Paper 2009/509

Practical Key Recovery Attacks On Two McEliece Variants

Valerie Gauthier Umana and Gregor Leander


The McEliece cryptosystem is a promising alternative to conventional public key encryption systems like RSA and ECC. In particular, it is supposed to resist even attackers equipped with quantum computers. Moreover, the encryption process requires only simple binary operations making it a good candidate for low cost devices like RFID tags. However, McEliece's original scheme has the drawback that the keys are very large. Two promising variants have been proposed to overcome this disadvantage. The rst one is due to Berger et al. presented at AFRICACRYPT 2009 and the second is due to Barreto and Misoczki presented at SAC 2009. In this paper we rst present a general attack framework and apply it to both schemes subsequently. Our framework allows us to recover the private key for most parameters proposed by the authors of both schemes within at most a few days on a single PC

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
public key cryptographyMcEliece cryptosystemcoding theorypost-quantum cryptography
Contact author(s)
g leander @ mat dtu dk
2009-10-26: received
Short URL
Creative Commons Attribution


      author = {Valerie Gauthier Umana and Gregor Leander},
      title = {Practical Key Recovery Attacks On Two McEliece Variants},
      howpublished = {Cryptology ePrint Archive, Paper 2009/509},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.