TL;DR
This paper introduces a new subexponential distinguisher for alternant and Goppa codes, applicable to McEliece cryptosystem variants, using algebraic invariants, marking a breakthrough in cryptanalysis.
Contribution
It presents the first subexponential distinguisher for McEliece-related codes using graded Betti numbers, overcoming previous regime limitations.
Findings
Distinguisher applies to codes in the Classic McEliece scheme.
Breaks the exponential barrier in cryptanalysis of McEliece.
Operates in the CPA model with improved complexity.
Abstract
We present a new distinguisher for alternant and Goppa codes, whose complexity is subexponential in the error-correcting capability, hence better than that of generic decoding algorithms. Moreover it does not suffer from the strong regime limitations of the previous distinguishers or structure recovery algorithms: in particular, it applies to the codes used in the Classic McEliece candidate for postquantum cryptography standardization. The invariants that allow us to distinguish are graded Betti numbers of the homogeneous coordinate ring of a shortening of the dual code. Since its introduction in 1978, this is the first time an analysis (in the CPA model) of the McEliece cryptosystem breaks the exponential barrier.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.