We propose to use real-valued errors instead of classical bit flipping intentional errors in the McEliece cryptosystem based on moderate-density parity-check (MDPC) codes. This allows to exploit the error correcting capability of these codes to the utmost, by using soft-decision iterative decoding algorithms instead of hard-decision bit flipping decoders. However, soft reliability values resulting from the use of real-valued noise can also be exploited by attackers. We devise new attack procedures aimed at this, and compute the relevant work factors and security levels. We show that, for a fixed security level, these new systems achieve the shortest public key sizes ever reached, with a reduction up to 25% with respect to previous proposals.
Soft McEliece: MDPC code-based McEliece cryptosystem with very compact keys through real-valued intentional errors / Baldi, Marco; Santini, Paolo; Chiaraluce, Franco. - ELETTRONICO. - (2016), pp. 795-799. (Intervento presentato al convegno IEEE International Symposium on Information Theory 2016 tenutosi a Barcelona, Spain nel 10-15 July 2016) [10.1109/ISIT.2016.7541408].
Soft McEliece: MDPC code-based McEliece cryptosystem with very compact keys through real-valued intentional errors
BALDI, Marco;Santini, Paolo
;CHIARALUCE, FRANCO
2016-01-01
Abstract
We propose to use real-valued errors instead of classical bit flipping intentional errors in the McEliece cryptosystem based on moderate-density parity-check (MDPC) codes. This allows to exploit the error correcting capability of these codes to the utmost, by using soft-decision iterative decoding algorithms instead of hard-decision bit flipping decoders. However, soft reliability values resulting from the use of real-valued noise can also be exploited by attackers. We devise new attack procedures aimed at this, and compute the relevant work factors and security levels. We show that, for a fixed security level, these new systems achieve the shortest public key sizes ever reached, with a reduction up to 25% with respect to previous proposals.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
