006)Google Scholar
  14. 14.
    Otmani, A., Kalachi, H.T., Ndjeya, S.: Improved Cryptanalysis of Rank Metric Schemes Based on Gabidulin Codes. CoRR abs/1602.08549 (2016)Google Scholar
  15. 15.
    Ourivski, A.V., Johansson, T.: New technique for decoding codes in the rank metric and its cryptography applications. Probl. Inf. Trans. 38(3), 237–246 (2002)CrossRefGoogle Scholar
  16. 16.
    Overbeck, R.: Structural attacks for public key cryptosystems based on Gabidulin codes. J. Cryptology 21(2), 280–301 (2008)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Temasek Laboratories, National University of SingaporeSingaporeSingapore

Personalised recommendations