E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM E RROR - CORRECTING PAIRS P UBLIC - KEY CRYPTOGRAPHY FOR A PUBLIC - KEY CRYPTOSYSTEM C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES I. M ÁRQUEZ -C ORBELLA 1 R. P ELLIKAAN 2 S TAR P RODUCT GRS CODES E RROR -C ORRECTING P AIRS 1INRIA Rocquencourt - SECRET Team D ECODING ALGORITHM FOR GRS - ECP 2Dept. of Mathematics and Computing Science, Eindhoven University of Technology C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION IICMA 2015 The 3rd IndoMS International Conference on Mathematics and Its Applications Depok, Indonesia, 3 November 2015 1 / 31
E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY 1 P UBLIC - KEY CRYPTOGRAPHY C ODE BASED C ODE BASED CRYPTOGRAPHY 2 CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES P REREQUISITES 3 S TAR P RODUCT Error-correcting codes GRS CODES Star Product E RROR -C ORRECTING P AIRS GRS codes D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION E RROR -C ORRECTING P AIRS 4 C ONCLUSION Decoding algorithm for GRS - ECP Codes with a t-ECP ECP one-way function C ONCLUSION 5 2 / 31
P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT Diffie and Hellman in 1976 in the public domain GRS CODES Ellis in 1970 for secret service, not made public until 1997 E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - advantage with respect to symmetric-key cryptography ECP C ODES WITH A T -ECP no exchange of secret key between sender and receiver ECP ONE - WAY FUNCTION C ONCLUSION 3 / 31
O NE - WAY FUNCTION E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY At the heart of any public-key cryptosystem is a P REREQUISITES one-way function E RROR - CORRECTING CODES S TAR P RODUCT a function y = f ( x ) that is GRS CODES easy to evaluate but E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - for which it is computationally infeasible, one hopes ECP to find the inverse x = f − 1 ( y ) C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION Example differentiation a function is easy integrating a function is difficult 4 / 31
P UBLIC K EY C RYPTOGRAPHY E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY EASY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES HARD E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP EASY ECP ONE - WAY FUNCTION Trapdoor one-way C ONCLUSION function (given the TRAPDOOR information) 5 / 31
I NTEGER FACTORIZATION E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES x = ( p , q ) is a pair of distinct prime numbers S TAR P RODUCT GRS CODES y = pq is its product E RROR -C ORRECTING P AIRS proposed by Cocks in 1973 in secret service D ECODING ALGORITHM FOR GRS - ECP Rivest-Shamir-Adleman (RSA) in 1978 in public domain C ODES WITH A T -ECP ECP ONE - WAY FUNCTION based on the hardness of factorizing integers C ONCLUSION 6 / 31
D ISCRETE LOGARITHM E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES G is a group (written multiplicatively) S TAR P RODUCT with a ∈ G and x an integer GRS CODES E RROR -C ORRECTING P AIRS y = a x D ECODING ALGORITHM FOR GRS - ECP proposed by Williamson in 1974 in secret service C ODES WITH A T -ECP Diffie-Hellman in 1974 and 1976 in public domain ECP ONE - WAY FUNCTION C ONCLUSION based on difficulty of finding discrete logarithms in a finite field 7 / 31
P REPARING FOR THE C RYPTOPOCALYPSE E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM M OST PKC ARE BASED ON N UMBER - THEORETIC PROBLEMS P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 8 / 31
P REPARING FOR THE C RYPTOPOCALYPSE E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM M OST PKC ARE BASED ON N UMBER - THEORETIC PROBLEMS P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY ➜ It can be attacked in polynomial P REREQUISITES time using Shor’s algorithm E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES ECDSA E RROR -C ORRECTING P AIRS RSA D ECODING ALGORITHM FOR GRS - ECP ECC C ODES WITH A T -ECP ECP ONE - WAY FUNCTION DSA HECC C ONCLUSION 8 / 31
P REPARING FOR THE C RYPTOPOCALYPSE E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM M OST PKC ARE BASED ON N UMBER - THEORETIC PROBLEMS P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY ➜ It can be attacked in polynomial P REREQUISITES time using Shor’s algorithm E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES ECDSA E RROR -C ORRECTING P AIRS RSA D ECODING ALGORITHM FOR GRS - ECP ECC C ODES WITH A T -ECP ECP ONE - WAY FUNCTION DSA HECC C ONCLUSION Code-based Cryptography is a powerful alternative 8 / 31
C ODE BASED CRYPTOGRAPHY E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES h 1 , . . . , h n is a given n -tuple of vectors in F r q S TAR P RODUCT x is an n -tuple of elements in F q GRS CODES E RROR -C ORRECTING P AIRS y = � n j = 1 x j h j D ECODING ALGORITHM FOR GRS - ECP proposed by McEliece in 1978 C ODES WITH A T -ECP based on the difficulty of decoding error-correcting codes ECP ONE - WAY FUNCTION C ONCLUSION it is NP complete 9 / 31
T RAPDOOR ONE - WAY FUNCTIONS - D ECODER E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM Encoder = Matrix Multiplication P UBLIC - KEY CRYPTOGRAPHY C ODE BASED EASY CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 10 / 31
T RAPDOOR ONE - WAY FUNCTIONS - D ECODER E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM Encoder = Matrix Multiplication P UBLIC - KEY CRYPTOGRAPHY C ODE BASED EASY CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT Decoding is NP-complete GRS CODES E RROR -C ORRECTING P AIRS HARD D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 10 / 31
T RAPDOOR ONE - WAY FUNCTIONS - D ECODER E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM Encoder = Matrix Multiplication P UBLIC - KEY CRYPTOGRAPHY C ODE BASED EASY CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT Decoding is NP-complete GRS CODES E RROR -C ORRECTING P AIRS HARD D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION Efficient decoder for certain families of codes EASY (with TRAPDOOR information) 10 / 31
M C E LIECE CRYPTOSYSTEM E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC - KEY CRYPTOGRAPHY ➜ McEliece introduced the first PKC based on Error-Correcting Codes in 1978 . C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES E RROR -C ORRECTING P AIRS Advantages: D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ➣ Fast encryption ECP ONE - WAY FUNCTION Drawback: (matrix-vector multiplication) C ONCLUSION and decryption functions. ➣ Large key size. ➣ Interesting candidate for post-quantum cryptography. R. J. McEliece. A public-key cryptosystem based on algebraic coding theory . DSN Progress Report, 42-44:114-116, 1978. 11 / 31
T HE M C E LIECE C RYPTOSYSTEM E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM � � P UBLIC - KEY CRYPTOGRAPHY Consider family of codes F C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES S TAR P RODUCT GRS CODES E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 12 / 31
T HE M C E LIECE C RYPTOSYSTEM E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM � � P UBLIC - KEY CRYPTOGRAPHY Consider family of codes F C ODE BASED CRYPTOGRAPHY P REREQUISITES with an efficient E RROR - CORRECTING CODES S TAR P RODUCT decoding algorithm GRS CODES E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 12 / 31
T HE M C E LIECE C RYPTOSYSTEM E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM � � P UBLIC - KEY CRYPTOGRAPHY Consider family of codes F C ODE BASED CRYPTOGRAPHY P REREQUISITES with an efficient E RROR - CORRECTING CODES Indistinguishable S TAR P RODUCT decoding algorithm from random codes GRS CODES E RROR -C ORRECTING P AIRS D ECODING ALGORITHM FOR GRS - ECP C ODES WITH A T -ECP ECP ONE - WAY FUNCTION C ONCLUSION 12 / 31
Recommend
More recommend