Polar codes are novel and efficient error correcting codes with low encoding and decoding complexities. These codes have a channel dependent generator matrix which is determined by the code dimension, code length and transmission channel parameters. This paper studies a variant of the McEliece public key cryptosystem based on polar codes, called "PKC-PC". Due to the fact that the structure of polar codes' generator matrix depends on the parameters of channel, we used an efficient approach to conceal their generator matrix. Then, by the help of the characteristics of polar codes and also introducing an efficient approach, we reduced the public and private key sizes of the PKC-PC and increased its information rate compared to the McEliece cryptosystem. It was shown that polar codes are able to yield an increased security level against conventional attacks and possible vulnerabilities on the code-based public key cryptosystems. Moreover, it is indicated that the security of the PKC-PC is reduced to solve NP-complete problems. Compared to other post-quantum public key schemes, we believe that the PKC-PC is a promising candidate for NIST post-quantum crypto standardization.
Deep Dive into PKC-PC: A Variant of the McEliece Public Key Cryptosystem based on Polar Codes.
Polar codes are novel and efficient error correcting codes with low encoding and decoding complexities. These codes have a channel dependent generator matrix which is determined by the code dimension, code length and transmission channel parameters. This paper studies a variant of the McEliece public key cryptosystem based on polar codes, called “PKC-PC”. Due to the fact that the structure of polar codes’ generator matrix depends on the parameters of channel, we used an efficient approach to conceal their generator matrix. Then, by the help of the characteristics of polar codes and also introducing an efficient approach, we reduced the public and private key sizes of the PKC-PC and increased its information rate compared to the McEliece cryptosystem. It was shown that polar codes are able to yield an increased security level against conventional attacks and possible vulnerabilities on the code-based public key cryptosystems. Moreover, it is indicated that the security of the PKC-PC is
1
Abstract— Polar codes are novel and efficient error correcting
codes with low encoding and decoding complexities. These codes
have a channel dependent generator matrix which is determined
by the code dimension, code length and transmission channel
parameters. This paper studies a variant of the McEliece public
key cryptosystem based on polar codes, called “PKC-PC”. Due to
the fact that the structure of polar codes’ generator matrix
depends on the parameters of channel, we used an efficient
approach to conceal their generator matrix. Then, by the help of
the characteristics of polar codes and also introducing an
efficient approach, we reduced the public and private key sizes of
the PKC-PC and increased its information rate compared to the
McEliece cryptosystem. It was shown that polar codes are able to
yield an increased security level against conventional attacks and
possible
vulnerabilities
on
the
code-based
public
key
cryptosystems. Moreover, it is indicated that the security of the
PKC-PC is reduced to solve NP-complete problems. Compared to
other post-quantum public key schemes, we believe that the
PKC-PC is a promising candidate for NIST post-quantum crypto
standardization.
Index Terms— Channel Coding, McEliece Cryptosystem,
Polar Codes, Public Key Cryptography
I. INTRODUCTION AND MOTIVATION
T has been revealed that the conventional used public key
cryptosystems, whose security are based on the difficulty of
discrete logarithm or factoring problems, are broken by the
quantum computers in polynomial-time [1]. One of the
important categories of cryptosystems which can resist
quantum computer-based attacks is code-based cryptosystems.
These kinds of cryptosystems can be considered as
alternatives to the conventional public key cryptosystems,
such as RSA and ElGamal [2]. The security of most of these
cryptosystems relies on the hardness of some conventional
problems in coding theory [3]. For example, it was previously
shown that the decoding of a linear code with no clear
structure is NP-complete problem [4]. The first public key
The material in this paper was presented in part at the Eleventh
International ISC Conference on Information Security and Cryptology
(ISCISC 2014), Tehran, Iran, September 2014. This work was supported in
part by Iranian National Science Foundation (INSF) under Grant 92.32575.
Reza Hooshmand is with the Department of Electrical Engineering, Shahid
Sattari Aeronautical University of Science and Technology, Tehran
1384663113, Iran (e-mail: rhooshmand@ssau.ac.ir).
Masoumeh Koochak Shooshtari is with the Faculty of Electrical
Engineering, K. N. Toosi University of Technology, Tehran 16315-1355, Iran
(e-mail: m-koochak@ee.kntu.ac.ir).
Mohammad Reza Aref is with the Department of Electrical Engineering,
Sharif University of Technology, Tehran 11365/8639, Iran, (e-mail:
aref@sharif.edu)
code-based cryptosystem originally proposed based on the
binary Goppa codes is McEliece cryptosystem [5]. This
cryptosystem applies a binary Goppa codes’ generator matrix,
a scrambling matrix, and a permuting matrix as the private
key. The scrambling and permuting matrices are employed to
convert the private key into the public matrix. The McEliece
cryptosystem applies the generator matrix and encodes the
information vector into the public code’s codewords.
Compared to the conventional public key cryptosystems,
McEliece cryptosystem has low complexity encryption/
decryption algorithms. Nevertheless, due to the use of binary
Goppa codes, this cryptosystem has two major weaknesses
[6]: (i) low transmission rate, and (ii) huge key size.
One of efficient approaches to resolve the weaknesses of
McEliece cryptosystem is exchanging binary Goppa codes
with the other linear block codes. However, such replacement
can yield serious flaws in its security level. Thus far, several
schemes have been proposed to dominate the weaknesses of
McEliece scheme by exchanging the Goppa codes with the
different linear codes such as generalized Reed–Solomon
(GRS) codes [7], Reed–Muller codes [8], quasi cyclic low
density parity check (QC-LDPC) codes [9-11], wild Goppa
codes [12, 13], p-adic Goppa codes [11, 14], moderate density
parity check (MDPC) codes [15, 16], convolutional codes [17]
and more recently low density lattice codes (LDLCs) [18].
Some of these suggested yields decrease the public key length
while keeping the same security level against the conventional
attacks. However, most of them exposed the McEliece
cryptosystem to security threats and yield serious flaws in its
security level. For example, public key schemes based on GRS
and Reed-Muller codes were broken in [19] and [20],
respectively. A number of versions of LDPC code-based
schemes [9, 10] have been successfully cryptanalyzed with
efficient attacks in [21, 22]. Some of the parameters that can
be found in public key schemes based on wild Goppa codes
[12, 13]
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
