McEliece Public-Key Cryptosystem

1. McEliece Public-Key Cryptosystem

2. Introduction • McEliece proposed in 1978. • Based on algebraic coding theory • Higher speed than RSA on encryption and decryption

3. McEliece Public-Key Cryptosystem • Initialization Phase • Alice chooses S、G、P • S is a random (k × k) nonsingular binary matrix. • G is a (k × n) generator matrix of a t-error-correcting binary linear code. • P is a random (n × n) permutation matrix. • Alice’s secret key : S、G、P • Alice’s public key : G’ = SGP

4. McEliece Public-Key Cryptosystem (Cont.) • Encryption Phase • If Bob wants to send a k-bit binary message mto Alice, he encrypts m as c = mG’+z and then sends c to Alice. • z is an n-bit random error vector of weight t.

5. McEliece Public-Key Cryptosystem (Cont.) • Decryption Phase • When Alice receives c, she • Calculates c’ = cP-1 = mSG + zP-1 • Uses the decoding algorithm of the original code G to obtain m’ = mS form c’ • Recovers message m by computing m = m’S-1

6. McEliece Public-Key Cryptosystem (Cont.) • Proof of message decryption • c’ = cP-1 = mG’P-1 + zP-1 = mSG + zP-1 • P is a permutation matrix, thus the weight of zP-1 is still t. • G can correct up to t errors and the word mSG is at distance at most t from cP-1. • Therefore the correct code word m’ = mS is obtained. • m’S-1 = mSS-1 = m

7. McEliece Public-Key Cryptosystem (Cont.) • In the original version of the McEliece scheme, the parameters k, n and t were suggested to be 524, 1024, and 50 respectively. • However, in 1998, Annepointedout that the McEliece scheme with its original parameter sizes doesn’t provide a sufficient security level. • It’s suggested that the parameters k, n and t be 1608, 2048, and 81 respectively.