Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes
Because of their interesting algebraic properties, several authors promote the use of generalized Reed-Solomon codes in cryptography. Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure. Wieschebrink pr...
- Autores:
- Tipo de recurso:
- Fecha de publicación:
- 2014
- Institución:
- Universidad del Rosario
- Repositorio:
- Repositorio EdocUR - U. Rosario
- Idioma:
- eng
- OAI Identifier:
- oai:repository.urosario.edu.co:10336/23845
- Acceso en línea:
- https://doi.org/10.1007/s10623-014-9967-z
https://repository.urosario.edu.co/handle/10336/23845
- Palabra clave:
- Matrix algebra
Public key cryptography
Recovery
Reed-Solomon codes
Code-based cryptography
Distinguishers
Generalized reed-solomon codes
Ho-momorphic encryptions
Key-recovery
Codes (symbols)
Code-based cryptography
Distinguisher
Generalized Reed-Solomon codes
Homomorphic encryption
Key-recovery
- Rights
- License
- Abierto (Texto Completo)
| Summary: | Because of their interesting algebraic properties, several authors promote the use of generalized Reed-Solomon codes in cryptography. Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure. Wieschebrink proposed a variant of the McEliece cryptosystem which consists in concatenating a few random columns to a generator matrix of a secretly chosen generalized Reed-Solomon code. More recently, new schemes appeared which are the homomorphic encryption scheme proposed by Bogdanov and Lee, and a variation of the McEliece cryptosystem proposed by Baldi et al. which hides the generalized Reed-Solomon code by means of matrices of very low rank. In this work, we show how to mount key-recovery attacks against these public-key encryption schemes. We use the concept of distinguisher which aims at detecting a behavior different from the one that one would expect from a random code. All the distinguishers we have built are based on the notion of component-wise product of codes. It results in a powerful tool that is able to recover the secret structure of codes when they are derived from generalized Reed-Solomon codes. Lastly, we give an alternative to Sidelnikov and Shestakov attack by building a filtration which enables to completely recover the support and the non-zero scalars defining the secret generalized Reed-Solomon code. © 2014 Springer Science+Business Media New York. |
|---|