A novel attack on McEliece's cryptosystem

Abstract

This report proposes a new and novel attack on McEliece's cryptosystem that improves on the probability of attacks formerly proposed by Stern, and Lee and Brickell. Modern day encryption standards have been long since proven insecure to quantum attack, and quantum-resistant cryptosystems are now at the forefront of research. Since 2016, the National Institute of Standards and Technology (NIST) has presided over a public competition to establish new standards for public-key encryption that will secure our data in the post-quantum world. Now in its final round, one of the remaining candidates is McEliece's cryptosystem, a code-based cryptosystem proposed in 1978 by Robert J. McEliece. With a few minor alterations since its conception, McEliece's cryptosystem has, so far, proven resistant to quantum attacks, making it an ideal finalist candidate. The cryptosystem has not, however, escaped the attention of attack and, over the last four decades, a variety of algorithms have been proposed with the intention of exploiting it to recover the plaintext. This paper initially provides an overview of McEliece's cryptosystem and two existing attacks proposed by Stern, and Lee and Brickell in the 1980s. Observations are made on the shared probabilistic nature of Stern's algorithm, and Lee and Brickell's attack. It is noted that the first step of both algorithms involves the random selection of a subset of n indexes. In Stern's algorithm, n−k of n columns in a matrix H are chosen at random and, in Lee and Brickell's attack, k of n bits of the ciphertext are selected, also at random. This relationship is exploited to compound the two attacks and propose a new, novel attack. The complexity and probability of the new attack are discussed and an analysis is conducted to compare it against both Stern's algorithm and Lee and Brickell's attack. This analysis suggests that the probability of successful attack comes close to combining those of the two original attacks. Furthermore, the results suggest that the novel attack can successfully recover a message faster than Stern's algorithm. Improvements to the attack are suggested, concluding that further study should be conducted into fully analysing it and its implications on the security of McEliece's cryptosystem.