对麦克利埃斯密码系统的新攻击

IF 0.9 Q3 COMPUTER SCIENCE, THEORY & METHODS

International Journal of Computer Mathematics: Computer Systems Theory Pub Date : 2023-07-03 DOI:10.1080/23799927.2023.2229278

Henry Gray, Christopher Battarbee, S. F. Shahandashti, Delaram Kahrobaei

{"title":"对麦克利埃斯密码系统的新攻击","authors":"Henry Gray, Christopher Battarbee, S. F. Shahandashti, Delaram Kahrobaei","doi":"10.1080/23799927.2023.2229278","DOIUrl":null,"url":null,"abstract":"This report proposes a new and novel attack on McEliece's cryptosystem that improves on the probability of attacks formerly proposed by Stern, and Lee and Brickell. Modern day encryption standards have been long since proven insecure to quantum attack, and quantum-resistant cryptosystems are now at the forefront of research. Since 2016, the National Institute of Standards and Technology (NIST) has presided over a public competition to establish new standards for public-key encryption that will secure our data in the post-quantum world. Now in its final round, one of the remaining candidates is McEliece's cryptosystem, a code-based cryptosystem proposed in 1978 by Robert J. McEliece. With a few minor alterations since its conception, McEliece's cryptosystem has, so far, proven resistant to quantum attacks, making it an ideal finalist candidate. The cryptosystem has not, however, escaped the attention of attack and, over the last four decades, a variety of algorithms have been proposed with the intention of exploiting it to recover the plaintext. This paper initially provides an overview of McEliece's cryptosystem and two existing attacks proposed by Stern, and Lee and Brickell in the 1980s. Observations are made on the shared probabilistic nature of Stern's algorithm, and Lee and Brickell's attack. It is noted that the first step of both algorithms involves the random selection of a subset of n indexes. In Stern's algorithm, n−k of n columns in a matrix H are chosen at random and, in Lee and Brickell's attack, k of n bits of the ciphertext are selected, also at random. This relationship is exploited to compound the two attacks and propose a new, novel attack. The complexity and probability of the new attack are discussed and an analysis is conducted to compare it against both Stern's algorithm and Lee and Brickell's attack. This analysis suggests that the probability of successful attack comes close to combining those of the two original attacks. Furthermore, the results suggest that the novel attack can successfully recover a message faster than Stern's algorithm. Improvements to the attack are suggested, concluding that further study should be conducted into fully analysing it and its implications on the security of McEliece's cryptosystem.","PeriodicalId":37216,"journal":{"name":"International Journal of Computer Mathematics: Computer Systems Theory","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2023-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel attack on McEliece's cryptosystem\",\"authors\":\"Henry Gray, Christopher Battarbee, S. F. Shahandashti, Delaram Kahrobaei\",\"doi\":\"10.1080/23799927.2023.2229278\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This report proposes a new and novel attack on McEliece's cryptosystem that improves on the probability of attacks formerly proposed by Stern, and Lee and Brickell. Modern day encryption standards have been long since proven insecure to quantum attack, and quantum-resistant cryptosystems are now at the forefront of research. Since 2016, the National Institute of Standards and Technology (NIST) has presided over a public competition to establish new standards for public-key encryption that will secure our data in the post-quantum world. Now in its final round, one of the remaining candidates is McEliece's cryptosystem, a code-based cryptosystem proposed in 1978 by Robert J. McEliece. With a few minor alterations since its conception, McEliece's cryptosystem has, so far, proven resistant to quantum attacks, making it an ideal finalist candidate. The cryptosystem has not, however, escaped the attention of attack and, over the last four decades, a variety of algorithms have been proposed with the intention of exploiting it to recover the plaintext. This paper initially provides an overview of McEliece's cryptosystem and two existing attacks proposed by Stern, and Lee and Brickell in the 1980s. Observations are made on the shared probabilistic nature of Stern's algorithm, and Lee and Brickell's attack. It is noted that the first step of both algorithms involves the random selection of a subset of n indexes. In Stern's algorithm, n−k of n columns in a matrix H are chosen at random and, in Lee and Brickell's attack, k of n bits of the ciphertext are selected, also at random. This relationship is exploited to compound the two attacks and propose a new, novel attack. The complexity and probability of the new attack are discussed and an analysis is conducted to compare it against both Stern's algorithm and Lee and Brickell's attack. This analysis suggests that the probability of successful attack comes close to combining those of the two original attacks. Furthermore, the results suggest that the novel attack can successfully recover a message faster than Stern's algorithm. Improvements to the attack are suggested, concluding that further study should be conducted into fully analysing it and its implications on the security of McEliece's cryptosystem.\",\"PeriodicalId\":37216,\"journal\":{\"name\":\"International Journal of Computer Mathematics: Computer Systems Theory\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2023-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Computer Mathematics: Computer Systems Theory\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/23799927.2023.2229278\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Computer Mathematics: Computer Systems Theory","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/23799927.2023.2229278","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

本报告提出了一种针对McEliece密码系统的新攻击方法，该方法提高了Stern、Lee和Brickell先前提出的攻击概率。现代加密标准早已被证明对量子攻击不安全，而抗量子密码系统现在处于研究的前沿。自2016年以来，美国国家标准与技术研究院(NIST)主持了一项公开竞赛，旨在建立新的公钥加密标准，以在后量子世界中保护我们的数据。现在进入最后一轮，剩下的候选人之一是McEliece的密码系统，这是1978年由Robert J. McEliece提出的基于代码的密码系统。McEliece的密码系统自构想以来进行了一些小的修改，到目前为止，它已经被证明可以抵抗量子攻击，使其成为理想的决赛候选人。然而，密码系统并没有逃过攻击的注意，在过去的四十年里，各种各样的算法被提出，目的是利用它来恢复明文。本文首先概述了McEliece的密码系统以及Stern、Lee和Brickell在20世纪80年代提出的两种现有攻击。对Stern算法和Lee和Brickell攻击的共同概率性质进行了观察。值得注意的是，这两种算法的第一步都涉及到n个索引子集的随机选择。在Stern的算法中，矩阵H的n列中的n - k列是随机选择的，而在Lee和Brickell的攻击中，密文的k位也是随机选择的。这种关系被用来混合两种攻击，并提出一种新的、新颖的攻击。讨论了新攻击的复杂性和概率，并将其与Stern的算法和Lee和Brickell的攻击进行了比较分析。这一分析表明，成功攻击的概率接近于两次原始攻击的总和。此外，结果表明，这种新的攻击可以比Stern的算法更快地成功恢复信息。建议对攻击进行改进，并得出结论，应该进行进一步的研究，以充分分析它及其对McEliece密码系统安全性的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A novel attack on McEliece's cryptosystem

This report proposes a new and novel attack on McEliece's cryptosystem that improves on the probability of attacks formerly proposed by Stern, and Lee and Brickell. Modern day encryption standards have been long since proven insecure to quantum attack, and quantum-resistant cryptosystems are now at the forefront of research. Since 2016, the National Institute of Standards and Technology (NIST) has presided over a public competition to establish new standards for public-key encryption that will secure our data in the post-quantum world. Now in its final round, one of the remaining candidates is McEliece's cryptosystem, a code-based cryptosystem proposed in 1978 by Robert J. McEliece. With a few minor alterations since its conception, McEliece's cryptosystem has, so far, proven resistant to quantum attacks, making it an ideal finalist candidate. The cryptosystem has not, however, escaped the attention of attack and, over the last four decades, a variety of algorithms have been proposed with the intention of exploiting it to recover the plaintext. This paper initially provides an overview of McEliece's cryptosystem and two existing attacks proposed by Stern, and Lee and Brickell in the 1980s. Observations are made on the shared probabilistic nature of Stern's algorithm, and Lee and Brickell's attack. It is noted that the first step of both algorithms involves the random selection of a subset of n indexes. In Stern's algorithm, n−k of n columns in a matrix H are chosen at random and, in Lee and Brickell's attack, k of n bits of the ciphertext are selected, also at random. This relationship is exploited to compound the two attacks and propose a new, novel attack. The complexity and probability of the new attack are discussed and an analysis is conducted to compare it against both Stern's algorithm and Lee and Brickell's attack. This analysis suggests that the probability of successful attack comes close to combining those of the two original attacks. Furthermore, the results suggest that the novel attack can successfully recover a message faster than Stern's algorithm. Improvements to the attack are suggested, concluding that further study should be conducted into fully analysing it and its implications on the security of McEliece's cryptosystem.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Computer Mathematics: Computer Systems Theory Computer Science-Computational Theory and Mathematics

CiteScore

1.80

自引率

0.00%

发文量