Vidéo pédagogique
Notice
Sous-titrage
Anglais
Langue :
Anglais
Crédits
Irene Marquez-Corbella (Intervention), Nicolas Sendrier (Intervention), Matthieu Finiasz (Intervention)
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
DOI : 10.60527/6at0-r315
Citer cette ressource :
Irene Marquez-Corbella, Nicolas Sendrier, Matthieu Finiasz. Inria. (2015, 5 mai). 1.9. McEliece Cryptosystem , in 1: Error-Correcting Codes and Cryptography. [Vidéo]. Canal-U. https://doi.org/10.60527/6at0-r315. (Consultée le 4 août 2024)

# 1.9. McEliece Cryptosystem

Réalisation : 5 mai 2015 - Mise en ligne : 20 février 2017
• document 1 document 2 document 3
• niveau 1 niveau 2 niveau 3
Descriptif

This is the last session ofthe first week of this MOOC. We have already all the ingredientsto talk about code-based cryptography. Recall that in 1976 Diffieand Hellman published their famous paper "New Directionsin Cryptography", where they introduced public keycryptography providing a solution to the problem of key exchange. Mathematically speaking,public key cryptography considers the notion ofone-way trapdoor function that is easy in one direction,hard in the reverse direction unless you have a specialinformation called the trapdoor. The security of the mostpopular public key cryptosystems is based either on thehardness of factoring or the presumed intractability ofthe discrete log problem. Code-based cryptography is based onthe following one-way trapdoor function. It is easy and fast toencode a message using linear transformations since it can beviewed as a matrix multiplication. It is hard to decoderandom linear code.  Recall that the generaldecoding problem was proven to be NP-complete in the late 1970s. And the trapdoorinformation is that there exists some families of codes that haveefficient decoding algorithms. We have seen thegeneralized Reed-Solomon codes and the Goppa codes.McEliece presented, in 1978, the first public key cryptosystembased on error-correcting codes. The security of this schemeis based on two intractable problems: the hardness ofdecoding, or equivalently the problem of finding codewordsof minimal support, and the problem of distinguishinga code with a prescribed structure from a random one.

Intervention
Thème
Documentation

## Dans la même collection

• Vidéo pédagogique
00:08:13

### 1.6. Decoding (A Difficult Problem)

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

The process of correcting errors and obtaining back the message is called decoding. In this sequence, we will focus on this process, the decoding. We would like that the decoder of the received

• Vidéo pédagogique
00:04:46

### 1.4. Parity Checking

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

There are two standard ways to describe a subspace, explicitly by giving a basis, or implicitly, by the solution space of the set of homogeneous linear equations. Therefore, there are two ways of

• Vidéo pédagogique
00:06:37

### 1.7. Reed-Solomon Codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

Reed-Solomon codes were introduced by Reed and Solomon in the 1960s. These codes are still used in storage device, from compact-disc player to deep-space application. And they are widely used

• Vidéo pédagogique
00:05:50

### 1.2. Introduction II - Coding Theory

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will give a brief introduction to Coding Theory. Claude Shannon's paper from 1948 entitled "A Mathematical Theory of Communication" gave birth to the disciplines of Information

• Vidéo pédagogique
00:08:25

### 1.5. Error Correcting Capacity

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

This sequence will be about the error-correcting capacity of a linear code. We describe the way of considering the space Fq^n as a metric space. This metric is necessary to justify the principle of

• Vidéo pédagogique
00:05:39

### 1.8. Goppa Codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will talk about another family of codes that have an efficient decoding algorithm: the Goppa codes. One limitation of the generalized Reed-Solomon codes is the fact that the

• Vidéo pédagogique
00:04:14

### 1.3. Encoding (Linear Transformation)

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will talk about the easy map of the  - one-way trapdoor functions based on error-correcting codes. We suppose that the set of all messages that we wish to transmit is the set

• Vidéo pédagogique
00:07:18

### 1.1. Introduction I - Cryptography

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

Welcome to this MOOC which is entitled: code-based cryptography. This MOOC is divided in five weeks. The first week, we will talk about error-correcting codes and cryptography, this is an introduction

## Avec les mêmes intervenants et intervenantes

• Vidéo pédagogique
00:06:45

### 4.8. Attack against Algebraic Geometry codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n

• Vidéo pédagogique
00:08:21

### 5.7. The Fast Syndrome-Based (FSB) Hash Function

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a

• Vidéo pédagogique
00:04:21

### 5.2. The Courtois-Finiasz-Sendrier (CFS) Construction

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document

• Vidéo pédagogique
00:05:27

### 4.6. Attack against GRS codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by

• Vidéo pédagogique
00:07:11

### 5.5. Stern’s Zero-Knowledge Identification Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove

• Vidéo pédagogique
00:04:03

### 4.9. Goppa codes still resist

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that

• Vidéo pédagogique
00:03:56

### 4.4. Attack against subcodes of GRS codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will talk about using subcodes of a Generalized Reed–Solomon code for the McEliece Cryptosystem. Recall that to avoid the attack of Sidelnikov and Shestakov, Berger and

• Vidéo pédagogique
00:04:51

### 5.3. Attacks against the CFS Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is

• Vidéo pédagogique
00:05:47

### 4.7. Attack against Reed-Muller codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm

• Vidéo pédagogique
00:05:20

### 5.6. An Efficient Provably Secure One-Way Function

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and

• Vidéo pédagogique
00:04:32

### 5.1. Code-Based Digital Signatures

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key

• Vidéo pédagogique
00:05:31

### 4.5. Error-Correcting Pairs

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,

## Sur le même thème

• Conférence
01:00:50

### Des systèmes de numération pour le calcul modulaire

Bajard
Jean-Claude

Le calcul modulaire est utilisé dans de nombreuses applications des mathématiques, telles que la cryptographie. La réduction modulaire dans un contexte très général est coûteuse, car elle n

• Conférence
00:22:25

### Inauguration de l'exposition - Vanessa Vitse : Nombres de Sophie Germain et codes secrets

Vitse
Vanessa

Exposé de Vanessa Vitse (Institut Fourier) : Nombres de Sophie Germain et codes secrets

• Conférence
01:06:10

### "Le mathématicien Petre (Pierre) Sergescu, historien des sciences, personnalité du XXe siècle"

Herléa
Alexandre

Alexandre HERLEA est membre de la section « Sciences, histoire des sciences et des techniques et archéologie industrielle » du CTHS. Professeur émérite des universités, membre effectif de l'Académie

• Conférence
00:21:11

### Retour d'expérience sur l'utilisation croisée de plusieurs archives de fouilles

Tufféry
Christophe

Dans le cadre d'une thèse de doctorat engagée depuis 2019, une étude historiographique et épistémologique des effets des dispositifs numériques sur l'archéologie et sur les archéologues au cours des

• Conférence
01:19:36

### Information Structures for Privacy and Fairness

Palamidessi
Catuscia

Information Structures for Privacy and Fairness

• Conférence
01:01:22

### AI and Human Decision-Making: An Interdisciplinary Perspective

Castelluccia
Claude

This seminar will talk about some of the privacy risks of these systems and will describe some recent attacks. It will also discuss why they sometimes fail to deliver. Finally, we will also show that

• Cours/Séminaire
00:49:00

### Webinaire sur la rédaction des PGD

Louvet
Violaine

Rédaction des Plans de Gestion de Données (PGD) sous l’angle des besoins de la communauté mathématique.

• Conférence
00:33:54

### Alexandre Booms : « Usage de matériel pédagogique adapté en géométrie : une transposition à interro…

« Usage de matériel pédagogique adapté en géométrie : une transposition à interroger ». Alexandre Booms, doctorant (Université de Reims Champagne-Ardenne - Cérep UR 4692)

• Conférence
00:09:00

### Présentation de la rencontre. A l’heure du numérique « Quelles mesures pour la mesure ? ». Le relev…

Alain
Tardy
Dominique
Malmary
Jean-Jacques
Zugmeyer
Stéphanie

Rencontre-Atelier de l'ANR Ornementation Architecturale des Gaules. À l’heure du numérique, « Quelles mesures pour la mesure ? ». Le relevé des blocs d’architecture décorés et l’apport des outils

• Conférence
00:47:41

### Photogrammétrie : Performances et limitations

Egels
Yves

Rencontre-Atelier de l'ANR Ornementation Architecturale des Gaules. À l’heure du numérique, « Quelles mesures pour la mesure ? ». Le relevé des blocs d’architecture décorés et l’apport des outils

• Conférence
00:35:34