Cryptology ePrint Archive: Report 2015/966

Vulnerabilities of ``McEliece in the World of Escher"

Dustin Moody and Ray Perlner

Abstract: Recently, Gligoroski et al. proposed code-based encryption and signature schemes using list decoding, blockwise triangular private keys, and a nonuniform error pattern based on ``generalized error sets." The general approach was referred to as \emph{McEliece in the World of Escher.} This paper demonstrates attacks which are significantly cheaper than the claimed security level of the parameters given by Gligoroski et al. We implemented an attack on the proposed 80-bit parameters which was able to recover private keys for both encryption and signatures in approximately 2 hours on a single laptop. We further find that increasing the parameters to avoid our attack will require parameters to grow by almost an order of magnitude for signatures, and (at least) two orders of magnitude for encryption.

Category / Keywords: public-key cryptography / Information Set Decoding, Code-based Cryptography, McEliece PKC, McEliece in the World of Escher

Original Publication (with minor differences): PQCrypto 2016

Date: received 7 Oct 2015, last revised 17 Feb 2016

Contact author: ray perlner at nist gov

Available format(s): PDF | BibTeX Citation

Version: 20160217:152406 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]