SlideShare a Scribd company logo

Post quantum cryptography - thesis

•
S
Samy Shehata

This document discusses post-quantum cryptography and code-based cryptosystems as an alternative that is secure against quantum computers. It describes the McEliece cryptosystem, which uses error correcting codes, and introduces staircase generator codes and randomly split staircase generator codes to improve efficiency and security. The randomly split staircase generator codes cryptosystem allows for both encryption and digital signatures using efficient procedures while providing 80-bit security levels against quantum attacks, though it has large key sizes of around 10 megabytes.

Technology
1 of 23
Downloaded 34 times
1
2
Most read
3
4
5
6
Most read
7
8
Most read
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Post Quantum Cryptography With random split of St-Gen Codes
Cryptography ● A very old science that has existed since the roman times. ● Nowadays it is deeply integrated into everyday life. ● Just a few out of many example uses: ○ Securing online sessions (SSL) ○ Present in almost every texting application. ○ The OpenPGP standard for encrypting. ● No longer only concerned with confidentiality of information. ● Digital signatures can provide authentication and integrity. ● Cryptographic onions can be used for anonymity.
Cryptography ● Symmetric Cryptography: ○ Makes use of a single key for encryption and decryption ○ Can operate on blocks or streams of bytes ○ Most popular examples are AES, DES, 3DES ● Asymmetric Cryptography: ○ Each party must generate two different key ○ Public key is given out to encrypt incoming messages ○ Private key is kept hidden to be used for decryption ○ Can be used for other primitives such as digital signature ○ Most famous example is the RSA algorithm
Cryptographic Problems Security is achieved through hardness of mathematical problems. The Factorization Problem: Given n = pq where p and q are unique prime numbers. Find p and q in polynomial time. The Discrete Logarithm Problem: Given β=ιa , find a in polynomial time. No efficient classical algorithms exist for either of the two problems.
Quantum Computers ● Classical Computers use bits to store information. ● Always in one of two states at any point in time (0 or 1). ● In contrast, quantum computers have Qubits. ● Can be in two states simultaneously (0 and 1). ● A quantum computer with two bits can be in and act upon 4 states at the same time.
Classical Cryptography Under Quantum Attacks ● It started with Shor’s algorithm developed by Peter Shor in 1994. ● Can factorize a composite number N in polynomial time. ● Demonstrated that public key cryptography algorithms can be broken.
What now ? (Post Quantum Cryptography) ● We need to update our current cryptographic primitives to be able to deal with the new threat. ● Fortunately we do not have to start from scratch. ● Cryptographic classes that do not rely on vulnerable mathematical problems already exist. ○ Code based cryptography ○ Multivariate public key cryptography ○ Lattice based cryptography ○ Hash based cryptosystems
Code based cryptography ● Builds on the concepts introduced by Claude Shannon in 1948. ● Coding theory was developed to be able to retrieve the original message after transmission through a noisy channel. ● A concept that is easily adaptable to cryptography. ● Artificial noise can be applied to a message to hide its contents. ● The original recipient can recover the message by knowing additional information about the encoding scheme.
Terminology ● Hamming Weight: The number of positions which have non zero characters Ex: HWeight(0110) = 2 ● Hamming Distance: The number of positions that vary between two strings Ex: HDist(0110, 0101) = 2 ● Error Correcting Code: An encoding scheme that attaches redundant information to a message, used to recover from errors. ● Codeword: The encoded vector outputted by an error correcting code. A code defines a subspace over the alphabet containing all its codewords.
Terminology ● Linear Binary Code: Most interesting family of codes used in cryptography. ○ Linear if any linear combination of two codewords, is itself a codeword. ○ Binary if defined over a binary alphabet. ○ Defined by its parameters n and k, written (n,k). n is the length of input vectors and k is the length of output vectors. ● Generator Matrix: For an (n,k) code C,, a generator matrix is any n x k matrix that corresponds to the mapping from n-bit vectors to k-bit vectors, according to the encoding scheme of C. c = vG
The McEliece Cryptosystem ● Code based cryptosystem proposed by McEliece in 1978. ● Many following variations and attempted improvements including Niederreiter in 1986. ● First successful digital signature scheme is as recent as 2001. ● While requiring some modifications over the years, it remains unbroken after near 30 years of cryptanalysis. ● Despite faster encryption and decryption procedures, never received much popularity. ● Key size is 32 KBytes compared to 4096 bits for RSA.
The McEliece Cryptosystem Parameters: ● (n,k) linear code capable of correcting t-errors ● n is the length of the input vector ● k defines the length of encoded vector ● t is restriction set on the error vector Key Generation: ● Random Invertible k x k matrix S ● Random k x k permutation matrix P ● Random n x k Generator G ● Public key Gpub =SGP ● Private key (S,G,P) Encryption: ● Random n-bits vector e of weight t ● C = mGpub + e Decryption: ● y’ = CP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
Decoding Algorithms Unique Decoding Algorithms: ● Return only a single answer for the decoded word ● Restricts the weight of the error vector e List Decoding Algorithms: ● Can return multiple answers with different probabilities ● Can correct more errors ● Only interesting if one of the answers has overwhelming probability
Staircase Generator Codes ● In 2014, a new family of linear codes was introduced as staircase generator codes ● Based on it, a new variation of the McEliece cryptosystem was proposed including an encryption and signature scheme. ● The new scheme imposes restrictions on the structure of the generator matrix allowing for more efficient list decoding algorithm. ● It also gives the sender control over the noise generated by the “noisy channel” by defining two parameters: density and granularity. ● Encryption scheme can be adapted directly into a signature scheme using the decryption algorithm.
Generator Matrix ● For a (n,k) linear binary code, a generator matrix would have dimension n x k. ● Each Bi is a random binary matrix. ● The dimensions of the submatrices imposes a stepwise random block structure. ● The stepwise structure allows for defining a very efficient list decoding algorithm.
Error Sets ● Random errors are good model for communication channels ● Unnecessary in context of cryptography. ● Error sets give control over artificial noise. ● Arbitrary error sets guarantee list decoding success with overwhelming probability Ex: El = { 00, 01, 10} ● An error vector is taken from the set El n = El x El x El x El x ….
St-Gen Codes Cryptosystem Parameters: ● (n,k) linear code capable of correcting t-errors ● n is the length of the input vector ● k defines the length of encoded vector Key Generation: ● Random Invertible n x k matrix S ● Random k x k permutation matrix P. P must only permute blocks of size l. ● Random n x k Generator G ● Public key Gpub =SGP ● Private key (S,G,P) Encryption: ● Random n-bits vector taken from the error set ● C = mGpub + e Decryption: ● y’ = CP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
St-Gen Codes Cryptosystem Signing: ● y’ = zP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● = yS-1 Verification: ● e = Gpub + z ● If e is in the error set, then the signature is accepted.
Randomly Split St-Gen Codes ● A successful attack using Information Set Decoding was later demonstrated. ● ISD is a technique to recover the error vector used to encrypt the message. ● Which can in turn be used for practical key recovery. ● Exposing the staircase generator matrix allows for structural attacks. ● To thwart the ISD attack a new idea is introduced to split the public generator matrix into s randomly generated matrices. ● With the random split, the probability of a successful attack becomes negligible.
Randomly Split St-Gen Codes Cryptosystem Key Generation: ● Random Invertible n x k matrix S ● Random s k x k permutation matrices P1 ,P2 , … , Ps . ● Random n x k Generator G ● Random n x k matrices G1 G2 …Gs-1 ● Gs = G + G1 + G2 + … + Gs-1 ● Public key Gpub(i) =SGi Pi ● Private key (S,G,P1 ,P2 , … , Ps ) Encryption: ● Random n-bits vector taken from the error set ● Ci = mGpub(i) + ei Decryption: ● y’i = Ci Pi -1 ● y’ = ∑i y’i ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
Randomly Split St-Gen Codes Cryptosystem Signing: ● y’i = Ci Pi -1 ● y’ = ∑i y’i ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1 Verification: ● e = Gpub(i) + zi ● If e is in the error set, then the signature is accepted.
Results ● Implementation of both encryption scheme and digital signature scheme in C. ● Extremely fast procedures. ○ Key generation procedure for 80-bits of security: 127.840 seconds ○ Encryption: 0.2 seconds ○ Decryption: 1.500 seconds ● Low cost modifications. ● Both encryption and digital signature schemes use mostly the procedures. ● Signature scheme produces signatures that are very efficient in terms of space. ● Cons: ○ key size in the order of 10 Kegabytes.
Thank you. Questions ?

More Related Content

PDF
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
PDF
Post quantum cryptography
Samy Shehata
 
PPTX
Post quantum cryptography
Martins Okoi
 
PPTX
Quantum Cryptography presentation
Kalluri Madhuri
 
PDF
Introduction to Cryptography
Popescu Petre
 
PPTX
quantum cryptography
vignans institute for management and technology for women
 
PPTX
Quantum cryptography
Nishant Bhardwaj
 
PDF
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
Post quantum cryptography
Samy Shehata
 
Post quantum cryptography
Martins Okoi
 
Quantum Cryptography presentation
Kalluri Madhuri
 
Introduction to Cryptography
Popescu Petre
 
quantum cryptography
vignans institute for management and technology for women
 
Quantum cryptography
Nishant Bhardwaj
 
Emily Stamm - Post-Quantum Cryptography
CSNP
 

What's hot (20)

PPTX
Cryptography and Network Security
Pa Van Tanku
 
PPT
Encryption technology
Neha Bhambu
 
PPTX
Cryptography
Pratiksha Patil
 
PPTX
Quantum cryptography
Priya Winsome
 
PPT
Quantum cryptography
Sukhdeep Kaur
 
PPTX
Cryptography
prasham95
 
PPTX
cryptography ppt free download
Twinkal Harsora
 
PPTX
RSA ALGORITHM
Sathish Kumar
 
PPTX
Cryptography
jayashri kolekar
 
PPTX
Cryptography
subodh pawar
 
PPT
block ciphers
Asad Ali
 
PPTX
Quantam cryptogrphy ppt (1)
deepu427
 
PPTX
Quantum cryptography
Himanshu Shekhar
 
PPTX
Cryptography
Jens Patel
 
PDF
Introduction to Cryptography
Seema Goel
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Cryptography.ppt
Uday Meena
 
PPT
Cryptography and Network Security
Ramki M
 
PPTX
Cryptography
Sidharth Mohapatra
 
PPTX
Cryptography
Birmingham City University
 
Cryptography and Network Security
Pa Van Tanku
 
Encryption technology
Neha Bhambu
 
Cryptography
Pratiksha Patil
 
Quantum cryptography
Priya Winsome
 
Quantum cryptography
Sukhdeep Kaur
 
Cryptography
prasham95
 
cryptography ppt free download
Twinkal Harsora
 
RSA ALGORITHM
Sathish Kumar
 
Cryptography
jayashri kolekar
 
Cryptography
subodh pawar
 
block ciphers
Asad Ali
 
Quantam cryptogrphy ppt (1)
deepu427
 
Quantum cryptography
Himanshu Shekhar
 
Cryptography
Jens Patel
 
Introduction to Cryptography
Seema Goel
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Cryptography.ppt
Uday Meena
 
Cryptography and Network Security
Ramki M
 
Cryptography
Sidharth Mohapatra
 
Cryptography
Birmingham City University
 
Ad

Similar to Post quantum cryptography - thesis (20)

PPT
Crypt
Mir Majid
 
PPTX
A study of cryptography for satellite applications
Rajesh Ishida
 
PPT
Stallings Kurose and Ross
Information Security Awareness Group
 
PDF
Edward Schaefer
Information Security Awareness Group
 
PPTX
3 pkc+rsa
Shashank Mishra
 
PDF
Chapter 8 cryptography lanjutan
newbie2019
 
PPT
Network Security and Cryptography
Adam Reagan
 
DOC
Numerical Cryptography as a More Efficient Method of Data Disclosure and Acce...
Emeka Ikpeazu
 
PPTX
Cryptography Introduction
indupps
 
PPT
Class3
ankitasinghbsc
 
PPTX
Cryptography and applications
thai
 
PPTX
NS UNIT 1 Advanced Encryption Standard& RSA
AntonySuresh13
 
PPTX
Cryptography based chat system
Jagsir Singh
 
PPT
Chapter 15 - Security
Wayne Jones Jnr
 
PPTX
Lattice based Merkle for post-quantum epoch
DefCamp
 
PPT
Cryptography - An Overview
ppd1961
 
PPTX
Cryptography
Mrinalini Sharma
 
PPTX
Cryptography in discrete structure .pptx
ayeshaimtiaz067
 
PPT
Network security cryptography ppt
Thushara92
 
PPTX
Security
Saqib Shehzad
 
Crypt
Mir Majid
 
A study of cryptography for satellite applications
Rajesh Ishida
 
Stallings Kurose and Ross
Information Security Awareness Group
 
Edward Schaefer
Information Security Awareness Group
 
3 pkc+rsa
Shashank Mishra
 
Chapter 8 cryptography lanjutan
newbie2019
 
Network Security and Cryptography
Adam Reagan
 
Numerical Cryptography as a More Efficient Method of Data Disclosure and Acce...
Emeka Ikpeazu
 
Cryptography Introduction
indupps
 
Class3
ankitasinghbsc
 
Cryptography and applications
thai
 
NS UNIT 1 Advanced Encryption Standard& RSA
AntonySuresh13
 
Cryptography based chat system
Jagsir Singh
 
Chapter 15 - Security
Wayne Jones Jnr
 
Lattice based Merkle for post-quantum epoch
DefCamp
 
Cryptography - An Overview
ppd1961
 
Cryptography
Mrinalini Sharma
 
Cryptography in discrete structure .pptx
ayeshaimtiaz067
 
Network security cryptography ppt
Thushara92
 
Security
Saqib Shehzad
 
Ad

Recently uploaded (20)

PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
Doc9.....................................
SofiaCollazos
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
Software Development Methodologies in 2025
KodekX
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
The Future of Artificial Intelligence (AI)
Mukul
 
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Doc9.....................................
SofiaCollazos
 

Post quantum cryptography - thesis

  • 2. Cryptography ● A very old science that has existed since the roman times. ● Nowadays it is deeply integrated into everyday life. ● Just a few out of many example uses: ○ Securing online sessions (SSL) ○ Present in almost every texting application. ○ The OpenPGP standard for encrypting. ● No longer only concerned with confidentiality of information. ● Digital signatures can provide authentication and integrity. ● Cryptographic onions can be used for anonymity.
  • 3. Cryptography ● Symmetric Cryptography: ○ Makes use of a single key for encryption and decryption ○ Can operate on blocks or streams of bytes ○ Most popular examples are AES, DES, 3DES ● Asymmetric Cryptography: ○ Each party must generate two different key ○ Public key is given out to encrypt incoming messages ○ Private key is kept hidden to be used for decryption ○ Can be used for other primitives such as digital signature ○ Most famous example is the RSA algorithm
  • 4. Cryptographic Problems Security is achieved through hardness of mathematical problems. The Factorization Problem: Given n = pq where p and q are unique prime numbers. Find p and q in polynomial time. The Discrete Logarithm Problem: Given β=Îąa , find a in polynomial time. No efficient classical algorithms exist for either of the two problems.
  • 5. Quantum Computers ● Classical Computers use bits to store information. ● Always in one of two states at any point in time (0 or 1). ● In contrast, quantum computers have Qubits. ● Can be in two states simultaneously (0 and 1). ● A quantum computer with two bits can be in and act upon 4 states at the same time.
  • 6. Classical Cryptography Under Quantum Attacks ● It started with Shor’s algorithm developed by Peter Shor in 1994. ● Can factorize a composite number N in polynomial time. ● Demonstrated that public key cryptography algorithms can be broken.
  • 7. What now ? (Post Quantum Cryptography) ● We need to update our current cryptographic primitives to be able to deal with the new threat. ● Fortunately we do not have to start from scratch. ● Cryptographic classes that do not rely on vulnerable mathematical problems already exist. ○ Code based cryptography ○ Multivariate public key cryptography ○ Lattice based cryptography ○ Hash based cryptosystems
  • 8. Code based cryptography ● Builds on the concepts introduced by Claude Shannon in 1948. ● Coding theory was developed to be able to retrieve the original message after transmission through a noisy channel. ● A concept that is easily adaptable to cryptography. ● Artificial noise can be applied to a message to hide its contents. ● The original recipient can recover the message by knowing additional information about the encoding scheme.
  • 9. Terminology ● Hamming Weight: The number of positions which have non zero characters Ex: HWeight(0110) = 2 ● Hamming Distance: The number of positions that vary between two strings Ex: HDist(0110, 0101) = 2 ● Error Correcting Code: An encoding scheme that attaches redundant information to a message, used to recover from errors. ● Codeword: The encoded vector outputted by an error correcting code. A code defines a subspace over the alphabet containing all its codewords.
  • 10. Terminology ● Linear Binary Code: Most interesting family of codes used in cryptography. ○ Linear if any linear combination of two codewords, is itself a codeword. ○ Binary if defined over a binary alphabet. ○ Defined by its parameters n and k, written (n,k). n is the length of input vectors and k is the length of output vectors. ● Generator Matrix: For an (n,k) code C,, a generator matrix is any n x k matrix that corresponds to the mapping from n-bit vectors to k-bit vectors, according to the encoding scheme of C. c = vG
  • 11. The McEliece Cryptosystem ● Code based cryptosystem proposed by McEliece in 1978. ● Many following variations and attempted improvements including Niederreiter in 1986. ● First successful digital signature scheme is as recent as 2001. ● While requiring some modifications over the years, it remains unbroken after near 30 years of cryptanalysis. ● Despite faster encryption and decryption procedures, never received much popularity. ● Key size is 32 KBytes compared to 4096 bits for RSA.
  • 12. The McEliece Cryptosystem Parameters: ● (n,k) linear code capable of correcting t-errors ● n is the length of the input vector ● k defines the length of encoded vector ● t is restriction set on the error vector Key Generation: ● Random Invertible k x k matrix S ● Random k x k permutation matrix P ● Random n x k Generator G ● Public key Gpub =SGP ● Private key (S,G,P) Encryption: ● Random n-bits vector e of weight t ● C = mGpub + e Decryption: ● y’ = CP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
  • 13. Decoding Algorithms Unique Decoding Algorithms: ● Return only a single answer for the decoded word ● Restricts the weight of the error vector e List Decoding Algorithms: ● Can return multiple answers with different probabilities ● Can correct more errors ● Only interesting if one of the answers has overwhelming probability
  • 14. Staircase Generator Codes ● In 2014, a new family of linear codes was introduced as staircase generator codes ● Based on it, a new variation of the McEliece cryptosystem was proposed including an encryption and signature scheme. ● The new scheme imposes restrictions on the structure of the generator matrix allowing for more efficient list decoding algorithm. ● It also gives the sender control over the noise generated by the “noisy channel” by defining two parameters: density and granularity. ● Encryption scheme can be adapted directly into a signature scheme using the decryption algorithm.
  • 15. Generator Matrix ● For a (n,k) linear binary code, a generator matrix would have dimension n x k. ● Each Bi is a random binary matrix. ● The dimensions of the submatrices imposes a stepwise random block structure. ● The stepwise structure allows for defining a very efficient list decoding algorithm.
  • 16. Error Sets ● Random errors are good model for communication channels ● Unnecessary in context of cryptography. ● Error sets give control over artificial noise. ● Arbitrary error sets guarantee list decoding success with overwhelming probability Ex: El = { 00, 01, 10} ● An error vector is taken from the set El n = El x El x El x El x ….
  • 17. St-Gen Codes Cryptosystem Parameters: ● (n,k) linear code capable of correcting t-errors ● n is the length of the input vector ● k defines the length of encoded vector Key Generation: ● Random Invertible n x k matrix S ● Random k x k permutation matrix P. P must only permute blocks of size l. ● Random n x k Generator G ● Public key Gpub =SGP ● Private key (S,G,P) Encryption: ● Random n-bits vector taken from the error set ● C = mGpub + e Decryption: ● y’ = CP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
  • 18. St-Gen Codes Cryptosystem Signing: ● y’ = zP-1 ● Apply a decoding algorithm to y’ using G to get y = mS ● = yS-1 Verification: ● e = Gpub + z ● If e is in the error set, then the signature is accepted.
  • 19. Randomly Split St-Gen Codes ● A successful attack using Information Set Decoding was later demonstrated. ● ISD is a technique to recover the error vector used to encrypt the message. ● Which can in turn be used for practical key recovery. ● Exposing the staircase generator matrix allows for structural attacks. ● To thwart the ISD attack a new idea is introduced to split the public generator matrix into s randomly generated matrices. ● With the random split, the probability of a successful attack becomes negligible.
  • 20. Randomly Split St-Gen Codes Cryptosystem Key Generation: ● Random Invertible n x k matrix S ● Random s k x k permutation matrices P1 ,P2 , … , Ps . ● Random n x k Generator G ● Random n x k matrices G1 G2 …Gs-1 ● Gs = G + G1 + G2 + … + Gs-1 ● Public key Gpub(i) =SGi Pi ● Private key (S,G,P1 ,P2 , … , Ps ) Encryption: ● Random n-bits vector taken from the error set ● Ci = mGpub(i) + ei Decryption: ● y’i = Ci Pi -1 ● y’ = ∑i y’i ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1
  • 21. Randomly Split St-Gen Codes Cryptosystem Signing: ● y’i = Ci Pi -1 ● y’ = ∑i y’i ● Apply a decoding algorithm to y’ using G to get y = mS ● m = yS-1 Verification: ● e = Gpub(i) + zi ● If e is in the error set, then the signature is accepted.
  • 22. Results ● Implementation of both encryption scheme and digital signature scheme in C. ● Extremely fast procedures. ○ Key generation procedure for 80-bits of security: 127.840 seconds ○ Encryption: 0.2 seconds ○ Decryption: 1.500 seconds ● Low cost modifications. ● Both encryption and digital signature schemes use mostly the procedures. ● Signature scheme produces signatures that are very efficient in terms of space. ● Cons: ○ key size in the order of 10 Kegabytes.