# Canal-U

Mon compte

## 2.5. Critical Attacks - Semantic Secure Conversions

Copier le code pour partager la vidéo :
<div style="position:relative;padding-bottom:56.25%;padding-top:10px;height:0;overflow:hidden;"><iframe src="https://www.canal-u.tv/video/inria/embed.1/2_5_critical_attacks_semantic_secure_conversions.32843?width=100%&amp;height=100%" style="position:absolute;top:0;left:0;width:100%;height: 100%;" width="550" height="306" frameborder="0" allowfullscreen scrolling="no"></iframe></div> Si vous souhaitez partager une séquence, indiquez le début de celle-ci , et copiez le code : h m s
Contacter la chaine
J’aime
Imprimer
partager

### 2.5. Critical Attacks - Semantic Secure Conversions

In this session, we will study critical attacks against the public-key cryptosystem. The partial knowledge on the plaintext reduces drastically the computational cost of the attack to the McEliece cryptosystem. For example, suppose that the adversary knows r bits of the plaintext. Then the difficulty of recovering the remaining k - r
bits in the complete McEliece with parameters [n, k] is equivalent to that of recovering the full plaintext in
the McEliece with parameters [n, k - r]. This is given by this formula. You just need to observe this equation where G_I denotes the restriction of the matrix G to the rows indexed by I. We study another attack, which is called the reaction attack.  In this attack, the adversary just needs to observe the reaction of the receiver. So, this attack can be classified as a CCA but with a weaker assumption. This attack rests upon the following premise: a decoder will not attempt to correct a vector with t + 1 or more errors. The idea of the attack is the following: first of all, an adversary flips one bit of the ciphertext. Then, the adversary transmits the flipped ciphertext to the receiver and observes his reaction.  The receiver could have two possible reactions.
First reaction: if the flipped bit is an error-free position, then the ciphertext will have t + 1 errors, so it is uncorrectable. The second reaction: if i is an error position, then the flipped ciphertext will have t - 1 error, and the receiver will be able to decrypt it. We repeat this process for every position until we have retrieved the error pattern. Another possible attack is the resend-message attack.  Note that the encryption of the same message twice  produces two different ciphertext. A message-resend condition can be easily detected by observing the weight of the sum of the two ciphertexts.
Note that the sum of the two ciphertexts is the sum of  the two error vectors, what we have here. But, if the underlying plaintexts are different, then the expected weight of the sum is about the dimension of the code.  Let

•
Label UNT : UNIT
•
Date de réalisation : 5 Mai 2015
Durée du programme : 6 min
Classification Dewey : Analyse numérique, Théorie de l'information, données dans les systèmes informatiques, cryptographie, Mathématiques
•
Catégorie : Vidéocours
Niveau : niveau Master (LMD), niveau Doctorat (LMD), Recherche
Disciplines : Mathématiques, Informatique, Informatique, Mathématiques et informatique
Collections : 2: McEliece Cryptosystem
ficheLom : Voir la fiche LOM
•
Auteur(s) : MARQUEZ-CORBELLA Irene, SENDRIER Nicolas, FINIASZ Matthieu
•
Langue : Anglais
Mots-clés : algèbre linéaire, chiffrement à clé publique, cryptage des données, cryptographie, McEliece, LDPC, MDPC
Conditions d’utilisation / Copyright : Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.

## commentaires

Ajouter un commentaire Lire les commentaires
*Les champs suivis d’un astérisque sont obligatoires.
Aucun commentaire sur cette vidéo pour le moment (les commentaires font l’objet d’une modération)