Figure - available from: Wireless Personal Communications
This content is subject to copyright. Terms and conditions apply.
Source publication
McEliece and Goldreich–Goldwasser–Halevi (GGH) cryptosystems are two instances of code and lattice-based cryptosystems whose security are based on the hardness of coding theoretic and lattice problems, respectively. However, such cryptosystems have a number of drawbacks which make them inefficient in practice. On the other hand, low density lattice...
Citations
... The KEM-PC's complexity comprises encapsulation complexity ( Encaps ) and decapsulation complexity ( Decaps ). The complexity of KEM-PC.Encaps can be represented as Encaps = mul (mG ′ ) + add (e) + KDF (m‖e), where mul (mG ′ ) = (n(n − k)) is the complexity of multiplication between m and encapsulation matrix G ′ = [I k |Q]; add (e) = (n) is the quantity of binary functions for adding n-bit error vector e [30,31] and KDF (m‖e) = (n + k + l k ) is the time complexity of used KDF. The complexity of KEM-PC.Decaps is calculated as Decaps = mul (cP −1 ) + SC (c ′ ) + mul (uS ) + mul (e ′ P ) + KDF (m‖e), where mul (cP −1 ) = mul (e ′ P ) = (n), is the essential binary functions to multiply n-bit vectors c and e ′ by the matrices P −1 and P, respectively. ...
This paper introduces a key encapsulation mechanism based on polar codes, called as KEM‐PC, with secure and efficient key generation, encapsulation and decapsulation algorithms. In the proposed KEM‐PC, the ephemeral public encapsulation and secret decapsulation keys, which are generated at each key exchange session, are employed. By introducing secure polar coding and exploiting the characteristics of polar codes, the ephemeral secret decapsulation key size is reduced. Also, by exploiting the secure polar encoding, KEM‐PC has a proper security level against information set decoding and indistinguishable chosen plaintext attack. In fact, decreasing the ephemeral secret decapsulation key size of KEM‐PC has no impact on its security level. Moreover, the proposed KEM‐PC has a potential to be exploited in an authenticated key exchange protocol. The aforementioned properties make the proposed KEM‐PC usable in secure communication devices.
... However, such replacement can yield serious flaws in its security level. Thus far, several schemes have been proposed to dominate the weaknesses of McEliece scheme by exchanging the Goppa codes with the different linear codes such as generalized Reed-Solomon (GRS) codes [7], Reed-Muller codes [8], quasi cyclic low density parity check (QC-LDPC) codes [9][10][11], wild Goppa codes [12,13], p-adic Goppa codes [11,14], moderate density parity check (MDPC) codes [15,16], convolutional codes [17] and more recently low density lattice codes (LDLCs) [18]. Some of these suggested yields decrease the public key length while keeping the same security level against the conventional attacks. ...
Polar codes are novel and efficient error correcting codes with low encoding and decoding complexities. These codes have a channel dependent generator matrix which is determined by the code dimension, code length and transmission channel parameters. This paper studies a variant of the McEliece public key cryptosystem based on polar codes, called "PKC-PC". Due to the fact that the structure of polar codes' generator matrix depends on the parameters of channel, we used an efficient approach to conceal their generator matrix. Then, by the help of the characteristics of polar codes and also introducing an efficient approach, we reduced the public and private key sizes of the PKC-PC and increased its information rate compared to the McEliece cryptosystem. It was shown that polar codes are able to yield an increased security level against conventional attacks and possible vulnerabilities on the code-based public key cryptosystems. Moreover, it is indicated that the security of the PKC-PC is reduced to solve NP-complete problems. Compared to other post-quantum public key schemes, we believe that the PKC-PC is a promising candidate for NIST post-quantum crypto standardization.
... Recently, a public key encryption scheme has been proposed based on Low Density Lattice Codes (LDLCs) [20] that improves efficiency of GGH cryptosystem [21]. However, the public key size of the proposed cryptosystem is still large and its space and time complexities are quadratic in terms of the security parameter. ...
... GGH [4] HNF-GGH [5] NTRU [50] McEliece [51] MDPC-McEliece [16] LDLC-based crypt. [21] New scheme ...
... , h d } is the generating set of the parity check matrix H n×n of the used LDLC with dimension n, P = {p 1 , p 2 , . . . , p d } whose entry in p i -th column and i-th row of matrix P d×n is "1", where 1 ≤ i ≤ d and 1 ≤ p i ≤ n, and U is an n × n unimodular matrix, that is, an n × n integer matrix with determinant of unit magnitude [21]. Since, we need at least O(n 2 ) bits for storing the matrix U, the private key size of this cryptosystem will be at least O(n 2 ) bits in contrast to the author's claim as being O(n) bits [21]. ...
In this paper, we introduce a new family of lattices, namely QC-MDPC lattices which are a special case of LDPC lattices, and an improved bit flipping algorithm for decoding of these lattices. Encoding and decoding implementations of QC-MDPC lattices are practical in high dimensions. Indeed, to take advantage of practical decoding we use "Construction-A" lattices which makes a tight connection between the structure of lattices and codes. Using these features we design a lattice-based public key encryption scheme enjoying linear encryption and decryption complexities. The proposed scheme has a reasonable key size due to the sparseness of the parity-check matrix and the quasi cyclic structure of the parity-check and generator matrices. Besides, the message expansion of the proposed scheme is smaller than other lattice-based and code-based cryptosystems with comparative parameters. All these features provide a latticebased public key encryption scheme with reasonable key size, linear encryption and decryption algorithms and small message expansion. On the other hand, we show that the cryptosystem is resistant against all known attacks both on lattice-based and code-based cryptosystems for different levels of security.
In this paper, two polar code-based identification schemes are proposed in which the polar codes are used instead of random codes. The security of the proposed identification schemes is based on the hardness of coding problems such as general decoding problem (GDP) and syndrome decoding problem (SDP). By exploiting the properties of polar codes in the proposed identification schemes, it does not need to save the parity check or generator matrix of polar codes completely as a public data. Therefore, the public data size of the proposed identification schemes is reduced up to 90% in comparison with the Stern and Veron identification schemes. Also, by using the efficient techniques of seed generation and compression, it is shown that the communication costs of the proposed identification schemes are reduced up to 53% compared to the Stern and Veron identification schemes. Moreover, security analyses show that the proposed identification schemes have low cheating probability and also have proper resistance against information set decoding attack.
Today, there is a real need to strengthen the communication security to anticipate the development of quantum computing and the eventual attacks arising from it. This work explores two complementary techniques that provide confidentiality to data transmitted over wireless networks. In the first part, we focus on lattice-based public-key cryptography, which is one of the most promising techniques for the post-quantum cryptography systems. In particular, we focus on the Goldreich-Goldwasser-Halevi (GGH) cryptosystem, for which we propose a new scheme using GLD lattices. In the second part of this work, we study the security of multi-user cache-aided wiretap broadcast channels (BCs) against an external eavesdropper under two secrecy constraints: individual secrecy constraint and joint secrecy constraint. We compute upper and lower bounds on secure capacity-memory tradeoff considering different cache distributions. To obtain the lower bound, we propose different coding schemes that combine wiretap coding, superposition coding and piggyback coding. We prove that allocation of the cache memory to the weaker receivers is the most beneficial cache distribution scenario.
