Cryptology ePrint Archive: Report 2009/509

Practical Key Recovery Attacks On Two McEliece Variants

Valerie Gauthier Umana and Gregor Leander

Abstract: The McEliece cryptosystem is a promising alternative to conventional public key encryption systems like RSA and ECC. In particular, it is supposed to resist even attackers equipped with quantum computers. Moreover, the encryption process requires only simple binary operations making it a good candidate for low cost devices like RFID tags. However, McEliece's original scheme has the drawback that the keys are very large. Two promising variants have been proposed to overcome this disadvantage. The rst one is due to Berger et al. presented at AFRICACRYPT 2009 and the second is due to Barreto and Misoczki presented at SAC 2009. In this paper we rst present a general attack framework and apply it to both schemes subsequently. Our framework allows us to recover the private key for most parameters proposed by the authors of both schemes within at most a few days on a single PC

Category / Keywords: public-key cryptography / public key cryptography, McEliece cryptosystem, coding theory, post-quantum cryptography

Date: received 21 Oct 2009

Contact author: g leander at mat dtu dk

Available format(s): PDF | BibTeX Citation

Version: 20091026:104114 (All versions of this report)

Short URL: ia.cr/2009/509