On the Security of Subspace Subcodes of Reed-Solomon Codes for Public Key Encryption

This article discusses the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, i.e. subcodes of Reed-Solomon codes over <inline-formula> <tex-math notation="LaTeX">{\mathbb {F}_{q^{m}}} </tex-math></inline-formula> whose entri...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information theory Vol. 68; no. 1; pp. 632 - 648
Main Authors Couvreur, Alain, Lequesne, Matthieu
Format Journal Article
LanguageEnglish
Published New York IEEE 01.01.2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Institute of Electrical and Electronics Engineers
Subjects
Code-based cryptography
Codes
Computer Science
Cryptography and Security
Encryption
expansion of codes
Generators
GRS codes
Information Theory
key recovery attack
Mathematics
McEliece encryption scheme
NIST
Polynomials
Proposals
Public key
Reed-Solomon codes
Security
square product of codes
subspace subcodes
Subspaces
Code-based cryptography
McEliece encryption scheme
GRScodes
Square product of codes
Subspace subcodes
Key recovery attack
Expansion of codes
Online AccessGet full text

Cover

More Information
Summary:This article discusses the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, i.e. subcodes of Reed-Solomon codes over <inline-formula> <tex-math notation="LaTeX">{\mathbb {F}_{q^{m}}} </tex-math></inline-formula> whose entries lie in a fixed collection of <inline-formula> <tex-math notation="LaTeX">{\mathbb {F}_{q}} </tex-math></inline-formula>-subspaces of <inline-formula> <tex-math notation="LaTeX">{\mathbb {F}_{q^{m}}} </tex-math></inline-formula>. These codes appear to be a natural generalisation of Goppa and alternant codes and provide a broader flexibility in designing code based encryption schemes. For the security analysis, we introduce a new operation on codes called the twisted product which yields a polynomial time distinguisher on such subspace subcodes as soon as the chosen <inline-formula> <tex-math notation="LaTeX">{\mathbb {F}_{q}} </tex-math></inline-formula>-subspaces have dimension larger than <inline-formula> <tex-math notation="LaTeX">m/2 </tex-math></inline-formula>. From this distinguisher, we build an efficient attack which in particular breaks some parameters of a recent proposal due to Khathuria, Rosenthal and Weger.
ISSN:0018-9448
1557-9654
DOI:10.1109/TIT.2021.3120440