nach oben

Designs, Codes and Cryptography

Erschienen in:

11.03.2020

Cryptanalysis of a system based on twisted Reed–Solomon codes

verfasst von: Julien Lavauzelle, Julian Renner

Erschienen in: Designs, Codes and Cryptography | Ausgabe 7/2020

Einloggen, um Zugang zu erhalten

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Twisted Reed–Solomon (TRS) codes are a family of codes that contains a large number of maximum distance separable codes that are non-equivalent to Reed–Solomon codes. TRS codes were recently proposed as an alternative to Goppa codes for the McEliece code-based cryptosystem, resulting in a potential reduction of key sizes. The use of TRS codes in the McEliece cryptosystem has been motivated by the fact that a large subfamily of TRS codes is resilient to a direct use of known algebraic key-recovery methods. In this paper, an efficient key-recovery attack on the TRS variant that was used in the McEliece cryptosystem is presented. The algorithm exploits a new approach based on recovering the structure of a well-chosen subfield subcode of the public code. It is proved that the attack always succeeds and breaks the system for all practical parameters in \(O(n^4)\) field operations. A software implementation of the algorithm retrieves a valid private key from the public key within a few minutes, for parameters claiming a security level of 128 bits. The success of the attack also indicates that, contrary to common beliefs, subfield subcodes of the public code need to be precisely analyzed when proposing a McEliece-type code-based cryptosystem. Finally, the paper discusses an attempt to repair the scheme and a modification of the attack aiming at Gabidulin–Paramonov–Tretjakov cryptosystems based on twisted Gabidulin codes.

Nächster Artikel Affine equivalence for quadratic rotation symmetric Boolean functions

Since the parameters k and \(h_1,\ldots ,h_{\ell }\) are public, an attacker knows the set \(\mathcal {I}\).

Banegas G., Barreto P.S.L.M., Boidje B.O., Cayrel P.-L., Dione G.N., Gaj K., Gueye C.T., Haeussler R., Klamti J.B., Ndiaye O., Nguyen D.T., Persichetti E., Ricardini J.E.: DAGS: key encapsulation using dyadic GS codes. J. Math. Cryptol. 12(4), 221–239 (2018).MathSciNetCrossRef

Bardet M., Barelli É., Blazy O., Torres R.C., Couvreur A., Gaborit P., Otmani A., Sendrier N., Tillich J.-P.L: BIG QUAKE BInary Goppa QUAsi–cyclic Key Encapsulation. (2017). https://bigquake.inria.fr.

Barelli É., Couvreur A.: An efficient structural attack on NIST submission DAGS. In: Peyrin T., Galbraith S.D. (eds.) Advances in Cryptology—ASIACRYPT, vol. 11272, pp. 93–118. Springer, New York (2018).

Beelen P., Puchinger S., Rosenkilde né N.J.: Twisted Reed-Solomon codes. In IEEE Int. Symp. Inf. Theory (ISIT) (2017).

Beelen P., Bossert M., Puchinger S., Rosenkilde né N.J.: Structural properties of twisted Reed-Solomon codes with applications to code-based cryptography. In: IEEE Int. Symp. Inf. Theory (ISIT) (2018).

Berger T.P., Loidreau P.: How to mask the structure of codes for a cryptographic use. Des. Codes Cryptogr. 35(1), 63–79 (2005).MathSciNetCrossRef

Berger T.P., Cayrel P.-L., Gaborit P., Otmani A.: Reducing key length of the McEliece cryptosystem. In: Preneel B. (ed.) Progress in Cryptology—AFRICACRYPT, vol. 5580, pp. 77–97. Springer (2009).

Bernstein D.J., Chou T., Lange T., von Maurich I., Misoczki R., Niederhagen R., Persichetti E., Peters C., Schwabe P., Sendrier N., Szefer J., Wang W.: Classic McEliece (2017). https://classic.mceliece.org.

Couvreur A., Gaborit P., Gauthier-Umaña V., Otmani A., Tillich J.-P.: Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes. Des. Codes Cryptogr. 73(2), 641–666 (2014).MathSciNetCrossRef

10.

Couvreur A., Corbella I.M., Pellikaan R.: Cryptanalysis of McEliece cryptosystem based on algebraic geometry codes and their subcodes. IEEE Trans. Inf. Theory 63(8), 5404–5418 (2017).MathSciNetCrossRef

11.

Couvreur A., Lequesne M., Tillich J.-P.: Recovering short secret keys of RLCE in polynomial time. In: Jintai D., Rainer S. (eds.) Post-Quantum Cryptography—10th International Conference, PQCrypto 2019, Chongqing, China, 8–10 May 2019, Revised Selected Papers, volume 11505 of Lecture Notes in Computer Science, pp. 133–152. Springer (2019).

12.

Faugère J.-C., Otmani A., Perret L., Tillich J-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert H. (ed.) Advances in Cryptology—EUROCRYPT 2010, vol. 6110, pp. 279–298. Springer (2010).

13.

Faugère J.-C., Otmani A., Perret L., de Portzamparc F., Tillich J.-P.: Structural cryptanalysis of McEliece schemes with compact keys. Des. Codes Cryptogr. 79(1), 87–112 (2016).MathSciNetCrossRef

14.

Gabidulin E.M.: Theory of codes with maximum rank distance. Probl. Inf. Transm. 21(1), 3–16 (1985).MathSciNetMATH

15.

Gabidulin E.M., Paramonov A.V., Tretjakov O.V.: Ideals over a non-commutative ring and their application in cryptology. In: Workshop Theory and Appl. Cryptogr. Techn., pp. 482–489. Springer (1991).

16.

Janwa H., Moreno O.: McEliece public key cryptosystems using algebraic-geometric codes. Des. Codes Cryptogr. 8(3), 293–307 (1996).MathSciNetCrossRef

17.

McEliece R.J.: A public-key cryptosystem based on algebraic coding theory. Jet Propuls. Lab. DSN Progr. Rep. 42–44, 114–116 (1978).

18.

Minder L., Shokrollahi A.: Cryptanalysis of the Sidelnikov cryptosystem. In Advances in Cryptology—EUROCRYPT 2007, vol. 4515, pp. 347–360. Springer (2007).

19.

Niederreiter H.: Knapsack type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15, 159 (1986).MathSciNetMATH

20.

Overbeck R.: A new structural attack for GPT and variants. LNCS: MYCRYPT 3715, 50–63 (2005).MATH

21.

Overbeck R.: Public key cryptography based on coding theory. PhD thesis, Darmstadt University of Technology, Germany (2007).

22.

Puchinger S.: Construction and decoding of evaluation codes in hamming and rank metric. PhD thesis, Ulm University, Germany (2018).

23.

Puchinger S., Renner J., Wachter-Zeh A.: Twisted Gabidulin codes in the GPT cryptosystem. In: Int. Workshop Alg. Combin. Coding Theory (ACCT) (2018).

24.

Sidelnikov M.V.: Public-key cryptosystem based on binary Reed-Muller codes. Discret. Math. Appl. 4, 191–208 (1994).CrossRef

25.

Sidelnikov M.V., Shestakov O.S.: On insecurity of cryptosystems based on generalized Reed-Solomon codes. Discret. Math. Appl. 2, 439–444 (1992).MATH

26.

The Sage Developers. SageMath, the Sage Mathematics Software System (2019). https://www.sagemath.org.

27.

Wang Y.: Quantum resistant random linear code based public key encryption scheme RLCE. In: IEEE International Symposium on Information Theory, ISIT 2016, Barcelona, Spain, 10–15 July 2016, pp. 2519–2523. IEEE (2016).

28.

Wieschebrink C.: An attack on a modified Niederreiter encryption scheme. In: Public Key Cryptography–PKC 2006, pp 14–26. Springer, Berlin (2006).

29.

Wieschebrink C.: Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. In: Sendrier N. (ed.) Post-quantum Cryptography, pp. 61–72. Springer, Berlin (2010).CrossRef

Titel: Cryptanalysis of a system based on twisted Reed–Solomon codes
verfasst von: Julien Lavauzelle
Julian Renner
Publikationsdatum: 11.03.2020
Verlag: Springer US
Erschienen in: Designs, Codes and Cryptography / Ausgabe 7/2020
Print ISSN: 0925-1022
Elektronische ISSN: 1573-7586
DOI: https://doi.org/10.1007/s10623-020-00747-6

Springer Professional

Cryptanalysis of a system based on twisted Reed–Solomon codes

Abstract

Premium Partner

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Weitere Artikel der Ausgabe 7/2020

On optimal weak algebraic manipulation detection codes and weighted external difference families

A geometric approach to rank metric codes and a classification of constant weight codes

Revisiting Gilbert’s known-key distinguisher

Subgroup perfect codes in Cayley sum graphs

Longest subsequences shared by two de Bruijn sequences

Affine equivalence for quadratic rotation symmetric Boolean functions

Premium Partner