Security Bounds for the Design of Code-Based Cryptosystems

  • Matthieu Finiasz
  • Nicolas Sendrier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


Code-based cryptography is often viewed as an interesting “Post-Quantum” alternative to the classical number theory cryptography. Unlike many other such alternatives, it has the convenient advantage of having only a few, well identified, attack algorithms. However, improvements to these algorithms have made their effective complexity quite complex to compute. We give here some lower bounds on the work factor of idealized versions of these algorithms, taking into account all possible tweaks which could improve their practical complexity. The aim of this article is to help designers select durably secure parameters.


computational syndrome decoding information set decoding generalized birthday algorithm 


  1. 1.
    Augot, D., Finiasz, M., Gaborit, Ph., Manuel, S., Sendrier, N.: SHA-3 proposal: FSB. Submission to the SHA-3 NIST competition (2008)Google Scholar
  2. 2.
    Augot, D., Finiasz, M., Sendrier, N.: A family of fast syndrome based cryptographic hash function. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 64–83. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Berger, T., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the mceliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 60–76. Springer, Heidelberg (to appear, 2009)Google Scholar
  4. 4.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3) (1978)Google Scholar
  5. 5.
    Bernstein, D., Buchmann, J., Ding, J. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Bernstein, D., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    Bernstein, D.J., Lange, T., Peters, C., Niederhagen, R., Schwabe, P.: Implementing wagner’s generalized birthday attack against the sha-3 candidate fsb. Cryptology ePrint Archive, Report 2009/292 (2009),
  8. 8.
    Bernstein, D.J., Lange, T., Peters, C., van Tilborg, H.: Explicit bounds for generic decoding algorithms for code-based cryptography. In: Pre-proceedings of WCC 2009, pp. 168–180 (2009)Google Scholar
  9. 9.
    Camion, P., Patarin, J.: The knapsack hash function proposed at crypto 1989 can be broken. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 39–53. Springer, Heidelberg (1991)Google Scholar
  10. 10.
    Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: Application to McEliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)Google Scholar
  11. 11.
    Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: An algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)Google Scholar
  12. 12.
    Coron, J.-S., Joux, A.: Cryptanalysis of a provably secure cryptographic hash function. Cryptology ePrint Archive (2004),
  13. 13.
    Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)Google Scholar
  14. 14.
    Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. Cryptology ePrint Archive, Report 2009/414 (2009),
  15. 15.
    Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 275–280. Springer, Heidelberg (1988)Google Scholar
  16. 16.
    Leon, J.S.: A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Transactions on Information Theory 34(5), 1354–1359 (1988)Google Scholar
  17. 17.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. In: DSN Prog. Rep., Jet Prop. Lab., California Inst. Technol., Pasadena, CA, pp. 114–116 (January 1978)Google Scholar
  18. 18.
    Aguilar Melchor, C., Cayrel, P.-L., Gaborit, P.: A new efficient threshold ring signature scheme based on coding theory. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 1–16. Springer, Heidelberg (2008)Google Scholar
  19. 19.
    Minder, L., Sinclair, A.: The extended k-tree algorithm. In: Mathieu, C. (ed.) Proceedings of SODA 2009, pp. 586–595. SIAM, Philadelphia (2009)Google Scholar
  20. 20.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece keys from Goppa codes. Cryptology ePrint Archive, Report 2009/187 (2009),
  21. 21.
    Niederreiter, H.: Knapsack-type crytosystems and algebraic coding theory. Prob. Contr. Inform. Theory 15(2), 157–166 (1986)Google Scholar
  22. 22.
    Stern, J.: A method for finding codewords of small weight. In: Wolfmann, J., Cohen, G. (eds.) Coding Theory 1988. LNCS, vol. 388, pp. 106–113. Springer, Heidelberg (1989)Google Scholar
  23. 23.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994)Google Scholar
  24. 24.
    Véron, P.: A fast identification scheme. In: IEEE Conference, ISIT 1995, Whistler, BC, Canada, September 1995, p. 359 (1995)Google Scholar
  25. 25.
    Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matthieu Finiasz
    • 1
  • Nicolas Sendrier
    • 2
  1. 1.ENSTA 
  2. 2.INRIA, team-project SECRET 

Personalised recommendations