Efficient Encryption From Random Quasi-Cyclic Codes

被引:81
作者
Aguilar-Melchor, Carlos [1 ,2 ]
Blazy, Olivier [3 ]
Deneuville, Jean-Christophe [3 ,4 ,5 ]
Gaborit, Philippe [3 ]
Zemor, Gilles [6 ]
机构
[1] Univ Toulouse, INP ENSEEIHT, F-31000 Toulouse, France
[2] Univ Toulouse, ISAE SUPAERO, F-31000 Toulouse, France
[3] Univ Limoges, XLIM, F-87060 Limoges, France
[4] Univ Orleans, LIFO, F-18000 Bourges, France
[5] INSA CVL, F-18000 Bourges, France
[6] Univ Bordeaux, UMR 5251, IMB, F-33405 Talence, France
关键词
Code-based cryptography; public-key encryption; post-quantum cryptography; provable security; MCELIECE; CRYPTANALYSIS; CRYPTOSYSTEM;
D O I
10.1109/TIT.2018.2804444
中图分类号
TP [自动化技术、计算机技术];
学科分类号
080201 [机械制造及其自动化];
摘要
We propose a framework for constructing efficient code-based encryption schemes that do not hide any structure in their public matrix. The framework is in the spirit of the schemes first proposed by Alekhnovich in 2003 and based on the difficulty of decoding random linear codes from random errors of low weight. We depart somewhat from Alekhnovich's approach and propose an encryption scheme based on the difficulty of decoding random quasi-cyclic codes. We propose two new cryptosystems instantiated within our framework: the hamming quasi-cyclic cryptosystem (HQC), based on the hamming metric, and the rank quasi-cyclic cryptosystem (RQC), based on the rank metric. We give a security proof, which reduces the indistinguishability under chosen plaintext attack security of our systems to a decision version of the well-known problem of decoding random families of quasi-cyclic codes for the hamming and rank metrics (the respective QCSD and RQCSD problems). We also provide an analysis of the decryption failure probability of our scheme in the Hamming metric case: for the rank metric there is no decryption failure. Our schemes benefit from a very fast decryption algorithm together with small key sizes of only a few thousand bits. The cryptosystems are very efficient for low encryption rates and are very well suited to key exchange and authentication. Asymptotically, for lambda the security parameter, the public key sizes are respectively in O(lambda(2)) for HQC and in O(lambda(4/3)) for RQC. Practical parameter compares well to the systems based on ring-learning parity with noise or the recent moderate density parity check codes system.
引用
收藏
页码:3927 / 3943
页数:17
相关论文
共 59 条
[1]
Ajtai M., 1997, P 29 ANN ACM S THEOR, P284, DOI DOI 10.1145/258533.258604
[2]
More on average case vs approximation complexity [J].
Alekhnovich, M .
44TH ANNUAL IEEE SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE, PROCEEDINGS, 2003, :298-307
[3]
[Anonymous], PROPERTIES CODES RAN
[4]
[Anonymous], 1978, The Theory of Error-Correcting Codes
[5]
[Anonymous], 2013, Workshop on Coding and Cryptography (WCC) 2013
[6]
[Anonymous], IMPROVEMENT GENERIC
[7]
[Anonymous], P YACC
[8]
Applebaum B, 2007, LECT NOTES COMPUT SC, V4622, P92
[9]
Becker A, 2012, LECT NOTES COMPUT SC, V7237, P520, DOI 10.1007/978-3-642-29011-4_31
[10]
On Public Key Encryption from Noisy Codewords [J].
Ben-Sasson, Eli ;
Ben-Tov, Iddo ;
Damgard, Ivan ;
Ishai, Yuval ;
Ron-Zewi, Noga .
PUBLIC-KEY CRYPTOGRAPHY - PKC 2016, PT II, 2016, 9615 :417-446