Section: New Results
Code-based cryptography
Participants : Rodolfo Canto Torres, Julia Chaulet, Adrien Hauteville, Irene Márquez Corbella, Aurélie Phesso, Nicolas Sendrier, Jean-Pierre Tillich.
The first cryptosystem based on error-correcting codes was a public-key encryption scheme proposed by McEliece in 1978; a dual variant was proposed in 1986 by Niederreiter. We proposed the first (and only) digital signature scheme in 2001. Those systems enjoy very interesting features (fast encryption/decryption, short signature, good security reduction) but also have their drawbacks (large public key, encryption overhead, expensive signature generation). Some of the main issues in this field are
-
security analysis, implementation and practicality of existing solutions,
-
reducing the key size, e.g., by using rank metric instead of Hamming metric, or by using particular families of codes,
-
addressing new functionalities, like hashing or symmetric encryption.
Recent results:
-
Structural attacks against some variants of the McEliece cryptosystem based on subclasses of alternant/Goppa codes which admit a very compact public matrix, typically quasi-cyclic, quasi-dyadic, or quasi-monoidic matrices [20] . This result is obtained thanks to a new operation on codes called folding that exploits the knowledge of the automorphism group of the code [19] .
-
Cryptanalysis of a variant of McEliece cryptosystem based on polar codes [40] , [59] .
-
Cryptanalysis of a code-based encryption scheme proposed by Baldi et al. in the Journal of Cryptology [48] .
-
Cryptanalysis of a code-based signature scheme proposed at PQCrypto 2013 by Baldi at al. [57] .
-
Improved algorithm for decoding in the rank metric when some additional information about the targeted codeword is provided [51] ; this algorithm used together with a folding technique leads to a feasible attack on the LRPC cryptosystem.
-
Design on a new code-based stream cipher, named RankSynd, variant of Synd for the rank metric [50] .
-
In-depth analysis of the complexity of generic decoding algorithms for linear codes [37] . Most notably, R. Canto Torres and N. Sendrier have investigated the information-set decoding algorithms applied to the case where the number of errors is sub-linear in the code length [46] . This situation appears in the analysis of the McEliece based in quasi-cyclic Moderate Density Parity Check (MDPC) codes.