Abstract
We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure–Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Talé Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail—hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the key encapsulation mechanisms version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.
Highlights
Public-key cryptography is the foundation for establishing secure communication between multiple parties
We prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions on problems related to list and interleaved decoding of Gabidulin codes
We presented a new rank-metric code-based cryptosystem: LIGA
Summary
Public-key cryptography is the foundation for establishing secure communication between multiple parties. A new system is presented which is based on the original FL system, and relies on the proven hardness of list decoding Gabidulin codes, but makes the attack from [21] impossible. We prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions on problems related to list and interleaved decoding of Gabidulin codes. After summarizing the attack from [21], we prove its equivalence to decoding the public key as an interleaved Gabidulin code Based on this equivalence, the new system LIGA is proposed in Sect. – we present a KEM/DEM version of LIGA, – we identify formal problems in the rank metric on which the security of LIGA relies and prove the IND-CPA/CCA2 security of the KEM/DEM version under the assumption that some of these problems are hard, – we analyze new exponential-time attacks on these problems
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have