1 / 8

Modified McEliece PKC Proposed at Asiacrypt 2000 Is Breakable with CPA

Modified McEliece PKC Proposed at Asiacrypt 2000 Is Breakable with CPA. Kazukuni Kobara and Hideki Imai The Univ. of Tokyo. Security of McEliece. Based on decoding problem Difficulty of decoding arbitrary linear codes Conjectured to be NP-Complete Independent of IFP and DLP

mederos
Download Presentation

Modified McEliece PKC Proposed at Asiacrypt 2000 Is Breakable with CPA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modified McEliece PKC Proposed at Asiacrypt 2000 Is Breakable with CPA Kazukuni Kobara and Hideki Imai The Univ. of Tokyo

  2. Security of McEliece • Based on decoding problem • Difficulty of decoding arbitrary linear codes • Conjectured to be NP-Complete • Independent of IFP and DLP • On which most of the current PKCs are relying

  3. Year 200X IFP and DLP • New Algorithms Decoding problem Broken Even If Both IFP and DLP are Broken • Decoding problem may survive Year 20XX • Quantum Computers • New Algorithms IFP and DLP Broken Decoding problem

  4. Sketch of the Security against Known Attacks For + decryption oracle + knowledge on the plaintext Chosen Plaintext Attack (CPA) Infeasible Computational Complexity Difficult Problem Vulnerable Against These Attacks Feasible GISD : Generalized Information Set Decoding [LB88] FLWC : Finding Low-Weight Codeword [CS98]

  5. Applying a Conversion, These Attacks Can Be Prevented [KI01] + decryption oracle + knowledge on the plaintext Chosen Plaintext Attack (CPA) Infeasible Computational Complexity Feasible For GISD : Generalized Information Set Decoding FLWC : Finding Low-Weight Codeword GISD : Generalized Information Set Decoding [LB88] FLWC : Finding Low-Weight Codeword [CS98]

  6. Aim of Modification at Asiacrypt 2000 [Loi00] For + decryption oracle + knowledge on the plaintext Chosen Plaintext Attack (CPA) Infeasible Computational Complexity Feasible GISD : Generalized Information Set Decoding FLWC : Finding Low-Weight Codeword GISD : Generalized Information Set Decoding [LB88] FLWC : Finding Low-Weight Codeword [CS98]

  7. We Found New CPAs on the Modified Cryptosystem + decryption oracle + knowledge on the plaintext Chosen Plaintext Attack (CPA) Infeasible Computational Complexity Feasible Attack I Attack II GISD : Generalized Information Set Decoding FLWC : Finding Low-Weight Codeword GISD : Generalized Information Set Decoding [LB88] FLWC : Finding Low-Weight Codeword [CS98]

  8. Details will appear in PKC’02 • If you are interested in, please contact me. • kobara@iis.u-tokyo.ac.jp

More Related