Paper 2013/040

An Efficient CCA2-Secure Variant of the McEliece Cryptosystem in the Standard Model

Roohallah Rastaghi


Recently, a few chosen-ciphertext secure (CCA2-secure) variants of the McEliece public-key encryption (PKE) scheme in the standard model were introduced. All the proposed schemes are based on encryption repetition paradigm and use general transformation from CPA-secure scheme to a CCA2-secure one. Therefore, the resulting encryption scheme needs \textit{separate} encryption and has \textit{large} key size compared to the original scheme, which complex public key size problem in the code-based PKE schemes. Thus, the proposed schemes are not sufficiently efficient to be used in practice. In this work, we propose an efficient CCA2-secure variant of the McEliece PKE scheme in the standard model. The main novelty is that, unlike previous approaches, our approach is a generic conversion and can be applied to \textit{any} one-way trapdoor function (OW-TDF), the lowest-level security notion in the context of public-key cryptography, resolving a big fundamental and central problem that has remained unsolved in the past two decades.

Note: Suggestions and comments are welcome. We also thanks to anyone who read the manuscript and give an alternative proof for the theorem (1).

Available format(s)
Publication info
Published elsewhere. In Submition
Post-quantum cryptographyMcEliece cryptosystemIND-CCA2Permutation algorithmStandard model.
Contact author(s)
r rastaghi59 @ gmail com
2013-08-30: last of 7 revisions
2013-01-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Roohallah Rastaghi},
      title = {An Efficient CCA2-Secure Variant of the McEliece Cryptosystem in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2013/040},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.