Team Secret

Overall Objectives
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results

Keywords : public-key cryptography, code-based cryptography, postquantum cryptography, McEliece cryptosystem, hash functions.

Code-based cryptography

Participants : Daniel Augot, Biswas Bhaskar, Cédric Faure, Matthieu Finiasz, Stéphane Manuel, Nicolas Sendrier, Jean-Pierre Tillich.

Most popular public key cryptographic schemes rely either on the factorization problem (RSA, Rabin), or on the discrete logarithm problem (Diffie-Hellman, El Gamal, DSA). These systems have evolved and today instead of the classical groups ( Im1 ${\#119833 /n\#119833 }$ ) we may use groups on elliptic curves. They allow a shorter block and key size for the same level of security. An intensive effort of the research community has been and is still being conducted to investigate the main aspects of these systems: implementation, theoretical and practical security. It must be noted that these systems all rely on algorithmic number theory. As they are used in most, if not all, applications of public key cryptography today (and it will probably remain so in the near future), cryptographic applications are thus vulnerable to a single breakthrough in algorithmics or in hardware (a quantum computer can break all those scheme).

Diversity is a way to dilute that risk, and it is the duty of the cryptographic research community to prepare and propose alternatives to the number theoretic based systems. The most serious tracks today are lattice-based cryptography (NTRU,...), multivariate cryptography (HFE,...) and code-based cryptography (McEliece encryption scheme,...). All these alternatives are referred to as post-quantum cryptosystems , since they rely on difficult algorithmic problems which would not be solved by the coming-up of the quantum computer.

The code-based primitives have been investigated in details within the project-team. The first cryptosystem based on error-correcting codes was a public key encryption scheme proposed by McEliece in 1978; a dual variant was proposed in 1986 by Harald Niederreiter. We proposed the first (and only) digital signature scheme in 2001. Those systems enjoy very interesting features (fast encryption/decryption, short signature, good security reduction) but also have their drawbacks (large public key, encryption overhead, expensive signature generation). Some of the main issues in this field are

The class of McEliece-like cryptosystems.

The original McEliece cryptosystem remains unbroken. It has been proved by N. Sendrier [74] , [73] that its security is provably reduced to two problems, conjectured to be hard, of coding theory:

This result also applies to Niederreiter's scheme and a similar result was already known for the digital signature scheme [71] . The reduction is not a guaranty of security, but we know that a significant improvement on one of the above problem must occur before the system is seriously threatened.

Recent results:

Cryptographic hash function with codes.

A new collision resistant hash-function has been proposed by the project-team for a few years based on the problem of decoding general binary linear codes [68] . It has the advantage of being fast and of having a security reduction , on the opposite of classical designs, based on MD5 and relatives, which have been broken recently.

The one-wayness of syndrome computation can be exploited in conjunction with quasi-cyclic codes. The purpose is to reduce the size of the constants (a big binary matrix). We have made several new propositions based on this principle: an evolution of the syndrome-based hash function and a stream cipher. The last of those contributions is the submission of a hash function by M. Finiasz, P. Gaborit, S. Manuel and N. Sendrier, to the SHA-3 NIST competition. The security of the proposed hash function, called FSB (for Fast Syndrome Based) is provably reduced to hard problems of algorithmic coding theory. The proposal description and its reference implementation are available online at : [54] .


Logo Inria