McEliece cryptosystem
From Wikipedia, the free encyclopedia
In cryptography, the McEliece cryptosystem is an asymmetric key algorithm developed in 1978 by Robert McEliece. The algorithm has never gained much acceptance in the cryptographic community.
The algorithm uses Goppa codes, which are a type of error-correcting code (see coding theory). The algorithm disguises a Goppa code made from the plaintext as a general linear code. Goppa codes are easy to decode, but distinguishing them from a general linear code is hard. This is McEliece's hard problem.
The private and public keys are large matrices, which is one of the main disadvantages of the algorithm. The public key is very large: 219 bits long.
Attempts have been made to cryptanalyze McEliece, but none have been successful. However, the algorithm is never used in practice because of the massive keys and because the ciphertext is twice as large as the plaintext. The similarity between this algorithm and the knapsack problem (which has been proven insecure) also worries some.
McEliece is used for encryption in the Freenet-like application Entropy (anonymous data store).
Contents |
[edit] Scheme definition
McEliece consists of three algorithms: a probabilistic key generation algorithm which produces a public and a private key, a probabilistic encryption algorithm, and a deterministic decryption algorithm.
All users in a McEliece deployment share a set of common security parameters: n,t,k. Recommended values for these parameters are n = 1024,t = 38,k = 644 (source: Handbook of Applied Cryptography).
[edit] Key generation
- Users select a binary (n,k)-linear code C capable of correcting t errors. This code must possess an efficient decoding algorithm.
- Alice generates a generator matrix G for the code C.
- Select a random binary non-singular matrix S.
- Select a random permutation matrix P.
- Compute the matrix .
- Alice’s public key is ; her private key is (S,G,P).
[edit] Message encryption
Suppose Bob wishes to send a message m to Alice whose public key is :
- Encode the message as a binary string of length k.
- Compute the vector .
- Generate a random n-bit vector z containing at most t ones.
- Compute the ciphertext as .
[edit] Message decryption
- Compute the inverse of P, P − 1.
- Compute .
- Use the decoding algorithm for the code C to decode to .
- Compute .
[edit] References
- Alfred J. Menezes, Scott A. Vanstone, A. J. Menezes and Paul C. van Oorschot, Handbook of Applied Cryptography.