In this paper, we present a new algebraic attack against some special cases of Wild McEliece Incognito, a generalization of the original McEliece cryptosystem. This attack does not threaten the original McEliece cryptosystem. We prove that recovering the secret key for such schemes is equivalent to solving a system of polynomial equations whose solutions have the structure of a usual vector space. Consequently, to recover a basis of this vector space, we can greatly reduce the number of variables in the corresponding algebraic system. From these solutions, we can then deduce the basis of a GRS code. Finally, the last step of the cryptanalysis of those schemes corresponds to attacking a McEliece scheme instantiated with particular GRS codes (with a polynomial relation between the support and the multipliers) which can be done in polynomial-time thanks to a variant of the Sidelnikov-Shestakov attack. For Wild McEliece & Incognito, we also show that solving the corresponding algebraic system is notably easier in the case of a non-prime base field Fq. To support our theoretical results, we have been able to practically break several parameters defined over a non-prime base field q ∈ {9, 16, 25, 27, 32}, t≤ 6, extension degrees m ∈ {2, 3}, security level up to 2129 against information set decoding in few minutes or hours.
CITATION STYLE
Faugère, J. C., Perret, L., & de Portzamparc, F. (2014). Algebraic attack against variants of McEliece with Goppa polynomial of a special form. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8873, pp. 21–41). Springer Verlag. https://doi.org/10.1007/978-3-662-45611-8_2
Mendeley helps you to discover research relevant for your work.