Cryptology ePrint Archive: Report 2009/187

Compact McEliece Keys from Goppa Codes

Rafael Misoczki and Paulo S. L. M. Barreto

Abstract: The classical McEliece cryptosystem is built upon the class of Goppa codes, which remains secure to this date in contrast to many other families of codes but leads to very large public keys. Previous proposals to obtain short McEliece keys have primarily centered around replacing that class by other families of codes, most of which were shown to contain weaknesses, and at the cost of reducing in half the capability of error correction. In this paper we describe a simple way to reduce significantly the key size in McEliece and related cryptosystems using a subclass of Goppa codes, while also improving the efficiency of cryptographic operations to $\tilde{O}(n)$ time, and keeping the capability of correcting the full designed number of errors in the binary case.

Category / Keywords: public-key cryptography / post-quantum cryptography, syndrome decoding, efficient parameters and algorithms

Publication Info: The final version of this paper was published in Selected Areas in Cryptography -- SAC'2009, LNCS 5867, pp. 376--392, Springer, 2009. DOI: 10.1007/978-3-642-05445-7 http://www.springerlink.com/content/a352901271645444/

Date: received 30 Apr 2009, last revised 10 Apr 2010

Contact author: pbarreto at larc usp br

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Updated version with binary codes only. QD codes over extension fields are susceptible to structural attacks by Faugère et al. and by Umana and Leander. The text discusses why binary QD codes are not affected by those attacks. A few typos were also corrected.

Version: 20100410:191421 (All versions of this report)

Short URL: ia.cr/2009/187

Discussion forum: Show discussion | Start new discussion