mceliece type cryptosystem based on gabidulin codes
play

McEliece type Cryptosystem based on Gabidulin Codes Joachim - PowerPoint PPT Presentation

Jul 09, 2023 •215 likes •763 views

Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich ALCOMA, March 19, 2015 joint

  1. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z¨ urich ALCOMA, March 19, 2015 joint work with Kyle Marshall McEliece type Cryptosystem based on Gabidulin Codes

  2. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Outline 1 Traditional McEliece Crypto System 2 Variants of McEliece System 3 Distinguisher Attacks 4 McEliece for Rank Metric Codes McEliece type Cryptosystem based on Gabidulin Codes

  3. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Traditional McEliece Crypto System In 1978 Robert McEliece [McE78] proposed an asymmetric encryption scheme based on the hardness of decoding a generic linear code. The original paper proposed McEliece type Cryptosystem based on Gabidulin Codes

  4. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Traditional McEliece Crypto System In 1978 Robert McEliece [McE78] proposed an asymmetric encryption scheme based on the hardness of decoding a generic linear code. The original paper proposed an [ n , k ] = [1024 , 512] classical binary Goppa code having designed distance d = 50 and generator matrix G . McEliece type Cryptosystem based on Gabidulin Codes

  5. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Traditional McEliece Crypto System In 1978 Robert McEliece [McE78] proposed an asymmetric encryption scheme based on the hardness of decoding a generic linear code. The original paper proposed an [ n , k ] = [1024 , 512] classical binary Goppa code having designed distance d = 50 and generator matrix G . Public will be ˜ G := SGP where S is a random invertible matrix and P a permutation matrix. - The matrices S , G , P are kept private. McEliece type Cryptosystem based on Gabidulin Codes

  6. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Traditional McEliece Crypto System In 1978 Robert McEliece [McE78] proposed an asymmetric encryption scheme based on the hardness of decoding a generic linear code. The original paper proposed an [ n , k ] = [1024 , 512] classical binary Goppa code having designed distance d = 50 and generator matrix G . Public will be ˜ G := SGP where S is a random invertible matrix and P a permutation matrix. - The matrices S , G , P are kept private. Encryption: m �→ m ˜ G + e , where e is an error vector with weight half the minimum distance. McEliece type Cryptosystem based on Gabidulin Codes

  7. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Advantages/Disadvantages of McEliece System McEliece type Cryptosystem based on Gabidulin Codes

  8. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Advantages/Disadvantages of McEliece System Positive: Both encryption and decryption have quadratic complexity in block length. McEliece type Cryptosystem based on Gabidulin Codes

  9. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Advantages/Disadvantages of McEliece System Positive: Both encryption and decryption have quadratic complexity in block length. Positive: No polynomial time quantum algorithm is known to decode a general linear block code. McEliece type Cryptosystem based on Gabidulin Codes

  10. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Advantages/Disadvantages of McEliece System Positive: Both encryption and decryption have quadratic complexity in block length. Positive: No polynomial time quantum algorithm is known to decode a general linear block code. Negative: The public key is fairly large. - About 0.5 Megabites compared to 0.1 Megabites for RSA and 0.02 Megabites for elliptic curves. McEliece type Cryptosystem based on Gabidulin Codes

  11. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Changing the underlying code McEliece type Cryptosystem based on Gabidulin Codes

  12. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Changing the underlying code Generalized Reed-Solomon Codes: (Together with general monomial transformations). Sidelnikov and Shestakov [SS92] were able to retrieve the underlying code structure in polynomial time. McEliece type Cryptosystem based on Gabidulin Codes

  13. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Changing the underlying code Generalized Reed-Solomon Codes: (Together with general monomial transformations). Sidelnikov and Shestakov [SS92] were able to retrieve the underlying code structure in polynomial time. LDPC Codes: First proposed in 2000 [MRS00]. Problem: Size of code has to be very large in order to make sure that no low weight vectors in the dual code can be retrieved. McEliece type Cryptosystem based on Gabidulin Codes

  14. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Changing the underlying code Generalized Reed-Solomon Codes: (Together with general monomial transformations). Sidelnikov and Shestakov [SS92] were able to retrieve the underlying code structure in polynomial time. LDPC Codes: First proposed in 2000 [MRS00]. Problem: Size of code has to be very large in order to make sure that no low weight vectors in the dual code can be retrieved. Puncturing and Subspace Constructions: If the starting code is a Reed-Solomon code then there are powerful recent “distinguisher attacks” (Val´ erie Gauthier, Ayoub Otmani, Jean-Pierre Tillich and Alain Couvreur, Irene Marquez-Corbella, Ruud Pellikaan.) McEliece type Cryptosystem based on Gabidulin Codes

  15. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Variants of McEliece System McEliece type Cryptosystem based on Gabidulin Codes

  16. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Variants of McEliece System Niederreiter cryptosystem: Harald Niederreiter proposed this variant in 1986 and it works with syndromes and disguised parity check matrices. The security is equivalent to the original McEliece system, the transmitted messages are shorter and encryption is faster. - In particular for signature schemes attractive. McEliece type Cryptosystem based on Gabidulin Codes

  17. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Variants of McEliece System Niederreiter cryptosystem: Harald Niederreiter proposed this variant in 1986 and it works with syndromes and disguised parity check matrices. The security is equivalent to the original McEliece system, the transmitted messages are shorter and encryption is faster. - In particular for signature schemes attractive. Specifying the errors: Together with Baldi, Chiaraluce and Schipani [BBC + 14] we showed that it is possible to do a transformation of the generator matrix (e.g. with low rank matrices) where encryption then requires that the error vectors have to lie in a specified variety. McEliece type Cryptosystem based on Gabidulin Codes

  18. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Variants of McEliece System Niederreiter cryptosystem: Harald Niederreiter proposed this variant in 1986 and it works with syndromes and disguised parity check matrices. The security is equivalent to the original McEliece system, the transmitted messages are shorter and encryption is faster. - In particular for signature schemes attractive. Specifying the errors: Together with Baldi, Chiaraluce and Schipani [BBC + 14] we showed that it is possible to do a transformation of the generator matrix (e.g. with low rank matrices) where encryption then requires that the error vectors have to lie in a specified variety. Low weight transformations: Instead of using monomial transformations it is possible to use transformations where low weight vectors are mapped onto low weight vectors. McEliece type Cryptosystem based on Gabidulin Codes

  19. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Crucial for the cryptanalysis of many variants of Reed-Solomon based systems are the following concept: McEliece type Cryptosystem based on Gabidulin Codes

  20. Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes Crucial for the cryptanalysis of many variants of Reed-Solomon based systems are the following concept: Definition Let C ⊂ F n be a [ n , k ] block code. Then the square C 2 of C is defined as the span of all vectors of the form { a ⋆ b | a , b ∈ C} where a ⋆ b denotes the (component-wise) Hadamard product. McEliece type Cryptosystem based on Gabidulin Codes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University January 26, 2018 Joint work with Austin Allen, Keller Blackwell, Olivia Fiol, Rutuja Kshirsagar, and Zoe Nelson, supervised by Gretchen Matthews. Coding

773 views • 18 slides
A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul

A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul

LDPC and MDPC Codes QC-MDPC McEliece Attack of Guo et al. QC-LDPC McEliece Our Attack A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul Stankovski 2 , Pavol Zajac 1 , Qian Guo 2 , Thomas Johansson

693 views • 37 slides
Classic McEliece: conservative code-based cryptography D. J. Bernstein classic.mceliece.org

Classic McEliece: conservative code-based cryptography D. J. Bernstein classic.mceliece.org

1 Classic McEliece: conservative code-based cryptography D. J. Bernstein classic.mceliece.org Fundamental literature: 1962 Prange (attack) + many more attack papers. 1968 Berlekamp (decoder). 19701971 Goppa (codes). 1978 McEliece

775 views • 58 slides
A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes Outline 1 Motivation 2

1.31k views • 61 slides
Some recent developments in the theory of linear MRD-codes Olga Polverino Universit degli

Some recent developments in the theory of linear MRD-codes Olga Polverino Universit degli

Linear MRD-codes Generalized Gabidulin Codes and linearized polynomials Generalized Twisted Gabidulin Codes MRD-codes-Maxim Some recent developments in the theory of linear MRD-codes Olga Polverino Universit degli Studi della Campania,

1.92k views • 170 slides
Cryptanalysis of the Sidelnikov cryptosystem Lorenz Minder, Amin Shokrollahi {

Cryptanalysis of the Sidelnikov cryptosystem Lorenz Minder, Amin Shokrollahi {

Cryptanalysis of the Sidelnikov cryptosystem Lorenz Minder, Amin Shokrollahi { lorenz.minder,amin.shokrollahi } @epfl.ch. LMA, EPFL Cryptanalysis of the Sidelnikov cryptosystem p.1/18 McEliece type cryptosystems PKCS based on

785 views • 18 slides
Decoding random codes: asymptotics, benchmarks, challenges, and implementations D. J.

Decoding random codes: asymptotics, benchmarks, challenges, and implementations D. J.

Decoding random codes: asymptotics, benchmarks, challenges, and implementations D. J. Bernstein University of Illinois at Chicago Assume that were using the McEliece cryptosystem (or Neiderreiter or ) to encrypt a plaintext.

1.17k views • 71 slides
Support Constrained Generator Matrices of Gabidulin Codes in Characteristic Zero Hikmet Yildiz

Support Constrained Generator Matrices of Gabidulin Codes in Characteristic Zero Hikmet Yildiz

Support Constrained Generator Matrices of Gabidulin Codes in Characteristic Zero Hikmet Yildiz , Netanel Raviv , Babak Hassibi California Institute of Technology, Pasadena CA Washington University in Saint Louis, St. Louis MO

336 views • 21 slides
Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR,

Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR,

Cryptanalysis of a variant of the McEliece encryption scheme Julien Lavauzelle IRMAR, Universit de Rennes 1 Journes Nationales de Calcul Formel 2020 03/03/2020 Outline 1. McEliece cryptosystem and variants 2. Attack on the ReedSolomon

782 views • 52 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003 Yokohama Binary Goppa Codes Introduction Used for cryptography ( McEliece cryptosystem) Indistinguishable from a random linear code

138 views • 11 slides
Cryptanalysis of Two Variants of the McEliece Cryptosystem Ayoub Otmani 1

Cryptanalysis of Two Variants of the McEliece Cryptosystem Ayoub Otmani 1

Cryptanalysis of Two Variants of the McEliece Cryptosystem Ayoub Otmani 1 Ayoub.Otmani@info.unicaen.fr eonard Dallot 1 Jean-Pierre Tillich 2 L Leonard.Dallot@info.unicaen.fr jean-pierre.tillich@inria.fr 1 GREYC - Groupe de Recherche en

857 views • 51 slides
Classic McEliece: conservative code-based cryptography Round 2 https://classic.mceliece.org/

Classic McEliece: conservative code-based cryptography Round 2 https://classic.mceliece.org/

Classic McEliece: conservative code-based cryptography Round 2 https://classic.mceliece.org/ Daniel J. Bernstein 1 , Tung Chou 2 , Tanja Lange 3 , Ingo von Maurich, Rafael Misoczki 4 , Ruben Niederhagen 5 , Edoardo Persichetti 6 , Christiane

439 views • 28 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Generalized Gabidulin Codes and their Generator Matrices Alessandro Neri 23 July 2018 - LAWCI

Generalized Gabidulin Codes and their Generator Matrices Alessandro Neri 23 July 2018 - LAWCI

Generalized Gabidulin Codes and their Generator Matrices Alessandro Neri 23 July 2018 - LAWCI Alessandro Neri 11 June 2018 1 / 6 Generalized Reed-Solomon Codes Reed, Solomon (1960) F q [ x ] < k := { f ( x ) F q [ x ] | deg f < k }

255 views • 21 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 55 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.29k views • 116 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to Modern Cryptography Chapman & Hall/CRC, 2008 Christof Paar, Jan Pelzl: Markus Kuhn Understanding Cryptography Springer, 2010

470 views • 20 slides
Natural Language Steganography and an AI-complete Security Primitive by Richard Bergmair

Natural Language Steganography and an AI-complete Security Primitive by Richard Bergmair

Natural Language Steganography and an AI-complete Security Primitive by Richard Bergmair Oct-03 Apr-04 University of Derby in Austria Technische Universitt Mnchen conducted under the supervision of Stefan Katzenbeisser Natural

1.94k views • 182 slides
Algorithmic Coalitional Game Theory Lecture 12: Anytime Coalition Structure Generation Oskar

Algorithmic Coalitional Game Theory Lecture 12: Anytime Coalition Structure Generation Oskar

Algorithmic Coalitional Game Theory Lecture 12: Anytime Coalition Structure Generation Oskar Skibski University of Warsaw 19.05.2020 Coalition Structure Generation Coalition Structure Generation Find a partition of players = { ! ,

310 views • 27 slides
Computational Linguistics II: Parsing Formal Languages: Overview & Regular Languages Frank

Computational Linguistics II: Parsing Formal Languages: Overview & Regular Languages Frank

Computational Linguistics II: Parsing Formal Languages: Overview & Regular Languages Frank Richter & Jan-Philipp S ohn fr@sfs.uni-tuebingen.de, jp.soehn@uni-tuebingen.de Computational Linguistics II: Parsing p.1 Origins of

211 views • 8 slides
Applications of Latent Entity Networks in Information Retrieval Andreas Spitz, Michael Gertz

Applications of Latent Entity Networks in Information Retrieval Andreas Spitz, Michael Gertz

Applications of Latent Entity Networks in Information Retrieval Andreas Spitz, Michael Gertz Heidelberg University, Institute of Computer Science Database Systems Research Group { spitz,gertz } @informatik.uni-heidelberg.de Workshop

576 views • 19 slides
Analysis of Two Existing and One New Dynamic Programming Algorithm for the Generation of Optimal

Analysis of Two Existing and One New Dynamic Programming Algorithm for the Generation of Optimal

Analysis of Two Existing and One New Dynamic Programming Algorithm for the Generation of Optimal Bushy Join Trees without Cross Products Guido Moerkotte Thomas Neumann September 15, 2006 Thomas Neumann New Dynamic Programming Algorithm for

725 views • 39 slides

More recommend