Code-based cryptography
|
|
- Edward Skinner
- 5 years ago
- Views:
Transcription
1 Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June 4th 2013 Pierre-Louis CAYREL Code-based graphy 1/43
2 Syndrome decoding problem 1 Input. H : matrix of size r n S : vector of F r 2 t : integer 2 Problem. Does there exist a vector e of F n 2 of weight t such that : Problem NP-complete E.R. BERLEKAMP, R.J. MCELIECE and H.C. VAN TILBORG 1978 Pierre-Louis CAYREL Code-based graphy 2/43
3 Pierre-Louis CAYREL Code-based graphy 3/43
4 What can we do with this problem? encryption signature identification hash function stream cipher Pierre-Louis CAYREL Code-based graphy 4/43
5 Pierre-Louis CAYREL Code-based graphy 5/43
6 Menu 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 6/43
7 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 7/43
8 Error-correcting make possible the correction of errors when the communication is done on a noisy channel. we add redundancy to the information transmitted. Noise e c = m r Channel y = c e by correcting the errors when the message is corrupted. stronger than a control of parity, they can detect and correct errors. We use them : DVD,CD : reduce the effects of dust... Phone : improve the quality of the communication. graphy? Pierre-Louis CAYREL Code-based graphy 8/43
9 Linear most used in error correction error correcting for which redundancy depends linearly on the information can be defined by a generator matrix : c is a word of the code C if and only if : Figure : G : generator matrix in systematic form The generator matrix G : is a k n matrix; rows of G form a basis for the code C. Pierre-Louis CAYREL Code-based graphy 9/43
10 Minimum distance The Hamming weight of a word c is the number of non-zero coordinates. The minimum distance d of a code is the minimum of the Hamming weight between two words of the code. It is also the smallest weight of a non-zero vector. Pierre-Louis CAYREL Code-based graphy 10/43
11 The parity check matrix H is orthogonal to G : it s a n k n matrix, we will use the notation r := n k it s the generator matrix of the dual; the code C is the kernel of H. c C if and only if H t c = 0. s = H t c = H t c H t e is the syndrome of the error. Pierre-Louis CAYREL Code-based graphy 11/43
12 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 12/43
13 Code based systems introduced at the same time than RSA by McEliece + advantages : faster than RSA ; not based on number theory problem (PQ secure) ; does not need processors ; based on hard problem (syndrome decoding problem...) disadvantages : size of public keys (few hundred bits...) Pierre-Louis CAYREL Code-based graphy 13/43
14 Pierre-Louis CAYREL Code-based graphy 14/43
15 How does the McEliece PKC work? generate a code for which we have a decoding algorithm and G the generator matrix. this is the private key. transform G to obtain G which seems random. this is the public key. encrypt a message m by computing : c = m G e with e a random vector of weight t. Pierre-Louis CAYREL Code-based graphy 15/43
16 A dual construction using H instead of G? Security equivalent to McEliece scheme. Private key : C a [n, r, d] code which corrects t errors, H a parity check matrix of C and γ H a decoding algorithm for C, a r r invertible matrix Q, a n n permutation matrix P. Public key : H = QH P. : φ n,t : m e, with e of weight t. e S = H t e = QH P t e Decryption : decode Q 1 S = (Q 1 Q)H P t e in P t e, then P 1 P t e gives e, φ 1 n,t (e) = m. Pierre-Louis CAYREL Code-based graphy 16/43
17 Hardware? Eisenbarth et al. "MicroEliece: McEliece for Embedded Devices", CHES 09. Shoufan et al. "A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms", ASAP 2009 Heyse. "Low-Reiter: Niederreiter Scheme for Embedded Microcontrollers", PQCrypto 2010 Strenzke. "A Smart Card Implementation of the McEliece PKC", WISTP 2010 Heyse. "CCA2 secure McEliece based on Quasi Dyadic Goppa Codes for Embedded Devices", PQCrypto 2011 Cayrel, Hoffmann and Persichetti. "Efficient implementation of a CCA2-secure variant of McEliece using generalized Srivastava ", PKC 2012 Pierre-Louis CAYREL Code-based graphy 17/43
18 generalized Srivastava, Was ist das? Warum? generalized Srivastava (GS) are Alternant (efficient decoding algorithm) there are quasi-dyadic-gs (small public key size, 2560 bytes for 80 bit security) a nice structure ( defined on small extension field secure faces structural attacks) we (Gerhard Hoffmann) implemented a CCA2-secure version of McEliece on microcontroller Figure : from the PKC 2012 paper Pierre-Louis CAYREL Code-based graphy 18/43
19 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 19/43
20 PKC signature. RSA yes McEliece and Niederreiter no directly Pierre-Louis CAYREL Code-based graphy 20/43
21 Pierre-Louis CAYREL Code-based graphy 21/43
22 Pierre-Louis CAYREL Code-based graphy 22/43
23 d the message to sign, we compute M = h(d) h a hash function with values in F r 2 we search e F n 2 of given weight t with h(m) = Ht e let γ be a decoding algorithm 1 i 0 2 while h(m i) is not decodable do i i compute e = γ H (h(m i)) Figure : CFS signature scheme signer sends {e, j} such that h(m j) = H t e Pierre-Louis CAYREL Code-based graphy 23/43
24 we need a dense family of : Goppa binary Goppa t small the probability for a random element to be decodable (in a ball of radius t centered on the codewords) is 1 t! we take n = 2 m, m = 16, t = 9. we have 1 chance over 9! = to have a decodable word. Pierre-Louis CAYREL Code-based graphy 24/43
25 How to improve this scheme (make it more practical)? QD (still dense) implement the scheme on GPU (in progress, Keccak on GPU already) hash directly into decodable elements (hard but in progress) use a stream cipher instead of an hash function (semantical security?) Side channel analysis : decode many times instead of one time in McEliece implementation in hardware (FPGA, ASIC?) countermeasure : Berlekamp-Massey instead of Patterson New construction (from identification or OTS) Pierre-Louis CAYREL Code-based graphy 25/43
26 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 26/43
27 Pierre-Louis CAYREL Code-based graphy 27/43
28 generate a random matrix H of size r n we choose an integer t which is the weight this is the public key (H, t) each user receive e of n bits and weight t. this is the private key each user compute : S = H t e. just once for H fixed S is public Pierre-Louis CAYREL Code-based graphy 28/43
29 A wants to prove to B that she knows the secret but she doesn t want to divulgate it. The protocol is on λ rounds and each of them is defined as follows. Pierre-Louis CAYREL Code-based graphy 29/43
30 Pierre-Louis CAYREL Code-based graphy 30/43
31 Pierre-Louis CAYREL Code-based graphy 31/43
32 Pierre-Louis CAYREL Code-based graphy 32/43
33 efficient (software) implementation of signature scheme (submitted) Figure : from ElYousfi s thesis security of the Fiat-Shamir transformation for n-pass (Africacrypt 2012) generalization to TRSS (WAIFI 2012) 3 rounds and cheating probability 1 2 Pierre-Louis CAYREL Code-based graphy 33/43
34 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 34/43
35 How to hash? Pierre-Louis CAYREL Code-based graphy 35/43
36 How to hash? Pierre-Louis CAYREL Code-based graphy 36/43
37 How φ n,t could work? Pierre-Louis CAYREL Code-based graphy 37/43
38 How to generate pseudo-random sequences? Pierre-Louis CAYREL Code-based graphy 38/43
39 How to generate pseudo-random sequences? Pierre-Louis CAYREL Code-based graphy 39/43
40 improved scheme XSYND (Africacrypt 2012), PSYND (submitted) Figure : from Meziani s slides efficient implementations (submitted) Pierre-Louis CAYREL Code-based graphy 40/43
41 1 Error-correcting Pierre-Louis CAYREL Code-based graphy 41/43
42 : Study of the QC/QD constructions ; Identity-based encryption. : FPGA implementation ; Smaller public keys. : 3-pass and soundness 1/2 ; Efficient implementation. : Fast schemes ; Study of side-channel attacks. Pierre-Louis CAYREL Code-based graphy 42/43
43 Pierre-Louis CAYREL Code-based graphy 43/43
Cryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationCode-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr 16 Novembre 2011 Pierre-Louis
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
Cryptographie basée sur les correcteurs d erreurs et arithmétique with with with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France
More informationRecent progress in code-based cryptography
Recent progress in code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June, 21st
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationFPGA-based Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1. Yale University, USA 2. Fraunhofer Institute SIT, Germany April 9, 2018 PQCrypto 2018
More informationErrors, Eavesdroppers, and Enormous Matrices
Errors, Eavesdroppers, and Enormous Matrices Jessalyn Bolkema September 1, 2016 University of Nebraska - Lincoln Keep it secret, keep it safe Public Key Cryptography The idea: We want a one-way lock so,
More informationImproving the Performance of the SYND Stream Cipher
Improving the Performance of the SYND Stream Cipher Mohammed Meziani, Gerhard Hoffmann and Pierre-Louis Cayrel AfricaCrypt 2012, July 10-12, Ifrane Morocco Backgrounds Previous Works XSYND Conclusion and
More informationCode-based identification and signature schemes in software
Author manuscript, published in "MoCrySEn 2013, Germany (2013)" Code-based identification and signature schemes in software Sidi Mohamed El Yousfi Alaoui 1, Pierre-Louis Cayrel 2, Rachid El Bansarkhani
More informationImproving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems
Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems Robert Niebuhr 1, Pierre-Louis Cayrel 2, and Johannes Buchmann 1,2 1 Technische Universität Darmstadt Fachbereich
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationLeakage Measurement Tool of McEliece PKC Calculator
Leakage Measurement Tool of McEliece PKC Calculator MAREK REPKA Faculty of Electrical Engineering and Information Technology Institute of Computer Science and Mathematics Ilkovicova 3, SK-812 19 Bratislava
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationCode-based Cryptography
a Hands-On Introduction Daniel Loebenberger Ηράκλειο, September 27, 2018 Post-Quantum Cryptography Various flavours: Lattice-based cryptography Hash-based cryptography Code-based
More informationWild McEliece Incognito
Wild McEliece Incognito Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Seminaire de Cryptographie Rennes April 1, 2011 Bad news Quantum computers
More information2 Description of McEliece s Public-Key Cryptosystem
1 A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM Bart Preneel 1,2, Antoon Bosselaers 1, René Govaerts 1 and Joos Vandewalle 1 A software implementation of the McEliece public-key cryptosystem
More informationarxiv: v2 [cs.cr] 14 Feb 2018
Code-based Key Encapsulation from McEliece s Cryptosystem Edoardo Persichetti arxiv:1706.06306v2 [cs.cr] 14 Feb 2018 Florida Atlantic University Abstract. In this paper we show that it is possible to extend
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationHardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS)
Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Viet Dang and Kris Gaj ECE Department George Mason University Fairfax, VA, USA Introduction to DAGS The
More informationCoset Decomposition Method for Decoding Linear Codes
International Journal of Algebra, Vol. 5, 2011, no. 28, 1395-1404 Coset Decomposition Method for Decoding Linear Codes Mohamed Sayed Faculty of Computer Studies Arab Open University P.O. Box: 830 Ardeya
More informationA Smart Card Implementation of the McEliece PKC
A Smart Card Implementation of the McEliece PKC Falko Strenzke 1 1 FlexSecure GmbH, Germany, strenzke@flexsecure.de 2 Cryptography and Computeralgebra, Department of Computer Science, Technische Universität
More informationPost-Quantum Code-Based Cryptography
Big Data Photonics UCLA Post-Quantum Code-Based Cryptography 03-25-2016 Valérie Gauthier Umaña Assistant Professor valeriee.gauthier@urosario.edu.co Cryptography Alice 1 Cryptography Alice Bob 1 Cryptography
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationOn the Security of Some Cryptosystems Based on Error-correcting Codes
On the Security of Some Cryptosystems Based on Error-correcting Codes Florent Chabaud * Florent.Chabaud~ens.fr Laboratoire d'informatique de FENS ** 45, rue d'ulm 75230 Paris Cedex 05 FRANCE Abstract.
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationImproved Timing Attacks against the Secret Permutation in the McEliece PKC
INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL ISSN 1841-9836, 1(1):7-5, February 017. Improved Timing Attacks against the Secret Permutation in the McEliece PKC D. Bucerzan, P.L. Cayrel,
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationA Provably Secure Group Signature Scheme from Code-Based Assumptions
A Provably Secure Group Signature Scheme from Code-Based Assumptions Martianus Frederic Ezerman, Hyung Tae Lee, San Ling, Khoa Nguyen, Huaxiong Wang NTU, Singapore ASIACRYPT 15-01/12/15 Group Signatures
More informationMDPC-McEliece: New McEliece Variants from Moderate Density Parity-Check Codes
MDPC-McEliece: New McEliece Variants from Moderate Density Parity-Check Codes Rafael Misoczki, Jean-Pierre Tillich, Nicolas Sendrier, Paulo S. L. M. Barreto To cite this version: Rafael Misoczki, Jean-Pierre
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationList decoding of binary Goppa codes and key reduction for McEliece s cryptosystem
List decoding of binary Goppa codes and key reduction for McEliece s cryptosystem Morgan Barbier morgan.barbier@lix.polytechnique.fr École Polytechnique INRIA Saclay - Île de France 14 April 2011 University
More informationPublic Key Algorithms
1 Public Key Algorithms ffl hash: irreversible transformation(message) ffl secret key: reversible transformation(block) encryption digital signatures authentication RSA yes yes yes El Gamal no yes no Zero-knowledge
More informationAdvances in code-based public-key cryptography. D. J. Bernstein University of Illinois at Chicago
Advances in code-based public-key cryptography D. J. Bernstein University of Illinois at Chicago Advertisements 1. pqcrypto.org: Post-quantum cryptography hash-based, lattice-based, code-based, multivariate
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationIntroduction to Quantum Safe Cryptography. ENISA September 2018
Introduction to Quantum Safe Cryptography ENISA September 2018 Introduction This talk will introduce the mathematical background of the most popular PQC primitives Code-based Lattice-based Multivariate
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven ASCrypto Summer School: 18 September 2017 Error correction
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationA new zero-knowledge code based identification scheme with reduced communication
A new zero-knowledge code based identification scheme with reduced communication Carlos Aguilar, Philippe Gaborit, Julien Schrek Université de Limoges, France. {carlos.aguilar,philippe.gaborit,julien.schrek}@xlim.fr
More informationMcBits: Fast code-based cryptography
McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography
More informationSigning with Codes. c Zuzana Masárová 2014
Signing with Codes by Zuzana Masárová A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master of Mathematics in Combinatorics and Optimization
More informationMCELIECE [1] is the oldest post-quantum public key
1 BLAKE-512 Based 128-bit CCA2 Secure Timing Attack Resistant McEliece Cryptoprocessor Santosh Ghosh and Ingrid Verbauwhede, Senior Member, IEEE {firstname.lastname}@esat.kuleuven.be Abstract This paper
More informationMcEliece type Cryptosystem based on Gabidulin Codes
McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Zürich ALCOMA, March 19, 2015 joint work with Kyle Marshall Outline Traditional McEliece Crypto System 1 Traditional
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationEfficient Implementation of the McEliece Cryptosystem
Computer Security Symposium 2011 19-21 October 2011 Efficient Implementation of the McEliece Cryptosystem Takuya Sumi Kirill Morozov Tsuyoshi Takagi Department of Mathematics, Kyushu University, 744, Motooka,
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationError-correcting Pairs for a Public-key Cryptosystem
Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Márquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 Introduction and
More informationCyclic Redundancy Check Codes
Cyclic Redundancy Check Codes Lectures No. 17 and 18 Dr. Aoife Moloney School of Electronics and Communications Dublin Institute of Technology Overview These lectures will look at the following: Cyclic
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationChannel Coding for Secure Transmissions
Channel Coding for Secure Transmissions March 27, 2017 1 / 51 McEliece Cryptosystem Coding Approach: Noiseless Main Channel Coding Approach: Noisy Main Channel 2 / 51 Outline We present an overiew of linear
More informationCompact McEliece keys based on Quasi-Dyadic Srivastava codes
Compact McEliece keys based on Quasi-Dyadic Srivastava codes Edoardo Persichetti Department of Mathematics, University of Auckland, New Zealand epersichetti@mathaucklandacnz Abstract The McEliece cryptosystem
More informationCode-based post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
Code-based post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption security
More informationA distinguisher for high-rate McEliece Cryptosystems
A distinguisher for high-rate McEliece Cryptosystems JC Faugère (INRIA, SALSA project), A Otmani (Université Caen- INRIA, SECRET project), L Perret (INRIA, SALSA project), J-P Tillich (INRIA, SECRET project)
More informationA brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
A brief survey of post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption
More informationDAGS: Key Encapsulation using Dyadic GS Codes
DAGS: Key Encapsulation using Dyadic GS Codes Anonymized for Submission Abstract. Code-based Cryptography is one of the main areas of interest for the Post-Quantum Cryptography Standardization call. In
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationAn Overview to Code based Cryptography
Joachim Rosenthal University of Zürich HKU, August 24, 2016 Outline Basics on Public Key Crypto Systems 1 Basics on Public Key Crypto Systems 2 3 4 5 Where are Public Key Systems used: Public Key Crypto
More informationNumber Theory in Cryptography
Number Theory in Cryptography Introduction September 20, 2006 Universidad de los Andes 1 Guessing Numbers 2 Guessing Numbers (person x) (last 6 digits of phone number of x) 3 Guessing Numbers (person x)
More informationOn the Use of Structured Codes in Code Based Cryptography 1. Nicolas Sendrier
On the Use of Structured Codes in Code Based Cryptography 1 Nicolas Sendrier INRIA, CRI Paris-Rocquencourt, Project-Team SECRET Email: Nicolas.Sendrier@inria.fr WWW: http://www-roc.inria.fr/secret/nicolas.sendrier/
More informationPractice Exam Winter 2018, CS 485/585 Crypto March 14, 2018
Practice Exam Name: Winter 2018, CS 485/585 Crypto March 14, 2018 Portland State University Prof. Fang Song Instructions This exam contains 8 pages (including this cover page) and 5 questions. Total of
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationDifferential Power Analysis of a McEliece Cryptosystem
Differential Power Analysis of a McEliece Cryptosystem Cong Chen 1, Thomas Eisenbarth 1, Ingo von Maurich 2, and Rainer Steinwandt 3 1 Worcester Polytechnic Institute, Worcester, MA, USA {cchen3,teisenbarth}@wpi.edu
More informationReducing Key Length of the McEliece Cryptosystem
Reducing Key Length of the McEliece Cryptosystem Thierry Pierre Berger, Pierre-Louis Cayrel, Philippe Gaborit, Ayoub Otmani To cite this version: Thierry Pierre Berger, Pierre-Louis Cayrel, Philippe Gaborit,
More informationMcBits: fast constant-time code-based cryptography. (to appear at CHES 2013)
McBits: fast constant-time code-based cryptography (to appear at CHES 2013) D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische Universiteit
More informationA Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem
A Public Key Encryption Scheme Based on the Polynomial Reconstruction Problem Daniel Augot and Matthieu Finiasz INRIA, Domaine de Voluceau F-78153 Le Chesnay CEDEX Abstract. The Polynomial Reconstruction
More informationNoisy Diffie-Hellman protocols
Noisy Diffie-Hellman protocols Carlos Aguilar 1, Philippe Gaborit 1, Patrick Lacharme 1, Julien Schrek 1 and Gilles Zémor 2 1 University of Limoges, France, 2 University of Bordeaux, France. Classical
More informationAn Efficient CCA2-Secure Variant of the McEliece Cryptosystem in the Standard Model
An Efficient CCA2-Secure Variant of the McEliece Cryptosystem in the Standard Model Roohallah Rastaghi Advanced Intelligent Signal Processing Center, Tehran, Iran r.rastaghi59@gamail.com Abstract Recently,
More informationError-correcting codes and applications
Error-correcting codes and applications November 20, 2017 Summary and notation Consider F q : a finite field (if q = 2, then F q are the binary numbers), V = V(F q,n): a vector space over F q of dimension
More informationThe failure of McEliece PKC based on Reed-Muller codes.
The failure of McEliece PKC based on Reed-Muller codes. May 8, 2013 I. V. Chizhov 1, M. A. Borodin 2 1 Lomonosov Moscow State University. email: ivchizhov@gmail.com, ichizhov@cs.msu.ru 2 Lomonosov Moscow
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationHow SAGE helps to implement Goppa Codes and McEliece PKCSs
How SAGE helps to implement and s DSI GmbH Bremen Institute of Informatics & Automation, IIA Faculty EEE & CS, Hochschule Bremen University of Applied Sciences, risse@hs-bremen.de ICIT 11, May 11 th, 2011,
More informationFPGA-based Key Generator for the Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Key Generator for the Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1 Yale University, New Haven, CT, USA {wen.wang.ww349, jakub.szefer}@yale.edu
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationCryptographic Engineering
Cryptographic Engineering Clément PERNET M2 Cyber Security, UFR-IM 2 AG, Univ. Grenoble-Alpes ENSIMAG, Grenoble INP Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece
More informationQuasi-dyadic CFS signatures
Quasi-dyadic CFS signatures Paulo S. L. M. Barreto 1, Pierre-Louis Cayrel 2, Rafael Misoczki 1, and Robert Niebuhr 3 1 Departamento de Engenharia de Computação e Sistemas Digitais (PCS), Escola Politécnica,
More informationA FUZZY COMMITMENT SCHEME WITH MCELIECE S CIPHER
Surveys in Mathematics and its Applications ISSN 1842-6298 (electronic), 1843-7265 (print) Volume 5 (2010), 73 82 A FUZZY COMMITMENT SCHEME WITH MCELIECE S CIPHER Deo Brat Ojha and Ajay Sharma Abstract.
More informationCryptanalysis of a Zero-Knowledge Identification Protocol of Eurocrypt 95
Cryptanalysis of a Zero-Knowledge Identification Protocol of Eurocrypt 95 Jean-Sébastien Coron and David Naccache Gemplus Card International 34 rue Guynemer, 92447 Issy-les-Moulineaux, France {jean-sebastien.coron,
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationDigital Signatures. p1.
Digital Signatures p1. Digital Signatures Digital signature is the same as MAC except that the tag (signature) is produced using the secret key of a public-key cryptosystem. Message m MAC k (m) Message
More informationCryptanalysis of the Original McEliece Cryptosystem
Cryptanalysis of the Original McEliece Cryptosystem Anne Canteaut and Nicolas Sendrier INRIA - projet CODES BP 105 78153 Le Chesnay, France Abstract. The class of public-ey cryptosystems based on error-correcting
More informationPost-Quantum Cryptography & Privacy. Andreas Hülsing
Post-Quantum Cryptography & Privacy Andreas Hülsing Privacy? Too abstract? How to achieve privacy? Under the hood... Public-key crypto ECC RSA DSA Secret-key crypto AES SHA2 SHA1... Combination of both
More informationEnhanced public key security for the McEliece cryptosystem
Enhanced public key security for the McEliece cryptosystem Marco Baldi 1, Marco Bianchi 1, Franco Chiaraluce 1, Joachim Rosenthal 2, and Davide Schipani 2 1 Università Politecnica delle Marche, Ancona,
More informationClassic McEliece vs. NTS-KEM
Classic McEliece vs. NTS-KEM Classic McEliece Comparison Task Force 2018.06.29 Contents 1 Introduction 2 2 Ciphertext size: identical 3 3 Ciphertext details: Classic McEliece is better 4 4 Patent status:
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationHow to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions
Presentation Article presentation, for the ENS Lattice Based Crypto Workgroup http://www.di.ens.fr/~pnguyen/lbc.html, 30 September 2009 How to Use Short Basis : Trapdoors for http://www.cc.gatech.edu/~cpeikert/pubs/trap_lattice.pdf
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationLecture 10: Zero-Knowledge Proofs
Lecture 10: Zero-Knowledge Proofs Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Some of these slides are based on note by Boaz Barak. Quo vadis? Eo Romam
More informationCommunications II Lecture 9: Error Correction Coding. Professor Kin K. Leung EEE and Computing Departments Imperial College London Copyright reserved
Communications II Lecture 9: Error Correction Coding Professor Kin K. Leung EEE and Computing Departments Imperial College London Copyright reserved Outline Introduction Linear block codes Decoding Hamming
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationDifferential Power Analysis of a McEliece Cryptosystem
Differential Power Analysis of a McEliece Cryptosystem Cong Chen 1, Thomas Eisenbarth 1, Ingo von Maurich 2, and Rainer Steinwandt 3 1 Worcester Polytechnic Institute, Worcester, MA, USA {cchen3,teisenbarth}@wpi.edu
More informationA DPA attack on RSA in CRT mode
A DPA attack on RSA in CRT mode Marc Witteman Riscure, The Netherlands 1 Introduction RSA is the dominant public key cryptographic algorithm, and used in an increasing number of smart card applications.
More informationCryptographic Protocols Notes 2
ETH Zurich, Department of Computer Science SS 2018 Prof. Ueli Maurer Dr. Martin Hirt Chen-Da Liu Zhang Cryptographic Protocols Notes 2 Scribe: Sandro Coretti (modified by Chen-Da Liu Zhang) About the notes:
More informationApplications of Lattices in Telecommunications
Applications of Lattices in Telecommunications Dept of Electrical and Computer Systems Engineering Monash University amin.sakzad@monash.edu Oct. 2013 1 Sphere Decoder Algorithm Rotated Signal Constellations
More information