A Distinguisher for High Rate McEliece Cryptosystem -- Extended Abstract - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2010

A Distinguisher for High Rate McEliece Cryptosystem -- Extended Abstract

Résumé

The purpose of this talk is to study the difficulty of the Goppa Code Distinguishing (GD) problem, which is the problem of distinguishing the public matrix in the McEliece cryptosystem from a random matrix. It is widely believed that this problem is computationally hard as proved by the increasing number of papers using this hardness assumption. One can consider that disproving/mitigating this hardness assumption is a breakthrough in code-based cryptography. In this paper, we present an efficient distinguisher for alternant and Goppa codes over binary/non binary fields. Our distinguisher is based on a recent algebraic attack against compact variants McEliece which reduces the key-recovery to the problem of solving an algebraic system of equations. We exploit a defect of rank in the (linear) system obtained by linearizing this algebraic system. It turns out that our distinguisher is also highly discriminant. Indeed, we are able to precisely quantify the defect of rank for “generic" binary and non-binary random, alternant and Goppa codes. We have verified these formulas with practical experiments, and a theoretical explanation for such defect of rank is also provided. To our knowledge, this is the first serious cryptographic weakness observed on McEliece since thirty years.
Fichier non déposé

Dates et versions

hal-01288929 , version 1 (15-03-2016)

Identifiants

  • HAL Id : hal-01288929 , version 1

Citer

Jean-Charles Faugère, Ayoub Otmani, Ludovic Perret, Jean-Pierre Tillich. A Distinguisher for High Rate McEliece Cryptosystem -- Extended Abstract. Yet Another Conference on Cryptography, YACC 2010, Oct 2010, Porquerolles, France. pp.1-4. ⟨hal-01288929⟩
141 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More