Two Public-Key Cryptosystems Based on Expanded Gabidulin Codes

This paper presents two public-key cryptosystems based on the so-called expanded Gabidulin codes, which are constructed by expanding Gabidulin codes over the base field. Exploiting the fast decoder of Gabidulin codes, we propose an efficient algorithm to decode these new codes when the noise vector satisfies a certain condition. Additionally, these new codes have an excellent error-correcting capability because of the optimality of their parent Gabidulin codes. Based on different masking techniques, we give two encryption schemes by using expanded Gabidulin codes in the McEliece setting. According to our analysis, these two cryptosystems can both resist the existing structural attacks. Furthermore, our proposals also have an obvious advantage in public-key representation without using the cyclic or quasi-cyclic structure compared to some other code-based cryptosystems. To achieve the security of 256 bits, for instance, a public-key size of 37005 bytes is enough for our first proposal, while around 1044992 bytes are needed for Classic McEliece selected as a candidate of the third round of the NIST PQC project.

LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding

We propose the new rank-metric code-based cryptosystem which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence resists the GOT attack. We also prove that the public-key encryption version of is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of are short ciphertext sizes and (relatively) small key sizes. Further, guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.

Further results on LCD generalized Gabidulin codes

<abstract><p>Linear complementary dual (abbreviated LCD) generalized Gabidulin codes (including Gabidulin codes) have been recently investigated by Shi and Liu et al. (Shi et al. IEICE Trans. Fundamentals E101-A(9):1599-1602, 2018, Liu et al. Journal of Applied Mathematics and Computing 61(1): 281-295, 2019). They have constructed LCD generalized Gabidulin codes of length $ n $ over $ \mathbb{F}_{q^{n}} $ by using self-dual bases of $ \mathbb{F}_{q^{n}} $ over $ \mathbb{F}_{q} $ when $ q $ is even or both $ q $ and $ n $ are odd. Whereas for the case of odd $ q $ and even $ n $, whether LCD generalized Gabidulin codes of length $ n $ over $ \mathbb{F}_{q^{n}} $ exist or not is still open. In this paper, it is shown that one can always construct LCD generalized Gabidulin codes of length $ n $ over $ \mathbb{F}_{q^{n}} $ for the case of odd $ q $ and even $ n $.</p></abstract>

A Novel Niederreiter-like cryptosystem based on the (u|u + υ)-construction codes

In this paper, we present a new variant of the Niederreiter Public Key Encryption (PKE) scheme which is resistant against recent attacks. The security is based on the hardness of the Rank Syndrome Decoding (RSD) problem and it presents a (u|u + υ)-construction code using two different types of codes: Ideal Low Rank Parity Check (ILRPC) codes and λ-Gabidulin codes. The proposed encryption scheme benefits are a larger minimum distance, a new efficient decoding algorithm and a smaller ciphertext and public key size compared to the Loidreau’s variants and to its IND-CCA secure version.

Low-rank parity-check codes over Galois rings

Low-rank parity-check (LRPC) codes are rank-metric codes over finite fields, which have been proposed by Gaborit et al. (Proceedings of the workshop on coding and cryptography WCC, vol 2013, 2013) for cryptographic applications. Inspired by a recent adaption of Gabidulin codes to certain finite rings by Kamche et al. (IEEE Trans Inf Theory 65(12):7718–7735, 2019), we define and study LRPC codes over Galois rings—a wide class of finite commutative rings. We give a decoding algorithm similar to Gaborit et al.’s decoder, based on simple linear-algebraic operations. We derive an upper bound on the failure probability of the decoder, which is significantly more involved than in the case of finite fields. The bound depends only on the rank of an error, i.e., is independent of its free rank. Further, we analyze the complexity of the decoder. We obtain that there is a class of LRPC codes over a Galois ring that can decode roughly the same number of errors as a Gabidulin code with the same code parameters, but faster than the currently best decoder for Gabidulin codes. However, the price that one needs to pay is a small failure probability, which we can bound from above.