Authors: Alain Couvreur Philippe Gaborit Valérie GauthierUmaña Ayoub Otmani JeanPierre Tillich
Publish Date: 2014/04/20
Volume: 73, Issue: 2, Pages: 641-666
Abstract
Because of their interesting algebraic properties several authors promote the use of generalized Reed–Solomon codes in cryptography Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure Wieschebrink proposed a variant of the McEliece cryptosystem which consists in concatenating a few random columns to a generator matrix of a secretly chosen generalized Reed–Solomon code More recently new schemes appeared which are the homomorphic encryption scheme proposed by Bogdanov and Lee and a variation of the McEliece cryptosystem proposed by Baldi et al which hides the generalized Reed–Solomon code by means of matrices of very low rank In this work we show how to mount keyrecovery attacks against these publickey encryption schemes We use the concept of distinguisher which aims at detecting a behavior different from the one that one would expect from a random code All the distinguishers we have built are based on the notion of componentwise product of codes It results in a powerful tool that is able to recover the secret structure of codes when they are derived from generalized Reed–Solomon codes Lastly we give an alternative to Sidelnikov and Shestakov attack by building a filtration which enables to completely recover the support and the nonzero scalars defining the secret generalized Reed–Solomon code
Keywords: