A public-key cryptosystem based on shift register sequences
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
Efficient computation of zero-dimensional Gro¨bner bases by change of ordering
Journal of Symbolic Computation
Severely denting the Gabidulin version of the McEliece public key cryptosystem
Designs, Codes and Cryptography
McEliece Public Key Cryptosystems Using Algebraic-Geometric Codes
Designs, Codes and Cryptography
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
A new efficient algorithm for computing Gröbner bases without reduction to zero (F5)
Proceedings of the 2002 international symposium on Symbolic and algebraic computation
How to Mask the Structure of Codes for a Cryptographic Use
Designs, Codes and Cryptography
Structural Attacks for Public Key Cryptosystems based on Gabidulin Codes
Journal of Cryptology
Cryptanalysis of the Sidelnikov Cryptosystem
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Attacking and Defending the McEliece Cryptosystem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
McEliece Cryptosystem Implementation: Theory and Practice
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Reducing Key Length of the McEliece Cryptosystem
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Compact McEliece Keys from Goppa Codes
Selected Areas in Cryptography
Security Bounds for the Design of Code-Based Cryptosystems
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Ideals over a non-commutative ring and their application in cryptology
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Designing an efficient and secure public-key cryptosystem based on reducible rank codes
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
FGb: a library for computing Gröbner bases
ICMS'10 Proceedings of the Third international congress conference on Mathematical software
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Parallel-CFS: strengthening the CFS McEliece-based signature scheme
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
A zero-knowledge identification scheme based on the q-ary syndrome decoding problem
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Implementation of mceliece based on quasi-dyadic goppa codes for embedded devices
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Monoidic codes in cryptography
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Improving the complexity of index calculus algorithms in elliptic curves over binary fields
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient implementation of a CCA2-Secure variant of mceliece using generalized srivastava codes
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Solving underdetermined systems of multivariate quadratic equations revisited
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
ISC'12 Proceedings of the 15th international conference on Information Security
On the complexity of solving quadratic Boolean systems
Journal of Complexity
A new version of mceliece PKC based on convolutional codes
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
On polynomial systems arising from a weil descent
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Solving polynomial systems over finite fields: improved analysis of the hybrid approach
Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation
Smaller keys for code-based cryptography: QC-MDPC mceliece implementations on embedded devices
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Asymptotic behaviour of codes in rank metric over finite fields
Designs, Codes and Cryptography
Computational aspects of retrieving a representation of an algebraic geometry code
Journal of Symbolic Computation
| Hi-index | 0.00 |
In this paper we propose a new approach to investigate the security of the McEliece cryptosystem. We recall that this cryptosystem relies on the use of error-correcting codes. Since its invention thirty years ago, no efficient attack had been devised that managed to recover the private key. We prove that the private key of the cryptosystem satisfies a system of bi-homogeneous polynomial equations. This property is due to the particular class of codes considered which are alternant codes. We have used these highly structured algebraic equations to mount an efficient key-recovery attack against two recent variants of the McEliece cryptosystems that aim at reducing public key sizes. These two compact variants of McEliece managed to propose keys with less than 20,000 bits. To do so, they proposed to use quasi-cyclic or dyadic structures. An implementation of our algebraic attack in the computer algebra system Magma allows to find the secret-key in a negligible time (less than one second) for almost all the proposed challenges. For instance, a private key designed for a 256-bit security has been found in 0.06 seconds with about 217.8 operations.