A polynomial-time attack on the BBCRS scheme

Alain Couvreur, Ayoub Otmani, Jean Pierre Tillich, Valérie Gauthier-Umaña

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

The BBCRS scheme is a variant of the McEliece public-key encryption scheme where the hiding phase is performed by taking the inverse of a matrix which is of the form T + R where T is a sparse matrix with average row/column weight equal to a very small quantity m, usually m < 2, and R is a matrix of small rank z ≥ 1. The rationale of this new transformation is the reintroduction of families of codes, like generalized Reed-Solomon codes, that are famously known for representin insecure choices. We present a key-recovery attack when z = 1 and m is chosen between 1 and 1+R+O(1/√n) where R denotes the code rate. This attack has complexity O(n6) and breaks all the parameters suggested in the literature.

Original languageEnglish (US)
Title of host publicationPublic-Key Cryptography - PKC 2015 - 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Proceedings
EditorsJonathan Katz
PublisherSpringer
Pages175-193
Number of pages19
ISBN (Electronic)9783662464465
DOIs
StatePublished - Jan 1 2015
Event18th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2015 - Gaithersburg, United States
Duration: Mar 30 2015Apr 1 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9020
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference18th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2015
Country/TerritoryUnited States
CityGaithersburg
Period3/30/154/1/15

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'A polynomial-time attack on the BBCRS scheme'. Together they form a unique fingerprint.

Cite this