An observation on the security of McEliece's public-key cryptosystem
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A new identification scheme based on syndrome decoding
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
The BiBa one-time signature and broadcast authentication protocol
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
How to Achieve a McEliece-Based Digital Signature Scheme
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Digital Signature Scheme Based on Random Error-Correcting Codes
Proceedings of the 6th IMA International Conference on Cryptography and Coding
IEEE Transactions on Information Theory
Reducing Key Length of the McEliece Cryptosystem
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Provably Secure Code-Based Threshold Ring Signatures
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Post-quantum cryptography: code-based signatures
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
One-time signature scheme from syndrome decoding over generic error-correcting codes
Journal of Systems and Software
An efficient attack on all concrete KKS proposals
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Hi-index | 0.00 |
Kabastianskii, Krouk and Smeets proposed in 1997 a digital signature scheme based on random error-correcting codes. In this paper we investigate the security and the efficiency of their proposal. We show that a passive attacker who may intercept just a few signatures can recover the private key. We give precisely the number of signatures required to achieve this goal. This enables us to prove that all the schemes given in the original paper can be broken with at most 20 signatures. We improve the efficiency of these schemes by firstly providing parameters that enable to sign about 40 messages, and secondly, by describing a way to extend these few-timessignatures into classical multi-timesignatures. We finally study their key sizes and a mean to reduce them by means of more compact matrices.