Semantic security for the McEliece cryptosystem without random oracles
نویسندگان
چکیده
In this paper, we formally prove that padding the plaintext with a random bit-string provides the semantic security against chosen plaintext attack (IND-CPA) for the McEliece (and its dual, the Niederreiter) cryptosystems under the standard assumptions. Such padding has recently been used by Suzuki, Kobara and Imai in the context of RFID security. Our proof relies on the technical result by Katz and Shin from Eurocrypt ’05 showing “pseudorandomness” implied by the learning parity with noise (LPN) problem. We do not need the random oracles as opposed to the known generic constructions which, on the other hand, provide a stronger protection as compared to our scheme—against (adaptive) chosen ciphertext attack, i.e., IND-CCA(2). In order to show that the padded version of the cryptosystem remains practical, we provide some estimates for suitable key sizes together with corresponding workload required for successful attack.
منابع مشابه
Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC
Almost all of the current public-key cryptosystems (PKCs) are based on number theory, such as the integer factoring problem and the discrete logarithm problem (which will be solved in polynomial-time after the emergence of quantum computers). While the McEliece PKC is based on another theory, i.e. coding theory, it is vulnerable against several practical attacks. In this paper, we carefully rev...
متن کاملAn efficient and provably secure public key encryption scheme based on coding theory
Although coding-based public key encryption schemes such as McEliece and Niederreiter cryptosystems have been well studied, it is not a trivial task to design an efficient coding-based cryptosystem with semantic security against adaptive chosen ciphertext attacks (IND-CCA2). To tackle this challenging issue, in this paper, we first propose an efficient INDCCA2-secure public key encryption schem...
متن کاملEfficient Selective-ID Secure Identity-Based Encryption Without Random Oracles
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model in groups equipped with a bilinear map. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the sta...
متن کاملStrengthening McEliece Cryptosystem
McEliece cryptosystem is a public-key cryptosystem based on error-correcting codes. It constitutes one of the few alternatives to cryptosystems relying on number theory. We present a modification of the McEliece cryptosystem which strengthens its security without increasing the size of the public key. We show that it is possible to use some properties of the automorphism groups of the codes to ...
متن کاملHow to Achieve a McEliece-Based Digital Signature Scheme
McEliece is one of the oldest known public key cryptosystems. Though it was less widely studied than RSA, it is remarkable that all known attacks are still exponential. It is widely believed that code-based cryptosystems like McEliece do not allow practical digital signatures. In the present paper we disprove this belief and show a way to build a practical signature scheme based on coding theor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Des. Codes Cryptography
دوره 49 شماره
صفحات -
تاریخ انتشار 2008