Vidéo pédagogique
Notice
Sous-titrage
Anglais
Langue :
Anglais
Crédits
Irene Marquez-Corbella (Intervention), Nicolas Sendrier (Intervention), Matthieu Finiasz (Intervention)
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
DOI : 10.60527/aabz-hr54
Citer cette ressource :
Irene Marquez-Corbella, Nicolas Sendrier, Matthieu Finiasz. Inria. (2015, 5 mai). 2.3. McEliece Assumptions , in 2: McEliece Cryptosystem. [Vidéo]. Canal-U. https://doi.org/10.60527/aabz-hr54. (Consultée le 2 juin 2024)
logo Inria
Inria - Institut national de recherche en sciences et technologies du numérique
S'abonner
Contacter

2.3. McEliece Assumptions

Réalisation : 5 mai 2015 - Mise en ligne : 20 février 2017
  • document 1 document 2 document 3
  • niveau 1 niveau 2 niveau 3
Descriptif

In this session, we willtalk about McEliece assumptions. The security of theMcEliece scheme is based on two assumptions as we havealready seen: the hardness of decoding a random linearcode and the problem of distinguishing a code with aprescribed structure from a random one. In this sequence, we will studyin detail these two assumptions. The first assumption claims thatdecoding a random linear code is difficult.  First, notice that thegeneral decoding problem is basically a re-writing ofthe Syndrome Decoding problem. And both are equivalentto the problem of finding codewords of minimal weight.The Syndrome Decoding in the binary case is state as follows. Given a binary matrix, asyndrome S and a non-negative integer W, the weight. The decisionproblem faces the following question. There exists an errorpattern of weight at most w with syndrome S? while the computationalproblem is to find such a vector. The decoding problem wasproved to be NP-complete in 1978 by Berlekamp, McEliece andvan Tilborg in this article. For the q-ary case,see the article of Barg. Take notice that this prooftook place at the same time that the McEliececryptosystem was introduced. Thus, the worst case ofthe computational problem is known to be difficult in general. Of course, depending on theinput, some instances can be solved in polynomial time as wehave already seen in the first week. Actually, the instance ofSyndrome Decoding involved in breaking code-based systemsare in particularly a subclass of Syndrome Decoding where the weight w isbounded by half the minimum distance. This problem is not NP,however it is conjectured to be NP-Hard. But even more in theMcEliece cryptosystem, the chosen code is not completely random. Even if the matrix is notdistinguishable from a random binary matrix of the samesize, the decoding problem uses parameters of those of a Goppa code. This means that the code haslength 2^m and the dimension is n mt, where t isthe correction capacity.

Intervention
Thème
Disciplines :
Documentation
Support de présentation au format PDF

Dans la même collection

Voir tout

Avec les mêmes intervenants et intervenantes

Sur le même thème