Abstract
We show that a modification of Nojima et al.’s Randomized McEliece Encryption (RME), where receiver verifies the correctness of the decrypted plaintext, achieves IND-CCA1 security in the standard model. We rely on the two (standard) assumptions used also for RME: hardness of general decoding and Goppa code indistinguishability (sometimes they are jointly referred to as “the McEliece assumptions”), plus an extra assumption on non-falsifiability of the McEliece ciphertexts. The later one implies that an adversary is unable to sample a McEliece ciphertext for which the message and error vector are unknown. This assumption is non-standard, however it represents a win-win argument, in the sense that breaking it would imply efficient sampling of McEliece ciphertexts, which in turn may potentially lead us to a Full Domain Hash code-based signature based on the McEliece PKE—without rejection sampling as in the Courtois-Finiasz-Sendrier signature from Asiacrypt 2001—a long-standing open problem in code-based cryptography.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security 1993, pp. 62–73, ACM (1993)
Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 171–188. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_11
Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24, 384–386 (1978)
Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3
Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 157–174. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_10
Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_36
Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)
Döttling, N., Dowsley, R., Müller-Quade, J., Nascimento, A.C.A.: A CCA2 secure variant of the McEliece cryptosystem. IEEE Trans. Inf. Theory 58(10), 6672–6680 (2012)
Engelbert, D., Overbeck, R., Schmidt, A.: A summary of McEliece-type cryptosystems and their security. J. Math. Cryptol. 1, 151–199 (2007)
Faugère, J., Gauthier-Umaña, A., Otmani, V., Perret, L., Tillich, J.: A distinguisher for high rate McEliece cryptosystems. In: Information Theory Workshop 2011, pp. 282–286. IEEE (2011)
Finiasz, M., Sendrier, N.: Security bounds for the design of code-based cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_6
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34
Jain, A., Krenn, S., Pietrzak, K., Tentes, A.: Commitments and efficient zero-knowledge proofs from learning parity with noise. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 663–680. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_40
Katz, J.: Lecture Notes on Advanced Topics in Cryptography (CMSC 858K), Lecture 9, 24 February 2004
Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems -Conversions for McEliece PKC-. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_2
Lipmaa, H.: On the CCA1-Security of Elgamal and Damgård’s Elgamal. In: Inscrypt 2010, pp. 18–35 (2010)
MacWilliams, F., Sloane, N.J.A.: The Theory of Error-Correcting Codes. North-Holland, Amsterdam (1992)
Preetha Mathew, K., Vasant, S., Venkatesan, S., Pandu Rangan, C.: An efficient IND-CCA2 secure variant of the Niederreiter encryption scheme in the standard model. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 166–179. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31448-3_13
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report (1978)
Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. ISIT 2013: 2069–2073 (2013)
Morozov, K.: Code-based public-key encryption. In: Nishii, R., Ei, S., Koiso, M., Ochiai, H., Okada, K., Saito, S., Shirai, T. (eds.) A Mathematical Approach to Research Problems of Science and Technology. MI, vol. 5, pp. 47–55. Springer, Tokyo (2014). https://doi.org/10.1007/978-4-431-55060-0_4
Morozov, K., Roy P.S., Sakurai, K.: On unconditionally binding code-based commitment schemes. In: IMCOM 2017, vol. 101 (2017)
Morozov, K., Roy, P.S., Steinwandt, R., Xu, R.: On the security of the Courtois-Finiasz-Sendrier signature. Open Math. 16(1), 161–167 (2018)
Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_6
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)
NIST Post-Quantum Cryptography Standardization. Round 2 Submissions. 31 January 2019. https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions
Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the McEliece cryptosystem without random oracles. Des. Codes Crypt. 49(1–3), 289–305 (2008)
Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 95–145. Springer, Berlin (2009). https://doi.org/10.1007/978-3-540-88702-7_4
Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC, pp. 187–196 (2008)
Persichetti, E.: On the CCA2 security of McEliece in the standard model. In: Baek, J., Susilo, W., Kim, J. (eds.) ProvSec 2018. LNCS, vol. 11192, pp. 165–181. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01446-9_10
Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 419–436. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_25
Roth, R.: Introduction to Coding Theory. Cambridge University Press, Cambridge (2006)
Acknowledgements
We would like to thank the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Aguirre Farro, F., Morozov, K. (2019). On IND-CCA1 Security of Randomized McEliece Encryption in the Standard Model. In: Baldi, M., Persichetti, E., Santini, P. (eds) Code-Based Cryptography. CBC 2019. Lecture Notes in Computer Science(), vol 11666. Springer, Cham. https://doi.org/10.1007/978-3-030-25922-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-25922-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25921-1
Online ISBN: 978-3-030-25922-8
eBook Packages: Computer ScienceComputer Science (R0)