McEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks
Quantum computers can break the RSA, El Gamal, and elliptic curve public-key cryptosystems, as they can efficiently factor integers and extract discrete logarithms. This motivates the development of post-quantum cryptosystems: classical cryptosystems that can be implemented with today’s computers, that will remain secure even in the presence of quantum attacks.
In this article we show that the McEliece cryptosystem over rational Goppa codes and the Niederreiter cryptosystem over classical Goppa codes resist precisely the attacks to which the RSA and El Gamal cryptosystems are vulnerable—namely, those based on generating and measuring coset states. This eliminates the approach of strong Fourier sampling on which almost all known exponential speedups by quantum algorithms are based. Specifically, we show that the natural case of the Hidden Subgroup Problem to which McEliece-type cryptosystems reduce cannot be solved by strong Fourier sampling, or by any measurement of a coset state. To do this, we extend recent negative results on quantum algorithms for Graph Isomorphism to subgroups of the automorphism groups of linear codes.
This gives the first rigorous results on the security of the McEliece-type cryptosystems in the face of quantum adversaries, strengthening their candidacy for post-quantum cryptography. We also strengthen some results of Kempe, Pyber, and Shalev on the Hidden Subgroup Problem in S n .
KeywordsAutomorphism Group Linear Code Quantum Algorithm Parity Check Matrix Goppa Code
- 2.Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a mcEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001)Google Scholar
- 3.Dinh, H., Moore, C., Russell, A.: The McEliece cryptosystem resists quantum Fourier sampling attacks, preprint (2010), http://arxiv.org/abs/1008.2390
- 5.Fulton, W., Harris, J.: Representation Theory - A First Course. Springer-Verlag, New York Inc., Heidelberg (1991)Google Scholar
- 7.Hallgren, S., Moore, C., Rötteler, M., Russell, A., Sen, P.: Limitations of quantum coset states for graph isomorphism. In: STOC 2006: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, pp. 604–617 (2006)Google Scholar
- 8.Kempe, J., Shalev, A.: The hidden subgroup problem and permutation group theory. In: SODA 2005: Proceedings of the Sixteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1118–1125 (2005)Google Scholar
- 12.Lomont, C.: The hidden subgroup problem - review and open problems (2004), http://arXiv.org:quantph/0411037
- 13.McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. JPL DSN Progress Report, 114–116 (1978)Google Scholar
- 17.Petrank, E., Roth, R.M.: Is code equivalence easy to decide? IEEE Transactions on Information Theory 43(5), 1602–1604 (1997), doi:10.1109/18.623157Google Scholar
- 18.Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar
- 20.Ryan, J.A.: Excluding some weak keys in the McEliece cryptosystem. In: Proceedings of the 8th IEEE Africon, pp. 1–5 (2007)Google Scholar