Cryptology ePrint Archive: Report 2009/509
Practical Key Recovery Attacks On Two McEliece Variants
Valerie Gauthier Umana and Gregor Leander
Abstract: The McEliece cryptosystem is a promising alternative to conventional public key encryption
systems like RSA and ECC. In particular, it is supposed to resist even attackers equipped with quantum
computers. Moreover, the encryption process requires only simple binary operations making it a good
candidate for low cost devices like RFID tags. However, McEliece's original scheme has the drawback
that the keys are very large. Two promising variants have been proposed to overcome this disadvantage.
The rst one is due to Berger et al. presented at AFRICACRYPT 2009 and the second is due to Barreto
and Misoczki presented at SAC 2009. In this paper we rst present a general attack framework and
apply it to both schemes subsequently. Our framework allows us to recover the private key for most
parameters proposed by the authors of both schemes within at most a few days on a single PC
Category / Keywords: public-key cryptography / public key cryptography, McEliece cryptosystem, coding theory, post-quantum cryptography
Date: received 21 Oct 2009
Contact author: g leander at mat dtu dk
Available format(s): PDF | BibTeX Citation
Version: 20091026:104114 (All versions of this report)
Short URL: ia.cr/2009/509
[ Cryptology ePrint archive ]