a code based cryptosystem using grs codes
play

A Code-Based Cryptosystem using GRS Codes Violetta Weger University - PowerPoint PPT Presentation

Nov 24, 2023 •691 likes •1.31k views

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes Outline 1 Motivation 2

  1. A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes

  2. Outline 1 Motivation 2 Basic Definitions 3 McEliece System 4 BBCRS Scheme 5 Distinguisher Attack 6 Proposal 7 Security 8 Complexity and Key Size 9 Conclusion Violetta Weger Code-based Cryptosystem using GRS Codes

  3. Motivation Violetta Weger Code-based Cryptosystem using GRS Codes

  4. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  5. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  6. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  7. Public-Key Cryptography Example: RSA Let p, q be primes. Compute n = pq and the Euler-totient function ϕ ( n ) = ( p − 1)( q − 1). Choose e < ϕ ( n ), s.t. gcd( e, n ) = 1. Public Key = ( n, e ) Private Key = ( p, q ) Encryption: Let m be the message. The cipher is computed as c = m e mod n. Decryption: Compute d and b s.t. de + bϕ ( n ) = 1 . Then by computing c d we recover the message, since c d = ( m e ) d = m 1 − bφ ( n ) = m ( m φ ( n ) ) − b ≡ m 1 − b = m. Violetta Weger Code-based Cryptosystem using GRS Codes

  8. Code-based Cryptography Code-based cryptography is a promising candidate for post-quantum cryptography. The McEliece cryptosystem in its original version using Goppa codes is still unbroken, but has the main drawback of having large key sizes. Using GRS codes directly in the McEliece system is broken by the attack of Sidelnikov and Shestakov. Rosenthal et al. proposed a variant of the McEliece cryptosystem, denoted by the BBCRS scheme, in order to reconsider the use of GRS codes, by changing the scrambling matrices. Couvreur et al. presented a distinguisher attack on this cryptosystem. Violetta Weger Code-based Cryptosystem using GRS Codes

  9. Basic Definitions Violetta Weger Code-based Cryptosystem using GRS Codes

  10. Coding Theory Let F q be a finite field. Definition An [ n, k ] -linear block code over F q is a k -dimensional linear subspace C ⊆ F n q . There exists a k × n generator matrix G and a ( n − k ) × n parity check matrix H defined by the properties: { } q | Hx T = 0 uG | u ∈ F k { x ∈ F n } C = = . q Let x, y ∈ F n q . Definition The Hamming distance of x, y is defined as d H ( x, y ) = | { i ∈ { 1 , . . . , n } | x i ̸ = y i } | . Violetta Weger Code-based Cryptosystem using GRS Codes

  11. Coding Theory Let C be an [ n, k ]-linear block code. Definition We define the minimum distance of C to be d ( C ) = min { d H ( x, y ) | x, y ∈ C, x ̸ = y } . Definition We denote by C ⊥ the dual code of C , defined as C ⊥ = { x ∈ F n } q | x · y = 0 ∀ y ∈ C . Theorem (Singleton Bound) Let C be an [ n, k ] -linear block code. Then d ( C ) ≤ n − k + 1 . Violetta Weger Code-based Cryptosystem using GRS Codes

  12. Coding Theory Let F q be a finite field and 1 ≤ k < n ≤ q integers. Definition (Generalized Reed-Solomon Code) Let α ∈ F n q be an n -tuple of distinct elements and β ∈ F n q , be an n -tuple of nonzero elements. GRS n,k ( α, β ) = { ( β 1 p ( α 1 ) , . . . , β n p ( α n )) | p ∈ F q [ x ] , deg ( p ) < k } . We can write the generator matrix of GRS n,k ( α, β ) as  β 1 · · · β n  β 1 α 1 · · · β n α n   G =  .  . .  . .   . .  β 1 α k − 1 β n α k − 1 · · · 1 n Violetta Weger Code-based Cryptosystem using GRS Codes

  13. Coding Theory Proposition d ( GRS n,k ( α, β )) = n − k + 1 . Proposition GRS n,k ( α, β ) ⊥ = GRS n,n − k ( α, γ ) . Where n γ i = β − 1 ∏ ( α i − α j ) − 1 . i j =1 j ̸ = i Violetta Weger Code-based Cryptosystem using GRS Codes

  14. Coding Theory Let n = q m and F q m be a finite field. Definition (Goppa Code) Let G ∈ F q m [ x ] . Then define / S m = F q m [ x ] ⟨ G ⟩ . Let L = { α 1 , . . . , α n } ⊆ F n q m , with α i ̸ = α j ∀ i ̸ = j ∈ { 1 , . . . , n } and G ( α i ) ̸ = 0 ∀ i ∈ { 1 , . . . , n } . Then we can define the classical q -ary Goppa code as { n } � a i ∑ a ∈ F n � Γ( L, G ) = = 0 in S m . q � x − α i � i =1 Violetta Weger Code-based Cryptosystem using GRS Codes

  15. McEliece System Violetta Weger Code-based Cryptosystem using GRS Codes

  16. McEliece System Choose n = 2 m , t < n m and Γ a binary Goppa code of length n , dimension k ≥ n − mt , which can correct upto t errors. Γ has a generator matrix G of size k × n . Choose a k × k invertible matrix S and a n × n permutation matrix P and compute G ′ = SGP . ( G ′ , t ) Public Key = Private Key = ( S, G, P ) Violetta Weger Code-based Cryptosystem using GRS Codes

  17. McEliece System Encryption: Let x ∈ F k 2 be the message and e ∈ F n 2 the error vector, s.t. wt( e ) ≤ t , then the cipher is computed as y = xG ′ + e. Decryption: Compute yP − 1 = xSG + eP − 1 , then xSG is a code word of Γ and since wt( eP − 1 ) ≤ t , we can apply the decoding algorithm and get xS and by multiplication with the inverse of S we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  18. Niederreiter system Let F q be a finite field. Let 1 ≤ k < n ≤ q be integers. Construct a [ n, k ]-linear code C , that can correct upto t errors and has an efficient decoding algorithm. C has a parity check matrix H of size r × n , where r = n − k . Choose a r × r invertible matrix S and a n × n permutation matrix P and compute H ′ = SHP . ( H ′ , t ) Public Key = Private Key = ( S, H, P ) Violetta Weger Code-based Cryptosystem using GRS Codes

  19. Niederreiter system Encryption: Let x ∈ F n q be the message, s.t. wt( x ) ≤ t , then the cipher is computed as y T = H ′ x T . Decryption: Compute S − 1 y T = HPx T = H ( xP T ) T . Since wt( xP T ) ≤ t , we can apply syndrome decoding to get xP T and by multiplication with the inverse of P T we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  20. BBCRS Scheme Violetta Weger Code-based Cryptosystem using GRS Codes

  21. BBCRS Scheme Rosenthal, Schipani et al. proposed a variant of the McEliece cryptosystem, in order to reconsider the use of GRS codes as secret code. Instead of the permutation matrix they use as scrambling matrix the sum T + R , where T is a sparse matrix of row weight m and R is a matrix of rank z . This thwarts the attack of Sidelnikov and Shestakov. Violetta Weger Code-based Cryptosystem using GRS Codes

  22. BBCRS Scheme for m = 1 , z = 1 Let F q be a finite field. Let 1 ≤ k < n ≤ q be integers. Let G = k × n generator matrix of GRS code , T = n × n permutation matrix , n × n rank 1 matrix , R = α T β, R = Q = n × n invertible matrix , Q = R + T, S = k × k invertible matrix . Compute: G ′ = S − 1 GQ − 1 and t pub = t = ⌊ n − k 2 ⌋ . ( G ′ , t ) Public Key = Private Key = ( G, T, R, Q, S ) Violetta Weger Code-based Cryptosystem using GRS Codes

  23. BBCRS Scheme for m = 1 , z = 1 Encryption: Let x ∈ F k q be the message and e ∈ F n q , s.t. wt( e ) ≤ t be the error vector. Compute the cipher as y = xG ′ + e. Decryption: Guess the value of eR . Then compute y ′ = yQ − eR = xS − 1 G + eT. Since wt( eT ) ≤ t by decoding algorithm we get xS − 1 and by multiplication with S we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  24. Distinguisher Attack Violetta Weger Code-based Cryptosystem using GRS Codes

  25. Definitions Definition (Schur Product) Let x, y ∈ F n q . The Schur product of x and y is x ⋆ y = ( x 1 y 1 , . . . , x n y n ) . Violetta Weger Code-based Cryptosystem using GRS Codes

  26. Definitions Definition (Schur Product) Let x, y ∈ F n q . The Schur product of x and y is x ⋆ y = ( x 1 y 1 , . . . , x n y n ) . Definition (Schur Product of Codes and Square Code) Let A, B be two codes of length n . The Schur product of A and B is ⟨ A ⋆ B ⟩ = ⟨{ a ⋆ b | a ∈ A, b ∈ B }⟩ . If A = B , then we call ⟨ A ⋆ A ⟩ the square code of A and denote it by ⟨ A 2 ⟩ . Violetta Weger Code-based Cryptosystem using GRS Codes

  27. Definitions Definition (Schur Matrix) Let G be a k × n matrix, with rows g i for 1 ≤ i ≤ k . We denote by S ( G ) the Schur matrix of G , which consists of the rows 2 ( k 2 + k ) × n . g i ⋆ g j for 1 ≤ i ≤ j ≤ k. Thus S ( G ) is of the size 1 Violetta Weger Code-based Cryptosystem using GRS Codes

  28. Properties of Square Codes Proposition Let A be a code of length n and dimension k , then { ( k + 1 )} dim ( ⟨ A 2 ⟩ ) ≤ min n, (1) 2 Violetta Weger Code-based Cryptosystem using GRS Codes

  29. Properties of Square Codes Proposition Let A be a code of length n and dimension k , then { ( k + 1 )} dim ( ⟨ A 2 ⟩ ) ≤ min n, (1) 2 Proposition If 2 k − 1 < n ⟨ GRS n,k ( α, β ) 2 ⟩ = GRS n, 2 k − 1 ( α, β ⋆ β ) (2) Violetta Weger Code-based Cryptosystem using GRS Codes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich

McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich

Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich ALCOMA, March 19, 2015 joint

763 views • 54 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May 11-12, 2011 1/45 CONTENTS I Error-correcting codes; the basics II Quasi-cyclic codes; codes generated by circulants III Cyclic codes

556 views • 45 slides
Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University January 26, 2018 Joint work with Austin Allen, Keller Blackwell, Olivia Fiol, Rutuja Kshirsagar, and Zoe Nelson, supervised by Gretchen Matthews. Coding

773 views • 18 slides
/k Introduction and content 2/37 Error-correcting pair - Generalized Reed-Solomon codes -

/k Introduction and content 2/37 Error-correcting pair - Generalized Reed-Solomon codes -

Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Mrquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 /k Introduction and content 2/37 Error-correcting

687 views • 37 slides
A Provisions B Building Code N Code R Code X requirements with up-to-date model codes and

A Provisions B Building Code N Code R Code X requirements with up-to-date model codes and

3/6/2019 Modernizing Chicagos Modernizing Chicagos Construction Codes Construction Codes Phase 2 Overview Commissioner remarks Code Modernization goal Phase 2 technical recommendations Phase 2 stakeholder input Phase

431 views • 6 slides
P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM E RROR - CORRECTING PAIRS P UBLIC - KEY CRYPTOGRAPHY FOR A PUBLIC - KEY CRYPTOSYSTEM C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES I. M RQUEZ -C ORBELLA 1 R. P

1.2k views • 97 slides
Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003 Yokohama Binary Goppa Codes Introduction Used for cryptography ( McEliece cryptosystem) Indistinguishable from a random linear code

138 views • 11 slides
The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael OKeeffe The College of New Jersey Mathematics Department April 18, 2008 A BSTRACT So long as there are secrets, there is a need for encryption

357 views • 16 slides
Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer

Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer

Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer School Emerging Topics in Cryptographic Design and Cryptanalysis I. Introduction Binary linear code n the length C a ( n, k ) binary

501 views • 35 slides
Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with

Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with

Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with C. Seshadhri, David F. Gleich Joyce Jiyoung Whang, and Inderjit S. Dhillon, supported by Purdue University NSF CAREER 1149756-CCF Todays

530 views • 36 slides
QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode readable by mobile devices Requires a QR Code reader application QR Code Types Static Instructions direct from QR code to mobile device. No

358 views • 22 slides
SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work QR Code Creation My favorite free sites: myqr.co delivr.com/qr-code-generator (best for being able to edit codes) mobilefish.com/services/qrcode

488 views • 13 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate

FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate

FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate development that controls building form first and building use second, with the purpose of achieving a particular type of place or built environment

197 views • 6 slides
Device Code E C requirements Conveyance Electrical Code Replace current New provisions

Device Code E C requirements Conveyance Electrical Code Replace current New provisions

Stakeholder Oversight Group Meeting 12/3/2018 Modernizing Chicagos Modernizing Chicagos Construction Codes Construction Codes Phase 2 Overview Why modernize the code? What is planned? What has happened before? How will

565 views • 7 slides
Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and Review Yu Huang University of Michigan Dec 11, 2019 Break Down the Title A standard workday of a software developer Problem Introduction and

1.5k views • 121 slides
Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences Fault Handling Code 821 error =

910 views • 46 slides
Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR.

Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR.

Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR. Julie Delon with Cecilia Aguerrebere, Andr es Almansa, Yann Gousseau and Pablo Mus e 1 / 32 Teaser : what is High Dynamic Range Imaging (HDR) ?

1.02k views • 60 slides
Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of

Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of

Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of Minnesota Joint work with Yunpeng Shi (University of Minnesota) and Teng Zhang (University of Central Florida) Gilad Lerman 1 / 23 Content 1 Introduction

489 views • 28 slides
WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy

WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy

WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy Klebaner In partnership with: India Institutes Fermilab Collaboration PIP-II Directors Review Istituto Nazionale di Fisica Nucleare Science and

388 views • 35 slides
Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12

Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12

Confirmed: 2D Final Exam: Thursday 18 th March 11:30-2:30 PM WLH 2005 Course Review 14 th March 10am WLH 2005 (TBC) Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12 Frequency 10 8 6 4 2 0 0 1

766 views • 13 slides
Theory of Reals for Verification and Synthesis of Hybrid Dynamical Systems Ashish Tiwari

Theory of Reals for Verification and Synthesis of Hybrid Dynamical Systems Ashish Tiwari

Theory of Reals for Verification and Synthesis of Hybrid Dynamical Systems Ashish Tiwari Computer Science Laboratory (CSL) SRI International (SRI) Menlo Park, CA 94025 Email: ashish.tiwari@sri.com Ashish Tiwari Theory of

706 views • 56 slides
NUMA-Aware Thread Migration for High Performance NVMM File Systems Ying Wang , Dejun Jiang, Jin

NUMA-Aware Thread Migration for High Performance NVMM File Systems Ying Wang , Dejun Jiang, Jin

NUMA-Aware Thread Migration for High Performance NVMM File Systems Ying Wang , Dejun Jiang, Jin Xiong Institute of Computing Technology, CAS University of Chinese Academy of

1.37k views • 103 slides

More recommend