Cryptanalysis of McEliece’s Public-Key Cryptosystem

Korzhik, Valery; Turkin, Andrey I.

doi:10.1007/3-540-46416-6_5

Cited by 25 publications

(19 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…if A distinguishes b for any combinations of Hashz and Gen, the fault must be in the conversion structure. (16) from (12), (14) and (15). The number of steps of B is at most t + (T Dec + T G ) · q G + T H · q H where T Dec is the number of steps for decrypting the original McEliece PKC using a new query to Gen asz, T G is both for checking whether a query to Gen is new or not and for returning the corresponding value, and T H is both for checking whether a query to Hash z is new or not and for returning the corresponding value.…”

Section: Definition 1 Let Askg Denote the Event Thatz Is Asked Tomentioning

confidence: 99%

Semantically Secure McEliece Public-Key Cryptosystems -Conversions for McEliece PKC -

Kobara

Imai

2001

Lecture Notes in Computer Science

130

105

View full text Add to dashboard Cite

Abstract. Almost all of the current public-key cryptosystems (PKCs) are based on number theory, such as the integer factoring problem and the discrete logarithm problem (which will be solved in polynomial-time after the emergence of quantum computers). While the McEliece PKC is based on another theory, i.e. coding theory, it is vulnerable against several practical attacks. In this paper, we carefully review currently known attacks to the McEliece PKC, and then point out that, without any decryption oracles or any partial knowledge on the plaintext of the challenge ciphertext, no polynomial-time algorithm is known for inverting the McEliece PKC whose parameters are carefully chosen. Under the assumption that this inverting problem is hard, we propose slightly modified versions of McEliece PKC that can be proven, in the random oracle model, to be semantically secure against adaptive chosen-ciphertext attacks. Our conversions can achieve the reduction of the redundant data down to 1/3 ∼ 1/4 compared with the generic conversions for practical parameters.

show abstract

Section: Definition 1 Let Askg Denote the Event Thatz Is Asked Tomentioning

confidence: 99%

Semantically Secure McEliece Public-Key Cryptosystems -Conversions for McEliece PKC -

Kobara

Imai

2001

Lecture Notes in Computer Science

130

105

View full text Add to dashboard Cite

show abstract

“…Korzhik and Turkin, announced that they had broken the cryptosystem. They gave a "demonstration" of their "attack" at Eurocrypt '91 [11]. However, the demonstration was only a toy: in place of the Goppa code it used a BCH code of dimension 36 in F_, 63 = GF(2) 63, with minimum distance 11, and an error vector of weight 5.…”

Section: Remarksmentioning

confidence: 99%

Failure of the McEliece public-key cryptosystem under message-resend and related-message attack

Berson

1997

Advances in Cryptology — CRYPTO '97

View full text Add to dashboard Cite

The McEliece public-key cr3~tosystem fails to protect any message which is sent to a recipient more than once using different random error vectors. In general, it fails to protect any messages sent to a recipient which have a known linear relation to one another. Under these conditions, which are easily detectable, the cryptosystem is subject to a devastating attack which reveals plaintext with a work factor which is 1015 times better than the best general attack.Keywords: McEliece, public-key cryptosystem, randomization, error-correcting codes, error vectors, message-resend attack, related-message attack, protocol failure, eryptanalysis. IntroductionThe McEliece public-key cryptosystem was proposed nearly 20 years ago [14]. The system is simple to explain and is very fast in execution. It is based on an NP-hard problem in coding theory, and features the ability of a hidden error-correcting code to recover plaintext from ciphertexts which the sender intentionally garbles with random errors. Although it has received much attention from the cryptologic community, the system remains unbroken to this day.Despite these advantages, the McEliece public-key cryptosystem it is not widely used. Perhaps this is because it has a large public key and a low information rate. But changes in technology and economics, for example the plummeting cost of storage, keep it on the list of candidates for some applications.In this paper we analyze and exploit the failure of the McEliece public-key cryptosystem to protect plaintext when any message is sent to a recipient more than once using different random error vectors. Our message-resend attack succeeds in flk 3 time, wherefl is a small constant, and k is the message size of the underlying code. We then generalize our attack to a related-message attack, which recovers any messages sent to a recipient when a linear relation between the messages is known, again in flk 3 time.

show abstract

“…In 1991, two Russian cryptographers claimed to have broken the McEliece system with some parameters [882]. Their paper contained no evidence to substantiate their claim, and most cryptographers discount the result.…”

Section: Private Key: X < Pmentioning

confidence: 99%

Applied cryptography: Protocols, algorithms, and source code in C

1994

Computer Law & Security Review

771

View full text Add to dashboard Cite

Cryptanalysis of McEliece’s Public-Key Cryptosystem

Abstract: An approach is proposed for the cryptanalysis of the well-known version of McEliece's public-key ayptosystem that is based on a new

Cited by 25 publications

References 2 publications

Semantically Secure McEliece Public-Key Cryptosystems -Conversions for McEliece PKC -

Semantically Secure McEliece Public-Key Cryptosystems -Conversions for McEliece PKC -

Failure of the McEliece public-key cryptosystem under message-resend and related-message attack

Applied cryptography: Protocols, algorithms, and source code in C

Contact Info

Product

Resources

About