Cryptography Asked on October 24, 2021
In the McEliece cryptosystem, is choice of the code known to the attacker? And if a structural attack succeeded and the attacker found the generator matrix of the code, how did the attacker decode the encrypted message?
The "seed" code is known (via $G$) to everyone including the attacker, but the actual code used is unknown. The seed code coordinates are permuted on the right ($P$) after an invertible transformation $S$ applied on the left, forming a trapdoor. $S,P$ are secret. If the permuted generator matrix is $hat{G}$ we have $$ hat{G}=SGP. $$
If the attacker finds the (unpermuted) generator matrix, then they can just decode as explained in the next paragraph.
If the received ciphertext is $c=c'oplus e,$ where $e$ is the noise vector added for security, and $c'=mhat{G},$ the legitimate recipient can do $$ hat{c}=cP^{-1}, $$ and can decode $hat{c}$ to $hat{m}$ using the standard decoding algorithm for the code. Finally she can compute $$ m=hat{m}S^{-1}. $$ You can check in a routine way this works.
Edit: To clarify where the security comes from, the masking via permutation and matrix multiplication produces an equivalent “pseudorandom” code with similar properties to the original code.
So the equivalent decoding problem looks like a decoding problem for a random code, and since decoding a random code is difficult, the strength resides in the multiplication and permutation, they are trapdoor information available only to the authorized decoder.
Note that the noise added must not be beyond the correction capability of the code. If it was, the legitimate receiver might decode to the wrong codeword even with the trapdoor information or fail to decode to the correct codeword.
Answered by kodlu on October 24, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP