On the Power of Quantum Computation
SIAM Journal on Computing
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
Handbook of Applied Cryptography
Handbook of Applied Cryptography
How to Achieve a McEliece-Based Digital Signature Scheme
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
The hidden subgroup problem and permutation group theory
SODA '05 Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms
Limitations of quantum coset states for graph isomorphism
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
The Symmetric Group Defies Strong Fourier Sampling
SIAM Journal on Computing
Attacking and Defending the McEliece Cryptosystem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Is code equivalence easy to decide?
IEEE Transactions on Information Theory
Finding the permutation between equivalent linear codes: the support splitting algorithm
IEEE Transactions on Information Theory
Weak keys in the McEliece public-key cryptosystem
IEEE Transactions on Information Theory
Universally composable oblivious transfer from lossy encryption and the mceliece assumptions
ICITS'12 Proceedings of the 6th international conference on Information Theoretic Security
Towards one cycle per bit asymmetric encryption: code-based cryptography on reconfigurable hardware
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
Quantum computers can break the RSA, El Gamal, and elliptic curve public-key cryptosystems, as they can efficiently factor integers and extract discrete logarithms. This motivates the development of post-quantum cryptosystems: classical cryptosystems that can be implemented with today's computers, that will remain secure even in the presence of quantum attacks. In this article we show that the McEliece cryptosystem over rational Goppa codes and the Niederreiter cryptosystem over classical Goppa codes resist precisely the attacks to which the RSA and El Gamal cryptosystems are vulnerable-namely, those based on generating and measuring coset states. This eliminates the approach of strong Fourier sampling on which almost all known exponential speedups by quantum algorithms are based. Specifically, we show that the natural case of the Hidden Subgroup Problem to which McEliece-type cryptosystems reduce cannot be solved by strong Fourier sampling, or by any measurement of a coset state. To do this, we extend recent negative results on quantum algorithms for Graph Isomorphism to subgroups of the automorphism groups of linear codes. This gives the first rigorous results on the security of the McEliece-type cryptosystems in the face of quantum adversaries, strengthening their candidacy for post-quantum cryptography. We also strengthen some results of Kempe, Pyber, and Shalev on the Hidden Subgroup Problem in Sn.