An efficient IND-CCA2 secure variant of the niederreiter encryption scheme in the standard model
09 Jul 2012-pp 166-179
TL;DR: This scheme is built on the Niederreiter encryption scheme and can be considered as the first practical code-based encryption scheme that is IND-CCA2 secure in the standard model.
Abstract: In this paper, we propose an IND-CCA2 secure code based encryption scheme in the standard model, built on the Niederreiter encryption scheme. The security of the scheme is based on the hardness of the Syndrome Decoding problem and the Goppa Code Distinguishability problem. The system is developed according to the construction similar to IND-CCA2 secure encryption scheme by Peikert and Waters using the lossy trapdoor functions. Compared to the existing IND-CCA2 secure variants due to Dowsley et.al. and Freeman et. al. (using the κ repetition paradigm initiated by Rosen and Segev), our scheme is more efficient as it avoids κ repetitions. This can be considered as the first practical code-based encryption scheme that is IND-CCA2 secure in the standard model.
Citations
More filters
Book•
01 Jan 2010
TL;DR: Cryptosystems I and II: Cryptography between Wonderland and Underland as discussed by the authors, a simple BGN-type Cryptosystem from LWE, or Bonsai Trees, or how to delegate a Lattice Basis.
Abstract: Cryptosystems I.- On Ideal Lattices and Learning with Errors over Rings.- Fully Homomorphic Encryption over the Integers.- Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups.- Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption.- Obfuscation and Side Channel Security.- Secure Obfuscation for Encrypted Signatures.- Public-Key Encryption in the Bounded-Retrieval Model.- Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases.- 2-Party Protocols.- Partial Fairness in Secure Two-Party Computation.- Secure Message Transmission with Small Public Discussion.- On the Impossibility of Three-Move Blind Signature Schemes.- Efficient Device-Independent Quantum Key Distribution.- Cryptanalysis.- New Generic Algorithms for Hard Knapsacks.- Lattice Enumeration Using Extreme Pruning.- Algebraic Cryptanalysis of McEliece Variants with Compact Keys.- Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds.- IACR Distinguished Lecture.- Cryptography between Wonderland and Underland.- Automated Tools and Formal Methods.- Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others.- Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR.- Computational Soundness, Co-induction, and Encryption Cycles.- Models and Proofs.- Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks.- Cryptographic Agility and Its Relation to Circular Encryption.- Bounded Key-Dependent Message Security.- Multiparty Protocols.- Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography.- Adaptively Secure Broadcast.- Universally Composable Quantum Multi-party Computation.- Cryptosystems II.- A Simple BGN-Type Cryptosystem from LWE.- Bonsai Trees, or How to Delegate a Lattice Basis.- Efficient Lattice (H)IBE in the Standard Model.- Hash and MAC.- Multi-property-preserving Domain Extension Using Polynomial-Based Modes of Operation.- Stam's Collision Resistance Conjecture.- Universal One-Way Hash Functions via Inaccessible Entropy.- Foundational Primitives.- Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions.- Constructing Verifiable Random Functions with Large Input Spaces.- Adaptive Trapdoor Functions and Chosen-Ciphertext Security.
320 citations
TL;DR: This paper studies a variant of the McEliece cryptosystem able to ensure that the code used as the public key is no longer permutation equivalent to the secret code, thus opening the way for reconsidering the adoption of classical families of codes, like Reed–Solomon codes, that have been longly excluded from the Mceliece Cryptosystem for security reasons.
Abstract: This paper studies a variant of the McEliece cryptosystem able to ensure that the code used as the public key is no longer permutation equivalent to the secret code. This increases the security level of the public key, thus opening the way for reconsidering the adoption of classical families of codes, like Reed---Solomon codes, that have been longly excluded from the McEliece cryptosystem for security reasons. It is well known that codes of these classes are able to yield a reduction in the key size or, equivalently, an increased level of security against information set decoding; so, these are the main advantages of the proposed solution. We also describe possible vulnerabilities and attacks related to the considered system and show what design choices are best suited to avoid them.
93 citations
Cites background from "An efficient IND-CCA2 secure varian..."
...Classical CCA2-secure conversions work in the random oracle model [22, 28], while the problem of finding efficient CCA2-secure conversions of these cryptosystem in the standard model has been addressed more recently [19, 18, 39, 42, 44]....
[...]
29 Nov 2015
TL;DR: The scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem.
Abstract: We solve an open question in code-based cryptography by introducing the first provably secure group signature scheme from code-based assumptions. Specifically, the scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. Our construction produces smaller key and signature sizes than the existing post-quantum group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed the population of the Netherlands $${\approx }2^{24}$$ users. The feasibility of the scheme is supported by implementation results. Additionally, the techniques introduced in this work might be of independent interest: a new verifiable encryption protocol for the randomized McEliece encryption and a new approach to design formal security reductions from the Syndrome Decoding problem.
44 citations
Dissertation•
01 Jan 2012
TL;DR: This work is based on Generalized Srivastava codes and represents a generalization of the Quasi-Dyadic scheme proposed by Misoczki and Barreto, with two advantages: a better flexibility, and improved resistance to all the known attacks.
Abstract: Recent public-key cryptography is largely based on number theory problems, such as factoring or computing of discrete logarithm. These systems constitute an excellent choice in many applications, and their security is well defined and understood. One of the major drawbacks, though, is that they will be vulnerable once quantum computers of an appropriate size are available. There is then a strong need for alternative systems that would resist attackers equipped with quantum technology. One of the most well-known systems of this kind is the McEliece cryptosystem, introduced in 1978, that is based on algebraic coding theory. There are no known vulnerabilities against quantum computers, and it has a very fast and efficient encryption procedure. However, it has also one big aw, the size of the public key, that makes it impractical for many applications. The first part of this thesis is dedicated to finding a way to significantly reduce the size of the public key. Latest publications achieve very good results by using codes with particular structures, obtaining keys as small as 4,096 bits. Unfortunately, almost all of the variants presented until now have been broken or proven to be insecure against the so-called structural attacks, i.e. attacks that aim to exploit the hidden structure in order to recover the private key. My work is based on Generalized Srivastava codes and represents a generalization of the Quasi-Dyadic scheme proposed by Misoczki and Barreto, with two advantages: a better flexibility, and improved resistance to all the known attacks. An efficient implementation of the above scheme is also provided, as a result of a joint work with P.-L. Cayrel and G. Hoffmann. In the next chapters, other important aspects of code-based cryptography are investigated. These include the study of a higher security standard, called indistinguishability under a chosen ciphertext attack, in the standard model, and the design of a code-based key encapsulation mechanism (KEM), which is an essential component of the hybrid encryption protocol. The last chapter is about digital signatures, a fundamental protocol in modern cryptography; existing code-based signatures schemes are reviewed and a negative result is obtained, showing that the design of an efficient signature scheme based on coding theory is still an open problem.
35 citations
Additional excerpts
...As for IND-CCA2 security, a few promising recent results have been published, for instance by Preetha Mathew, Vasant, Venkatesan and Pandu Rangan [78] at ACISP 2012....
[...]
TL;DR: The first provably secure group signature scheme from code-based assumptions was proposed in this article, which satisfies the CPA -anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome decoding problem.
Abstract: We solve an open question in code-based cryptography by introducing two provably secure group signature schemes from code-based assumptions. Our basic scheme satisfies the CPA -anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. The construction produces smaller key and signature sizes than the previous group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed 224, which is roughly comparable to the current population of the Netherlands. We develop the basic scheme further to achieve the strongest anonymity notion, i.e. , CCA -anonymity, with a small overhead in terms of efficiency. The feasibility of two proposed schemes is supported by implementation results. Our two schemes are the first in their respective classes of provably secure groups signature schemes. Additionally, the techniques introduced in this work might be of independent interest. These are a new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem.
14 citations
References
More filters
02 May 2004
TL;DR: This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions.
Abstract: We propose a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme. Our construction requires the underlying IBE scheme to satisfy only a relatively “weak” notion of security which is known to be achievable without random oracles; thus, our results provide a new approach for constructing CCA-secure encryption schemes in the standard model. Our approach is quite different from existing ones; in particular, it avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions. Furthermore, applying our conversion to some recently-proposed IBE schemes results in CCA-secure schemes whose efficiency makes them quite practical.
889 citations
"An efficient IND-CCA2 secure varian..." refers methods in this paper
...Our scheme uses ideas from [19,18,5]....
[...]
...We use strongly unforgeable one-time signature (OTS) to handle malleability related issues as in [19,23,5]....
[...]
30 May 2010
TL;DR: This work constructs an efficient identity based encryption system based on the standard learning with errors (LWE) problem and extends this basic technique to an adaptively-secure IBE and a Hierarchical IBE.
Abstract: We construct an efficient identity based encryption system based on the standard learning with errors (LWE) problem. Our security proof holds in the standard model. The key step in the construction is a family of lattices for which there are two distinct trapdoors for finding short vectors. One trapdoor enables the real system to generate short vectors in all lattices in the family. The other trapdoor enables the simulator to generate short vectors for all lattices in the family except for one. We extend this basic technique to an adaptively-secure IBE and a Hierarchical IBE.
840 citations
"An efficient IND-CCA2 secure varian..." refers background or methods in this paper
...In our case, f1, f2 are the two injective functions that achieve the same purpose, but the details and computations are entirely different from [1]....
[...]
...[1] in the lattice-based setup, for simulation of the key-extraction phase in their proof of CPA security of a (H)IBE in the standard model....
[...]
TL;DR: In this article, the authors take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the schemes that result from implementing the random oracle by so-called "cryptographic hash functions".
Abstract: We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called "cryptographic hash functions".The main result of this article is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges.
835 citations
TL;DR: The cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
Abstract: The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users.
Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
831 citations
"An efficient IND-CCA2 secure varian..." refers background in this paper
...The important notions in public key cryptography are that of security under chosen ciphertext attack (CCA security) and trapdoor functions (TDFs) [7,17,20]....
[...]
...[7]....
[...]
Book•
01 Jan 1997
TL;DR: Die Online-Fachbuchhandlung beck-shop.de ist spezialisiert auf Fachbücher, insbesondere Recht, Steuern und Wirtschaft, und ergänzt das Programm durch Services wie Neuerscheinungsdienst oder Zusammenstellungen von Büchern zu Sonderpreisen.
Abstract: Die Online-Fachbuchhandlung beck-shop.de ist spezialisiert auf Fachbücher, insbesondere Recht, Steuern und Wirtschaft. Im Sortiment finden Sie alle Medien (Bücher, Zeitschriften, CDs, eBooks, etc.) aller Verlage. Ergänzt wird das Programm durch Services wie Neuerscheinungsdienst oder Zusammenstellungen von Büchern zu Sonderpreisen. Der Shop führt mehr als 8 Millionen Produkte.
790 citations