Security and complexity of the McEliece cryptosystem based on QC-LDPC codes

TL;DR

This paper explores a McEliece cryptosystem variant using QC-LDPC codes, analyzing its security and complexity trade-offs, and proposing a decoding method that enhances efficiency while maintaining security.

Contribution

It introduces a McEliece cryptosystem variant based on QC-LDPC codes, with a focus on decoding strategies and security-complexity trade-offs for practical system design.

Findings

Bit-flipping decoder significantly reduces complexity.

Theoretical and practical tools for security and complexity estimation.

Trade-off analysis guides system design choices.

Abstract

In the context of public key cryptography, the McEliece cryptosystem represents a very smart solution based on the hardness of the decoding problem, which is believed to be able to resist the advent of quantum computers. Despite this, the original McEliece cryptosystem, based on Goppa codes, has encountered limited interest in practical applications, partly because of some constraints imposed by this very special class of codes. We have recently introduced a variant of the McEliece cryptosystem including low-density parity-check codes, that are state-of-the-art codes, now used in many telecommunication standards and applications. In this paper, we discuss the possible use of a bit-flipping decoder in this context, which gives a significant advantage in terms of complexity. We also provide theoretical arguments and practical tools for estimating the trade-off between security and complexity, in such a way to give a simple procedure for the system design.