Authors:
Marco Baldi
1
;
Alessandro Barenghi
2
;
Franco Chiaraluce
1
;
Gerardo Pelosi
2
and
Paolo Santini
1
Affiliations:
1
DII, Università Politecnica delle Marche, Via Brecce Bianche 12, Ancona, Italy
;
2
DEIB, Politecnico di Milano, Piazza Leonardo da Vinci 32, Milano, Italy
Keyword(s):
Bit-flipping Decoding, Code-based Cryptosystems, Decoding Failure Rate, LDPC Codes, MDPC Codes, Quasi-cyclic Codes, Post-quantum Cryptosystems.
Abstract:
The design of quantum-resistant cryptographic primitives has gained attraction lately, especially thanks to the U.S.A. National Institute of Standards and Technology (NIST) initiative, which is selecting a portfolio of primitives for standardization. A prime position in the set of asymmetric encryption primitives is occupied by the ones relying on decoding random linear error correction codes as their trapdoor. Among these primitives, the LEDAcrypt and BIKE cryptosystems have been admitted to the second round of the standardization initiative. They are based on the adoption of iteratively decoded Low- and Moderate-Density Parity Check (LDPC/MDPC) codes. Characterizing the decoding failure rate of such codes under iterative decoding is paramount to the security of both the LEDAcrypt and BIKE second round candidates to achieve indistinguishability under adaptive chosen ciphertext attacks (IND-CCA2). For these codes, we propose a new iterative decoder, obtained through a simple modifica
tion of the classic in-place bit-flipping decoder and, in this paper, we provide a statistical worst-case analysis of its performance. This result allows us to design parameters for LDPC/MDPC code-based cryptosystems with guaranteed extremely low failure rates (e.g., 2−128), fitting the hard requirement imposed by IND-CCA2 constructions.
(More)