Broadcast attacks against code-based schemes

Abstract

Code-based cryptographic schemes are promising candidates for post-quantum cryptography since they are fast, require only basic arithmetic, and because their security is well understood. While there is strong evidence that cryptosystems like McEliece and Niederreiter are secure, they have certain weaknesses when used without semantic conversions. An example is a broadcast scenario where the same message is send to different users, encrypted with the respective keys. In this paper, we show how an attacker can use these messages to mount a broadcast attack, which allows to break the Niederreiter and the HyMES cryptosystem using only a small number of messages. While many code-based cryptosystems use certain classes of codes, e.g. binary Goppa codes, our attack is completely independent from this choice and solves the underlying problem directly. Since the number of required messages is very small and since the attack is also possible if related, not identical messages are sent, this has many implications on practical cryptosystem implementations. We discuss possible countermeasures, and provide a CCA2-secure version of the Niederreiter cryptosystem using the Kobara-Imai conversion. © 2012 Springer-Verlag.