An observation on the security of McEliece's public-key cryptosystem
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
Reaction Attacks against several Public-Key Cryptosystems
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
A method for finding codewords of small weight
Proceedings of the 3rd International Colloquium on Coding Theory and Applications
Security-Related Comments Regarding McEliece's Public-Key Cryptosystem
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Failure of the McEliece Public-Key Cryptosystem Under Message-Resend and Related-Message Attack
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptoanalysis of the Original McEliece Cryptosystem
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Strengthening McEliece Cryptosystem
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The intractability of computing the minimum distance of a code
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
McEliece PKC (Public-Key Cryptosystem), whose security is based on the decoding problem, is one of a few alternatives for the current PKCs that are mostly based on either IFP (Integer Factoring Problem) or DLP (Discrete Logarithm Problem), which would be solved in polynomial-time after the emergence of quantum computers. It is known that the McEliece PKC with an appropriate conversion satisfies (in the random oracle model) the strongest security notion IND-CCA2 (INDistinguishability of encryption against adaptively Chosen-Ciphertext Attacks) under the assumption that breaking OW-CPA (One-Wayness against Chosen-Plaintext Attacks) of the underlying McEliece PKC, i.e. the McEliece PKC with no conversion, is infeasible. Breaking OW-CPA of it is still infeasible if an appropriate parameter, n 驴 2048 with optimum t and k, is chosen since the binary work factor to break it with the best CPA is around 2106 for (n, k, t) = (2048, 1278, 70). The aim of the modification at Asiacrypt 2000 is to improve it of the next smaller parameter n = 1024 to a safe level 288 from an almost dangerous level 262. If his idea works correctly, we can use the more compact system safely. In this paper, we carefully review the modification at Asiacrypt 2000, and then show that the one-wayness of it is vulnerable against our new CPAs.