Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes - Archive ouverte HAL Access content directly
Journal Articles Designs, Codes and Cryptography Year : 2018

Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes

(1) , (2) , (3)
1
2
3

Abstract

Encryption schemes based on the rank metric lead to small public key sizes of order of few thousands bytes which represents a very attractive feature compared to Hamming metric-based encryption schemes where public key sizes are of order of hundreds of thousands bytes even with additional structures like the cyclicity. The main tool for building public key encryption schemes in rank metric is the McEliece encryption setting used with the family of Gabidulin codes. Since the original scheme proposed in 1991 by Gabidulin, Paramonov and Tretjakov, many systems have been proposed based on different masking techniques for Gabidulin codes. Nevertheless, over the years most of these systems were attacked essentially by the use of an attack proposed by Overbeck. In 2005 Faure and Loidreau designed a rank-metric encryption scheme which was not in the McEliece setting. The scheme is very efficient, with small public keys of size a few kiloBytes and with security closely related to the linearized polynomial reconstruction problem which corresponds to the decoding problem of Gabidulin codes. The structure of the scheme differs considerably from the classical McEliece setting and until our work, the scheme had never been attacked. We show in this article that for a range of parameters, this scheme is also vulnerable to a polynomial-time attack that recovers the private key by applying Overbeck's attack on an appropriate public code. As an example we break in a few seconds parameters with 80-bit security claim. Our work also shows that some parameters are not affected by our attack but at the cost of a lost of efficiency for the underlying schemes. Post-quantum cryptography; Gabidulin code; Polynomial reconstruction; Faure-Loidreau scheme.

Dates and versions

hal-02088213 , version 1 (19-07-2019)

Identifiers

Cite

Philippe Gaborit, Ayoub Otmani, Hervé Talé Kalachi. Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes. Designs, Codes and Cryptography, 2018, 86 (7), pp.1391-1403. ⟨10.1007/s10623-017-0402-0⟩. ⟨hal-02088213⟩
52 View
0 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More