Distinguisher-Based Attacks on Public-Key Cryptosystems Using Reed-Solomon Codes (1307.6458v2)

Abstract: Because of their interesting algebraic properties, several authors promote the use of generalized Reed-Solomon codes in cryptography. Niederreiter was the first to suggest an instantiation of his cryptosystem with them but Sidelnikov and Shestakov showed that this choice is insecure. Wieschebrink proposed a variant of the McEliece cryptosystem which consists in concatenating a few random columns to a generator matrix of a secretly chosen generalized Reed-Solomon code. More recently, new schemes appeared which are the homomorphic encryption scheme proposed by Bogdanov and Lee, and a variation of the McEliece cryptosystem proposed by Baldi et \textit{al.} which hides the generalized Reed-Solomon code by means of matrices of very low rank. In this work, we show how to mount key-recovery attacks against these public-key encryption schemes. We use the concept of distinguisher which aims at detecting a behavior different from the one that one would expect from a random code. All the distinguishers we have built are based on the notion of component-wise product of codes. It results in a powerful tool that is able to recover the secret structure of codes when they are derived from generalized Reed-Solomon codes. Lastly, we give an alternative to Sidelnikov and Shestakov attack by building a filtration which enables to completely recover the support and the non-zero scalars defining the secret generalized Reed-Solomon code.

• The paper presents novel distinguisher-based attacks exploiting vulnerabilities in public-key cryptosystems using generalized Reed-Solomon codes by analyzing square code properties.
• Key techniques involve analyzing the dimension of square codes under puncturing to break schemes by Wieschebrink, Bogdanov-Lee, and others, revealing hidden code structures.
• Findings highlight significant vulnerabilities in GRS-based cryptography, suggesting a need for stronger obfuscation and inspiring cryptanalysis research on other code families.

Distinguisher-Based Attacks on Public-Key Cryptosystems Using Reed-Solomon Codes

The paper investigates vulnerabilities in public-key cryptosystems that use generalized Reed-Solomon (GRS) codes by employing a novel mechanism involving distinguishers and the square code construction. The analysis spans several cryptosystem variants, including those proposed by Wieschebrink, Bogdanov-Lee, and Baldi et al.

Overview and Methodology

The key insight leveraged by this research is the abnormal behavior of the square code associated with GRS codes, which enables effective detection and recovery of hidden structure used in these cryptosystems. The paper covers:

1. Wieschebrink's Scheme: The vulnerability is rooted in the method of adjacency of random columns to a GRS generator matrix, which leads to security gaps that can be exploited through scrutinizing the dimension of square codes under varying punctured conditions. The paper provides a deterministic polynomial-time attack algorithm for identifying and isolating such random columns.
2. Bogdanov-Lee Homomorphic Encryption Scheme: The attack involves puncturing the public key to discover secret structures based on Reed-Solomon codes, capitalizing on the low-dimensionality phenomenon. The method allows for the recovery of the secret set $L$ efficiently and thereby bypasses conventional decryption mechanisms.
3. BBCRS Cryptosystem: This part of the paper demonstrates how alternative permutation mechanisms in scrambling matrices, particularly when of low rank and composed as $\Pi + R$, fail to obfuscate the correlation to GRS codes effectively. The discoverable nature of GRS structure is further augmented by mapping non-GRS subcodes back to their bases via square code insight.
4. General Attack on GRS-Based McEliece Variants: The paper also develops an alternative approach to the known attack by Sidelnikov and Shestakov, which does not rely on the computation of minimum codewords but on the systematic recovery of subcode filtration aligning with the GRS code properties.

Implications and Future Directions

The findings imply significant vulnerabilities intrinsic to certain code-based cryptosystems, highlighting the untenable security assumption when using GRS codes without further obfuscation strategies. In practical terms, cryptosystems leveraging similar structures should re-evaluate their approach to hiding code basis and scrutinize potential distinguishers as discussed.

Theoretically, this work inspires further inquiry into leveraging code properties, such as distinguishers, in developing cryptanalysis tools across differing algebraic code families. This can extend to investigating vulnerabilities in other code-based cryptosystems, such as alternant and Reed-Muller codes, which share algebraic similarities with GRS codes.

Future research may explore expanding the methods to cryptosystems based on noisy codes in higher-dimensional fields or multiple extensions and analyzing the attacker’s complexity parameters under enhanced blurring matrices like those suggested in subsequent cryptosystem revisions.

The utilization of distinguishers, particularly the dimensional assessment of square codes, prompts a reevaluation of the security frameworks underpinning code-based cryptography. This research underscores the relevance of algebraic scrutiny combined with computational approaches in contemporary cryptanalysis, especially as it pertains to defense against quantum computing advancements.