LDPC codes in the McEliece cryptosystem: attacks and countermeasures

TL;DR

This paper reviews QC-LDPC codes in the McEliece cryptosystem, analyzing recent attacks and proposing countermeasures, including a higher security version, demonstrating scalability with key length.

Contribution

It provides a comprehensive overview of QC-LDPC codes in McEliece, discusses recent cryptanalysis, and introduces a new, more secure cryptosystem variant.

Findings

Recent attacks can be countered by modifying matrix forms.

The proposed higher security version resists current cryptanalysis.

The cryptosystem scales well with increased key length.

Abstract

The McEliece cryptosystem is a public-key cryptosystem based on coding theory that has successfully resisted cryptanalysis for thirty years. The original version, based on Goppa codes, is able to guarantee a high level of security, and is faster than competing solutions, like RSA. Despite this, it has been rarely considered in practical applications, due to two major drawbacks: i) large size of the public key and ii) low transmission rate. Low-Density Parity-Check (LDPC) codes are state-of-art forward error correcting codes that permit to approach the Shannon limit while ensuring limited complexity. Quasi-Cyclic (QC) LDPC codes are a particular class of LDPC codes, able to join low complexity encoding of QC codes with high-performing and low-complexity decoding of LDPC codes. In a previous work it has been proposed to adopt a particular family of QC-LDPC codes in the McEliece cryptosystem to reduce the key size and increase the transmission rate. Recently, however, new attacks have been found that are able to exploit a flaw in the transformation from the private key to the public one. Such attacks can be effectively countered by changing the form of some constituent matrices, without altering the system parameters. This work gives an overview of the QC-LDPC codes-based McEliece cryptosystem and its cryptanalysis. Two recent versions are considered, and their ability to counter all the currently known attacks is discussed. A third version able to reach a higher security level is also proposed. Finally, it is shown that the new QC-LDPC codes-based cryptosystem scales favorably with the key length.