Ball-collision decoding

D.J. Bernstein; T. Lange; C.P. Peters

Ball-collision decoding

D.J. Bernstein, T. Lange, C.P. Peters

Research output: Book/Report › Report › Academic

Abstract

This paper introduces a new generic decoding algorithm that is asymptotically faster than any previous attack against the McEliece cryptosystem. At a 256-bit security level, the attack costs 2.6 times fewer bit operations than the best previous attack; at a theoretical 1000-bit security level, the attack costs 15.5 times fewer bit operations than the best previous attack. The algorithm is asymptotically even faster than the Finiasz-Sendrier "lower bound" published at Asiacrypt 2009, demonstrating that the Finiasz-Sendrier parameter recommendations are not as secure as claimed. This paper proposes much safer, but still reasonably efficient, parameters based on an analysis of the fundamental bottleneck in all algorithms of this type.

Original language	English
Publisher	IACR
Publication status	Published - 2010

Publication series

Name	Cryptology ePrint Archive
Volume	2010/585

Access to Document

http://eprint.iacr.org/2010/585

Cite this

@book{2513974c4fd44909ac2494489c451c77,

title = "Ball-collision decoding",

abstract = "This paper introduces a new generic decoding algorithm that is asymptotically faster than any previous attack against the McEliece cryptosystem. At a 256-bit security level, the attack costs 2.6 times fewer bit operations than the best previous attack; at a theoretical 1000-bit security level, the attack costs 15.5 times fewer bit operations than the best previous attack. The algorithm is asymptotically even faster than the Finiasz-Sendrier {"}lower bound{"} published at Asiacrypt 2009, demonstrating that the Finiasz-Sendrier parameter recommendations are not as secure as claimed. This paper proposes much safer, but still reasonably efficient, parameters based on an analysis of the fundamental bottleneck in all algorithms of this type.",

author = "D.J. Bernstein and T. Lange and C.P. Peters",

year = "2010",

language = "English",

series = "Cryptology ePrint Archive",

publisher = "IACR",

}

TY - BOOK

T1 - Ball-collision decoding

AU - Bernstein, D.J.

AU - Lange, T.

AU - Peters, C.P.

PY - 2010

Y1 - 2010

N2 - This paper introduces a new generic decoding algorithm that is asymptotically faster than any previous attack against the McEliece cryptosystem. At a 256-bit security level, the attack costs 2.6 times fewer bit operations than the best previous attack; at a theoretical 1000-bit security level, the attack costs 15.5 times fewer bit operations than the best previous attack. The algorithm is asymptotically even faster than the Finiasz-Sendrier "lower bound" published at Asiacrypt 2009, demonstrating that the Finiasz-Sendrier parameter recommendations are not as secure as claimed. This paper proposes much safer, but still reasonably efficient, parameters based on an analysis of the fundamental bottleneck in all algorithms of this type.

AB - This paper introduces a new generic decoding algorithm that is asymptotically faster than any previous attack against the McEliece cryptosystem. At a 256-bit security level, the attack costs 2.6 times fewer bit operations than the best previous attack; at a theoretical 1000-bit security level, the attack costs 15.5 times fewer bit operations than the best previous attack. The algorithm is asymptotically even faster than the Finiasz-Sendrier "lower bound" published at Asiacrypt 2009, demonstrating that the Finiasz-Sendrier parameter recommendations are not as secure as claimed. This paper proposes much safer, but still reasonably efficient, parameters based on an analysis of the fundamental bottleneck in all algorithms of this type.

UR - http://eprint.iacr.org/2010/585.pdf

M3 - Report

T3 - Cryptology ePrint Archive

BT - Ball-collision decoding

PB - IACR

ER -

Ball-collision decoding

Abstract

Publication series

Access to Document

Other files and links

Fingerprint

Cite this