A new identification scheme based on syndrome decoding
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Strengthening McEliece Cryptosystem
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Achieve a McEliece-Based Digital Signature Scheme
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Oblivious Transfer Based on the McEliece Assumptions
ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
Coding-Based Oblivious Transfer
Mathematical Methods in Computer Science
IEICE - Transactions on Information and Systems
Reducing Key Length of the McEliece Cryptosystem
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Compact McEliece Keys from Goppa Codes
Selected Areas in Cryptography
Security Bounds for the Design of Code-Based Cryptosystems
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
List decoding for binary Goppa codes
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Authenticating pervasive devices with human protocols
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the one-wayness against chosen-plaintext attacks of the Loidreau's modified McEliece PKC
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Code-based public-key cryptosystems are based on the hardness of a decoding problem. Their advantages include: 1) quantum tolerant, i.e. no polynomial time algorithm is known even on quantum computers whereas number theoretic public-key cryptosystems, such as RSA, Elliptic Curve Cryptosystems, DH, DSA, are vulnerable against them. 2) arithmetic unit is small for encryption and signature verification since they consists mostly of exclusive-ors that are highly parallelizable. The drawback is, however, that the public-key size is large, which is around some hundreds KB to some MB for typical parameters. Several attempts have been conducted to reduce the public-key size. Most of them, however, failed except one, which is Quasi-Dyadic (QD) public-key (for large extention degrees). While an attack has been proposed on QD public-key (for small extension degrees), it can be prevented by making the extension degree m larger, specifically by making q(m(m-1)) large enough where q is the base filed and q = 2 for a binary code. QD approach can be improved further by using the method proposed in this paper. We call it "Flexible" Quasi-Dyadic (FQD) since it is flexible in its parameter choice, i.e. FQD can even achieve the maximum code length n=2m-t with one shot for given error correction capability t whereas QD must hold n≪2m-t (at least n=2m-1) and the key generation is performed by trial and error. Achieving n = 2m -t or more loosely n = 2m -2⌈log2t⌉) is crucial for code-based digital signatures since they must make 2mt/(tn small enough and without making n close to 2m-t it cannot be satisfied. FQD can also be applied to code-based digital signatures.