Wild mceliece incognito

Authors:
Daniel J. Bernstein;Tanja Lange;Christiane Peters
Affiliations:
Department of Computer Science, University of Illinois at Chicago, Chicago, IL;Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, Eindhoven, Netherlands;Department of Mathematics, Technical University of Denmark, Kgs. Lyngby, Denmark
Venue:
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Year:
2011

Citing 12
Cited 0

Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography

PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC

PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
How to Mask the Structure of Codes for a Cryptographic Use

Designs, Codes and Cryptography
Proceedings of the 17th international conference on Selected areas in cryptography

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Wild McEliece

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Proceedings of the Third international conference on Coding and cryptology

IWCC'11 Proceedings of the Third international conference on Coding and cryptology
List decoding for binary Goppa codes

IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Proceedings of the Third international conference on Post-Quantum Cryptography

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Cryptanalysis of the niederreiter public key scheme based on GRS subcodes

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Information-set decoding for linear codes over Fq

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Simplified high-speed high-distance list decoding for alternant codes

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Finding the permutation between equivalent linear codes: the support splitting algorithm

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

The wild McEliece cryptosystem uses wild Goppa codes over finite fields to achieve smaller public key sizes compared to the original McEliece cryptosystem at the same level of security against all attacks known. However, the cryptosystem drops one of the confidence-inspiring shields built into the original McEliece cryptosystem, namely a large pool of Goppa polynomials to choose from. This paper shows how to achieve almost all of the same reduction in key size while preserving this shield. Even if support splitting could be (1) generalized to handle an unknown support set and (2) sped up by a square-root factor, polynomial-searching attacks in the new system will still be at least as hard as information-set decoding. Furthermore, this paper presents a set of concrete cryptanalytic challenges to encourage the cryptographic community to study the security of code-based cryptography. The challenges range through codes over F2 ,F3 , …, F32 , and cover two different levels of how much the wildness is hidden.