Table of contents

  • This session has been presented February 21, 2020.

Description

  • Speaker

    Valentin Vasseur - INRIA

Quasi-cyclic moderate density parity check (QC-MDPC) codes allow the design of McEliece-like public-key encryption schemes with compact keys and a security that provably reduces to hard decoding problems for quasi-cyclic codes. Because of these features, QC-MDPC have attracted a lot of interest from the cryptographic community. In particular, the BIKE suite of key exchange mechanisms has been selected to the second round of the NIST call for standardization of quantum safe cryptographic primitives.<br/> To reach IND-CCA security, it is necessary to prove that the decoding failure rate (DFR) is negligible. Getting a formal proof of a low DFR is a difficult task. Instead, we propose to ensure this low DFR under some additional security assumption on the decoder. This assumption relates to the asymptotic behavior of the decoder and is supported by several other works. We thus evaluate a decoder by simulation and extrapolate its DFR under the decoder security assumption. Using standard techniques from communication systems, we can evaluate the confidence in our extrapolation.<br/> The construction of a set of weak keys, in the sense that they have a higher DFR, has been exhibited in a recent work [Drucker, Gueron, Kostic 2019]. We observe that these keys are related to the key recovery reaction attack of [Guo, Johansson, Stankovski 2016] by the fact that they have an atypical "spectrum". From this observation, we can generalize the construction by directly generating keys with an atypical spectrum. Using combinatorics to count these weak keys and applying our methodology to evaluate the DFR, we prove that they do not affect the security of the scheme.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=723203***9541&autojoin

Next sessions

  • Polytopes in the Fiat-Shamir with Aborts Paradigm

    • November 29, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Hugo Beguinet - ENS Paris / Thales

    The Fiat-Shamir with Aborts paradigm (FSwA) uses rejection sampling to remove a secret’s dependency on a given source distribution.&nbsp; Recent results revealed that unlike the uniform distribution in the hypercube, both the continuous Gaussian and the uniform distribution within the hypersphere minimise the rejection rate and the size of the proof of knowledge. However, in practice both these[…]

    • Cryptography

    • Asymmetric primitive

    • Mode and protocol

  • Post-quantum Group-based Cryptography

    • December 20, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Delaram Kahrobaei - The City University of New York

Show previous sessions
Page top