Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes - Normandie Université Accéder directement au contenu
Article Dans Une Revue Designs, Codes and Cryptography Année : 2018

Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes

Résumé

Encryption schemes based on the rank metric lead to small public key sizes of order of few thousands bytes which represents a very attractive feature compared to Hamming metric-based encryption schemes where public key sizes are of order of hundreds of thousands bytes even with additional structures like the cyclicity. The main tool for building public key encryption schemes in rank metric is the McEliece encryption setting used with the family of Gabidulin codes. Since the original scheme proposed in 1991 by Gabidulin, Paramonov and Tretjakov, many systems have been proposed based on different masking techniques for Gabidulin codes. Nevertheless, over the years most of these systems were attacked essentially by the use of an attack proposed by Overbeck. In 2005 Faure and Loidreau designed a rank-metric encryption scheme which was not in the McEliece setting. The scheme is very efficient, with small public keys of size a few kiloBytes and with security closely related to the linearized polynomial reconstruction problem which corresponds to the decoding problem of Gabidulin codes. The structure of the scheme differs considerably from the classical McEliece setting and until our work, the scheme had never been attacked. We show in this article that for a range of parameters, this scheme is also vulnerable to a polynomial-time attack that recovers the private key by applying Overbeck's attack on an appropriate public code. As an example we break in a few seconds parameters with 80-bit security claim. Our work also shows that some parameters are not affected by our attack but at the cost of a lost of efficiency for the underlying schemes. Post-quantum cryptography; Gabidulin code; Polynomial reconstruction; Faure-Loidreau scheme.

Dates et versions

hal-02088213 , version 1 (19-07-2019)

Identifiants

Citer

Philippe Gaborit, Ayoub Otmani, Hervé Talé Kalachi. Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes. Designs, Codes and Cryptography, 2018, 86 (7), pp.1391-1403. ⟨10.1007/s10623-017-0402-0⟩. ⟨hal-02088213⟩
59 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More