Identity-Based Encryption from Codes with Rank Metric

Gaborit, Philippe; Hauteville, Adrien; Phan, Duong Hieu; Tillich, Jean–Pierre

doi:10.1007/978-3-319-63697-9_7

Cited by 50 publications

(84 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

“…Note that the Interleaved Search RSD problem is similar to the problem proposed in [29,Definition 7]. The only difference is that the rows of the matrix X in Interleaved RSD Distribution have the same row space whereas the rows of U ⊤ in [29,Definition 7] have the same column space. For a small interleaving order ℓ, the currently most efficient algorithm to solve both, the Interleaved Search RSD Problem and the problem given in [29,Definition 7], was presented in [3] and will be analyzed in Section IV.…”

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

“…The only difference is that the rows of the matrix X in Interleaved RSD Distribution have the same row space whereas the rows of U ⊤ in [29,Definition 7] have the same column space. For a small interleaving order ℓ, the currently most efficient algorithm to solve both, the Interleaved Search RSD Problem and the problem given in [29,Definition 7], was presented in [3] and will be analyzed in Section IV. For a high interleaving order ℓ ≥ w, the algorithm proposed in [30] is able to solve the Interleaved Search RSD Problem with high probability in polynomial time.…”

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

“…For a high interleaving order ℓ ≥ w, the algorithm proposed in [30] is able to solve the Interleaved Search RSD Problem with high probability in polynomial time. For an interleaving order greater than wk, the algorithm proposed in [31] is able to efficiently solve [29,Definition 7], see [31, Section 6.5].…”

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

See 3 more Smart Citations

Interleaving Loidreau’s Rank-Metric Cryptosystem

Renner

Puchinger

Wachter-Zeh

2019

2019 XVI International Symposium "Problems of Redundancy in Information and Control Systems" (REDUNDANCY)

View full text Add to dashboard Cite

We propose and analyze an interleaved variant of Loidreau's rank-metric cryptosystem based on rank multipliers. We analyze and adapt several attacks on the system, propose design rules, and study weak keys. Finding secure instances requires near-MRD rank-metric codes which are not investigated in the literature. Thus, we propose a random code construction that makes use of the fact that short random codes over large fields are MRD with high probability. We derive an upper bound on the decryption failure rate and give example parameters for potential key size reduction.

show abstract

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

Section: Difficult Problems In Rank Metricmentioning

confidence: 99%

See 2 more Smart Citations

Interleaving Loidreau’s Rank-Metric Cryptosystem

Renner

Puchinger

Wachter-Zeh

2019

2019 XVI International Symposium "Problems of Redundancy in Information and Control Systems" (REDUNDANCY)

View full text Add to dashboard Cite

show abstract

“…The resulting code has length un and dimension uk, where n and k are the length and the dimension of the component code, respectively. This LRPC code construction is motivated by the difficult generic decoding problem stated in [14,Definition 7].…”

Section: Introductionmentioning

confidence: 99%

Efficient Decoding of Interleaved Low-Rank Parity-Check Codes

Renner

Jerkovits

Bartz

2019

2019 XVI International Symposium "Problems of Redundancy in Information and Control Systems" (REDUNDANCY)

View full text Add to dashboard Cite

show abstract

Two Attacks on Rank Metric Code-Based Schemes: RankSign and an IBE Scheme

Debris-Alazard

Tillich

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

RankSign [GRSZ14] is a code-based signature scheme proposed to the NIST competition for quantum-safe cryptography [AGH + 17] and, moreover, is a fundamental building block of a new Identity-Based-Encryption (IBE) [GHPT17]. This signature scheme is based on the rank metric and enjoys remarkably small key sizes, about 10KBytes for an intended level of security of 128 bits. Unfortunately we will show that all the parameters proposed for this scheme in [AGH + 17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords. Therefore, without RankSign the IBE cannot be instantiated at this time. As a second contribution we will show that the problem is deeper than finding a new signature in rank-based cryptography, we also found an attack on the generic problem upon which its security reduction relies. However, contrarily to the RankSign scheme, it seems that the parameters of the IBE scheme could be chosen in order to avoid our attack. Finally, we have also shown that if one replaces the rank metric in the [GHPT17] IBE scheme by the Hamming metric, then a devastating attack can be found. Introduction1.1 An efficient code-based signature scheme: RankSign and a codebased Identity-Based-Encryption schemeCode-based signature schemes. It is a long standing open problem to build an efficient and secure signature scheme based on the hardness of decoding a linear code which could compete in all respects with DSA or RSA. Such schemes could indeed give a quantum resistant signature for replacing in practice the aforementioned signature schemes that are well known to be broken by quantum computers. A first partial answer to this question was given in [CFS01]. It consisted in adapting the Niederreiter scheme [Nie86] for this purpose. This requires a linear code for which there exists an efficient decoding algorithm for a non-negligible set of inputs. This means that if H is an r × n parity-check matrix of the code, there exists for a non-negligible set of elements s in {0, 1} r an efficient way to find a word e in {0, 1} n of smallest Hamming weight such that He ⊺ = s ⊺ . The authors of [CFS01] noticed that very high rate Goppa codes are able to fulfill this task, and their scheme can indeed be considered as the first step towards a solution of the aforementioned problem. However, the poor scaling of the key size when security has to be increased prevents this scheme to be a completely satisfying answer to this issue. The rank metric. There has been some exciting progress in this area for another metric, namely the rank metric [GRSZ14]. A code-based signature scheme whose security relies on decoding codes with respect to the rank metric has been proposed there. It is called RankSign. Strictly speaking,

show abstract

Identity-Based Encryption from Codes with Rank Metric

Cited by 50 publications

References 42 publications

Interleaving Loidreau’s Rank-Metric Cryptosystem

Interleaving Loidreau’s Rank-Metric Cryptosystem

Efficient Decoding of Interleaved Low-Rank Parity-Check Codes

Two Attacks on Rank Metric Code-Based Schemes: RankSign and an IBE Scheme

Contact Info

Product

Resources

About