An observation on the security of McEliece's public-key cryptosystem
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A new identification scheme based on syndrome decoding
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
How to Achieve a McEliece-Based Digital Signature Scheme
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Attacking and Defending the McEliece Cryptosystem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Security Bounds for the Design of Code-Based Cryptosystems
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An efficient pseudo-random generator provably as secure as syndrome decoding
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The knapsack hash function proposed at Crypto'89 can be broken
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Linearization attacks against syndrome based hashes
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Parallel-CFS: strengthening the CFS McEliece-based signature scheme
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Really fast syndrome-based hashing
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Smaller decoding exponents: ball-collision decoding
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
IEEE Transactions on Information Theory
On the complexity of some cryptographic problems based on the general decoding problem
IEEE Transactions on Information Theory
A code-based 1-out-of-n oblivious transfer based on mceliece assumptions
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Smaller keys for code-based cryptography: QC-MDPC mceliece implementations on embedded devices
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Generic decoding of linear codes is the best known attack against most code-based cryptosystems. Understanding and measuring the complexity of the best decoding techniques is thus necessary to select secure parameters. We consider here the possibility that an attacker has access to many cryptograms and is satisfied by decrypting (i.e. decoding) only one of them. We show that, for the parameter range corresponding to the McEliece encryption scheme, a variant of Stern's collision decoding can be adapted to gain a factor almost $\sqrt{N}$ when N instances are given. If the attacker has access to an unlimited number of instances, we show that the attack complexity is significantly lower, in fact the number of security bits is divided by a number slightly smaller than 3/2 (but larger than 1). Finally we give indications on how to counter those attacks.