a code based cryptosystem using grs codes
play

A Code-Based Cryptosystem using GRS Codes Violetta Weger University - PowerPoint PPT Presentation

Nov 24, 2023 •691 likes •1.31k views

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes Outline 1 Motivation 2

  1. A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes

  2. Outline 1 Motivation 2 Basic Definitions 3 McEliece System 4 BBCRS Scheme 5 Distinguisher Attack 6 Proposal 7 Security 8 Complexity and Key Size 9 Conclusion Violetta Weger Code-based Cryptosystem using GRS Codes

  3. Motivation Violetta Weger Code-based Cryptosystem using GRS Codes

  4. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  5. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  6. Public-Key Cryptography Violetta Weger Code-based Cryptosystem using GRS Codes

  7. Public-Key Cryptography Example: RSA Let p, q be primes. Compute n = pq and the Euler-totient function ϕ ( n ) = ( p − 1)( q − 1). Choose e < ϕ ( n ), s.t. gcd( e, n ) = 1. Public Key = ( n, e ) Private Key = ( p, q ) Encryption: Let m be the message. The cipher is computed as c = m e mod n. Decryption: Compute d and b s.t. de + bϕ ( n ) = 1 . Then by computing c d we recover the message, since c d = ( m e ) d = m 1 − bφ ( n ) = m ( m φ ( n ) ) − b ≡ m 1 − b = m. Violetta Weger Code-based Cryptosystem using GRS Codes

  8. Code-based Cryptography Code-based cryptography is a promising candidate for post-quantum cryptography. The McEliece cryptosystem in its original version using Goppa codes is still unbroken, but has the main drawback of having large key sizes. Using GRS codes directly in the McEliece system is broken by the attack of Sidelnikov and Shestakov. Rosenthal et al. proposed a variant of the McEliece cryptosystem, denoted by the BBCRS scheme, in order to reconsider the use of GRS codes, by changing the scrambling matrices. Couvreur et al. presented a distinguisher attack on this cryptosystem. Violetta Weger Code-based Cryptosystem using GRS Codes

  9. Basic Definitions Violetta Weger Code-based Cryptosystem using GRS Codes

  10. Coding Theory Let F q be a finite field. Definition An [ n, k ] -linear block code over F q is a k -dimensional linear subspace C ⊆ F n q . There exists a k × n generator matrix G and a ( n − k ) × n parity check matrix H defined by the properties: { } q | Hx T = 0 uG | u ∈ F k { x ∈ F n } C = = . q Let x, y ∈ F n q . Definition The Hamming distance of x, y is defined as d H ( x, y ) = | { i ∈ { 1 , . . . , n } | x i ̸ = y i } | . Violetta Weger Code-based Cryptosystem using GRS Codes

  11. Coding Theory Let C be an [ n, k ]-linear block code. Definition We define the minimum distance of C to be d ( C ) = min { d H ( x, y ) | x, y ∈ C, x ̸ = y } . Definition We denote by C ⊥ the dual code of C , defined as C ⊥ = { x ∈ F n } q | x · y = 0 ∀ y ∈ C . Theorem (Singleton Bound) Let C be an [ n, k ] -linear block code. Then d ( C ) ≤ n − k + 1 . Violetta Weger Code-based Cryptosystem using GRS Codes

  12. Coding Theory Let F q be a finite field and 1 ≤ k < n ≤ q integers. Definition (Generalized Reed-Solomon Code) Let α ∈ F n q be an n -tuple of distinct elements and β ∈ F n q , be an n -tuple of nonzero elements. GRS n,k ( α, β ) = { ( β 1 p ( α 1 ) , . . . , β n p ( α n )) | p ∈ F q [ x ] , deg ( p ) < k } . We can write the generator matrix of GRS n,k ( α, β ) as  β 1 · · · β n  β 1 α 1 · · · β n α n   G =  .  . .  . .   . .  β 1 α k − 1 β n α k − 1 · · · 1 n Violetta Weger Code-based Cryptosystem using GRS Codes

  13. Coding Theory Proposition d ( GRS n,k ( α, β )) = n − k + 1 . Proposition GRS n,k ( α, β ) ⊥ = GRS n,n − k ( α, γ ) . Where n γ i = β − 1 ∏ ( α i − α j ) − 1 . i j =1 j ̸ = i Violetta Weger Code-based Cryptosystem using GRS Codes

  14. Coding Theory Let n = q m and F q m be a finite field. Definition (Goppa Code) Let G ∈ F q m [ x ] . Then define / S m = F q m [ x ] ⟨ G ⟩ . Let L = { α 1 , . . . , α n } ⊆ F n q m , with α i ̸ = α j ∀ i ̸ = j ∈ { 1 , . . . , n } and G ( α i ) ̸ = 0 ∀ i ∈ { 1 , . . . , n } . Then we can define the classical q -ary Goppa code as { n } � a i ∑ a ∈ F n � Γ( L, G ) = = 0 in S m . q � x − α i � i =1 Violetta Weger Code-based Cryptosystem using GRS Codes

  15. McEliece System Violetta Weger Code-based Cryptosystem using GRS Codes

  16. McEliece System Choose n = 2 m , t < n m and Γ a binary Goppa code of length n , dimension k ≥ n − mt , which can correct upto t errors. Γ has a generator matrix G of size k × n . Choose a k × k invertible matrix S and a n × n permutation matrix P and compute G ′ = SGP . ( G ′ , t ) Public Key = Private Key = ( S, G, P ) Violetta Weger Code-based Cryptosystem using GRS Codes

  17. McEliece System Encryption: Let x ∈ F k 2 be the message and e ∈ F n 2 the error vector, s.t. wt( e ) ≤ t , then the cipher is computed as y = xG ′ + e. Decryption: Compute yP − 1 = xSG + eP − 1 , then xSG is a code word of Γ and since wt( eP − 1 ) ≤ t , we can apply the decoding algorithm and get xS and by multiplication with the inverse of S we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  18. Niederreiter system Let F q be a finite field. Let 1 ≤ k < n ≤ q be integers. Construct a [ n, k ]-linear code C , that can correct upto t errors and has an efficient decoding algorithm. C has a parity check matrix H of size r × n , where r = n − k . Choose a r × r invertible matrix S and a n × n permutation matrix P and compute H ′ = SHP . ( H ′ , t ) Public Key = Private Key = ( S, H, P ) Violetta Weger Code-based Cryptosystem using GRS Codes

  19. Niederreiter system Encryption: Let x ∈ F n q be the message, s.t. wt( x ) ≤ t , then the cipher is computed as y T = H ′ x T . Decryption: Compute S − 1 y T = HPx T = H ( xP T ) T . Since wt( xP T ) ≤ t , we can apply syndrome decoding to get xP T and by multiplication with the inverse of P T we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  20. BBCRS Scheme Violetta Weger Code-based Cryptosystem using GRS Codes

  21. BBCRS Scheme Rosenthal, Schipani et al. proposed a variant of the McEliece cryptosystem, in order to reconsider the use of GRS codes as secret code. Instead of the permutation matrix they use as scrambling matrix the sum T + R , where T is a sparse matrix of row weight m and R is a matrix of rank z . This thwarts the attack of Sidelnikov and Shestakov. Violetta Weger Code-based Cryptosystem using GRS Codes

  22. BBCRS Scheme for m = 1 , z = 1 Let F q be a finite field. Let 1 ≤ k < n ≤ q be integers. Let G = k × n generator matrix of GRS code , T = n × n permutation matrix , n × n rank 1 matrix , R = α T β, R = Q = n × n invertible matrix , Q = R + T, S = k × k invertible matrix . Compute: G ′ = S − 1 GQ − 1 and t pub = t = ⌊ n − k 2 ⌋ . ( G ′ , t ) Public Key = Private Key = ( G, T, R, Q, S ) Violetta Weger Code-based Cryptosystem using GRS Codes

  23. BBCRS Scheme for m = 1 , z = 1 Encryption: Let x ∈ F k q be the message and e ∈ F n q , s.t. wt( e ) ≤ t be the error vector. Compute the cipher as y = xG ′ + e. Decryption: Guess the value of eR . Then compute y ′ = yQ − eR = xS − 1 G + eT. Since wt( eT ) ≤ t by decoding algorithm we get xS − 1 and by multiplication with S we get the message x . Violetta Weger Code-based Cryptosystem using GRS Codes

  24. Distinguisher Attack Violetta Weger Code-based Cryptosystem using GRS Codes

  25. Definitions Definition (Schur Product) Let x, y ∈ F n q . The Schur product of x and y is x ⋆ y = ( x 1 y 1 , . . . , x n y n ) . Violetta Weger Code-based Cryptosystem using GRS Codes

  26. Definitions Definition (Schur Product) Let x, y ∈ F n q . The Schur product of x and y is x ⋆ y = ( x 1 y 1 , . . . , x n y n ) . Definition (Schur Product of Codes and Square Code) Let A, B be two codes of length n . The Schur product of A and B is ⟨ A ⋆ B ⟩ = ⟨{ a ⋆ b | a ∈ A, b ∈ B }⟩ . If A = B , then we call ⟨ A ⋆ A ⟩ the square code of A and denote it by ⟨ A 2 ⟩ . Violetta Weger Code-based Cryptosystem using GRS Codes

  27. Definitions Definition (Schur Matrix) Let G be a k × n matrix, with rows g i for 1 ≤ i ≤ k . We denote by S ( G ) the Schur matrix of G , which consists of the rows 2 ( k 2 + k ) × n . g i ⋆ g j for 1 ≤ i ≤ j ≤ k. Thus S ( G ) is of the size 1 Violetta Weger Code-based Cryptosystem using GRS Codes

  28. Properties of Square Codes Proposition Let A be a code of length n and dimension k , then { ( k + 1 )} dim ( ⟨ A 2 ⟩ ) ≤ min n, (1) 2 Violetta Weger Code-based Cryptosystem using GRS Codes

  29. Properties of Square Codes Proposition Let A be a code of length n and dimension k , then { ( k + 1 )} dim ( ⟨ A 2 ⟩ ) ≤ min n, (1) 2 Proposition If 2 k − 1 < n ⟨ GRS n,k ( α, β ) 2 ⟩ = GRS n, 2 k − 1 ( α, β ⋆ β ) (2) Violetta Weger Code-based Cryptosystem using GRS Codes

Recommend

McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich

McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich

Traditional McEliece Crypto System Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Z urich ALCOMA, March 19, 2015 joint

763 views • 54 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May 11-12, 2011 1/45 CONTENTS I Error-correcting codes; the basics II Quasi-cyclic codes; codes generated by circulants III Cyclic codes

556 views • 45 slides
Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University

Twisted Hermitian Codes and the McEliece Cryptosystem Bethany Matsick Liberty University January 26, 2018 Joint work with Austin Allen, Keller Blackwell, Olivia Fiol, Rutuja Kshirsagar, and Zoe Nelson, supervised by Gretchen Matthews. Coding

773 views • 18 slides
/k Introduction and content 2/37 Error-correcting pair - Generalized Reed-Solomon codes -

/k Introduction and content 2/37 Error-correcting pair - Generalized Reed-Solomon codes -

Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Mrquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 /k Introduction and content 2/37 Error-correcting

687 views • 37 slides
A Provisions B Building Code N Code R Code X requirements with up-to-date model codes and

A Provisions B Building Code N Code R Code X requirements with up-to-date model codes and

3/6/2019 Modernizing Chicagos Modernizing Chicagos Construction Codes Construction Codes Phase 2 Overview Commissioner remarks Code Modernization goal Phase 2 technical recommendations Phase 2 stakeholder input Phase

431 views • 6 slides
P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM E RROR - CORRECTING PAIRS P UBLIC - KEY CRYPTOGRAPHY FOR A PUBLIC - KEY CRYPTOSYSTEM C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES I. M RQUEZ -C ORBELLA 1 R. P

1.2k views • 97 slides
Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003

Words of Minimal Weight and Weight Distribution in Binary Goppa Codes Matthieu Finiasz ISIT 2003 Yokohama Binary Goppa Codes Introduction Used for cryptography ( McEliece cryptosystem) Indistinguishable from a random linear code

138 views • 11 slides
The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael

The Paillier Cryptosystem A Look Into The Cryptosystem And Its Potential Application By Michael OKeeffe The College of New Jersey Mathematics Department April 18, 2008 A BSTRACT So long as there are secrets, there is a need for encryption

357 views • 16 slides
Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer

Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer

Code-based One Way Functions Nicolas Sendrier INRIA Rocquencourt, projet CODES Ecrypt Summer School Emerging Topics in Cryptographic Design and Cryptanalysis I. Introduction Binary linear code n the length C a ( n, k ) binary

501 views • 35 slides
Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with

Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with

Personalized PageRank based Community Detection Code bit.ly/dgleich-codes Joint work with C. Seshadhri, David F. Gleich Joyce Jiyoung Whang, and Inderjit S. Dhillon, supported by Purdue University NSF CAREER 1149756-CCF Todays

530 views • 36 slides
QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode

QR Codes Linking the real world with the digital world. What are QR Codes 2D barcode readable by mobile devices Requires a QR Code reader application QR Code Types Static Instructions direct from QR code to mobile device. No

358 views • 22 slides
SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work QR Code Creation My favorite free sites: myqr.co delivr.com/qr-code-generator (best for being able to edit codes) mobilefish.com/services/qrcode

488 views • 13 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate

FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate

FORM BASE CODING What are Form Base Codes? A form-based code (FBC) is a way to regulate development that controls building form first and building use second, with the purpose of achieving a particular type of place or built environment

197 views • 6 slides
Device Code E C requirements Conveyance Electrical Code Replace current New provisions

Device Code E C requirements Conveyance Electrical Code Replace current New provisions

Stakeholder Oversight Group Meeting 12/3/2018 Modernizing Chicagos Modernizing Chicagos Construction Codes Construction Codes Phase 2 Overview Why modernize the code? What is planned? What has happened before? How will

566 views • 7 slides
European Network Code Implementation Overview Wednesday 3 May 2017 EU Code Implementation

European Network Code Implementation Overview Wednesday 3 May 2017 EU Code Implementation

European Network Code Implementation Overview Wednesday 3 May 2017 EU Code Implementation Overview Background and purpose More detail on: Connection Codes Requirements for Generators Operational Codes Balancing Codes

779 views • 33 slides
A New Cryptosystem and Algebraic Constructions for its Key Space K. T. Arasu, Riverside Research

A New Cryptosystem and Algebraic Constructions for its Key Space K. T. Arasu, Riverside Research

A New Cryptosystem and Algebraic Constructions for its Key Space K. T. Arasu, Riverside Research Beavercreek, Ohio karasu@RiversideResearch.org Snake-and-Ladder Blocks We introduce a new symmetric cryptosystem based on snake-and- ladder

408 views • 21 slides
Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on Interface Elements Andrew Seagraves 18.337 Final Project My Parallel DG Code Computes the solution to non-linear elasticity problems allowing

387 views • 20 slides
Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle

Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle

October 2010 Page 1 of 4 Breed Code Guide Cattle breeds and their abbreviation codes Code Cattle Breed Code Cattle Breed Code Cattle Breed AN Aberdeen Angus FP East Flemish Red Pied NM Normande AB Abondance ER Eringer

340 views • 4 slides
MDS codes, arcs and tensors Michel Lavrauw Sabanc University based on joint work with Simeon

MDS codes, arcs and tensors Michel Lavrauw Sabanc University based on joint work with Simeon

MDS codes, arcs and tensors Michel Lavrauw Sabanc University based on joint work with Simeon Ball MDS codes Let A be a set of size q (the alphabet). A code C A n has minimum distance d if any two n -tuples in C differ in at least d

919 views • 32 slides
Texas Department of Insurance Adopted 2018 I-Codes Adopted Codes International Residential Code

Texas Department of Insurance Adopted 2018 I-Codes Adopted Codes International Residential Code

Texas Department of Insurance Adopted 2018 I-Codes Adopted Codes International Residential Code 2018 International Building Code Without Texas Revisions 2018 International Residential Code Figure R301.2(4)A Ultimate Design Wind Speeds 2018

519 views • 37 slides
Error Codes Correcting Gary Lecture 11 toolkit CMU Preliminaries Setting Error of

Error Codes Correcting Gary Lecture 11 toolkit CMU Preliminaries Setting Error of

Rohan Error Codes Correcting Gary Lecture 11 toolkit CMU Preliminaries Setting Error of Correcting Codes Linear Error Correcting codes and Hadamard Codes Hamming Reed Solomon Code Definitions Basic Def An Error code is

291 views • 18 slides
Preparation and Adoption International Building Codes The codes published by the International

Preparation and Adoption International Building Codes The codes published by the International

2018 Building Codes Preparation and Adoption International Building Codes The codes published by the International Code Council, Inc. are the predominant building codes used throughout the United States Updated on a three-year cycle

579 views • 11 slides

More recommend