In 2019, Berger et al. introduced a code-based cryptosystem using quasi-cyclic generalized subspace subcodes of Generalized Reed-Solomon codes (GRS). In their scheme, the underlying GRS code is not secret but a transformation of codes over F2m to codes over F2 is done by choosing some arbitrary F2 -subspaces Vi of F2m and by using the natural injection Vi⊂F2m↪F2m. In this work, we study the security of the cryptosystem with some additional assumption. In addition to the knowledge of the GRS code, we introduce a new kind of attack in which the subspaces are corrupted. We call this attack “known subspace attack” (KSA). Although this assumption is unrealistic, it allows us to better understand the security of this scheme. We are able to show that the original parameters are not secure; in practice this however does not break the original proposal. In this paper, we provide new parameters for Berger et al.’s scheme which are secure against the known subspace attack.
Security Analysis of a Cryptosystem Based on Subspace Subcodes / Berger, T. P.; Gueye, A. N.; Gueye, C. T.; Hasan, M. A.; Klamti, J. B.; Persichetti, E.; Randrianarisoa, T. H.; Ruatta, O.. - (2022), pp. 42-59. - LECTURE NOTES IN COMPUTER SCIENCE. [10.1007/978-3-030-98365-9_3].
Security Analysis of a Cryptosystem Based on Subspace Subcodes
Persichetti E.;
2022
Abstract
In 2019, Berger et al. introduced a code-based cryptosystem using quasi-cyclic generalized subspace subcodes of Generalized Reed-Solomon codes (GRS). In their scheme, the underlying GRS code is not secret but a transformation of codes over F2m to codes over F2 is done by choosing some arbitrary F2 -subspaces Vi of F2m and by using the natural injection Vi⊂F2m↪F2m. In this work, we study the security of the cryptosystem with some additional assumption. In addition to the knowledge of the GRS code, we introduce a new kind of attack in which the subspaces are corrupted. We call this attack “known subspace attack” (KSA). Although this assumption is unrealistic, it allows us to better understand the security of this scheme. We are able to show that the original parameters are not secure; in practice this however does not break the original proposal. In this paper, we provide new parameters for Berger et al.’s scheme which are secure against the known subspace attack.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.