We present a key recovery attack against Y. Wang’s Random Linear Code Encryption (RLCE) scheme recently submitted to the NIST call for post-quantum cryptography. The public key of this code based encryption scheme is a generator matrix of a generalised Reed Solomon code whose columns are mixed in a certain manner with purely random columns. In this paper, we show that it is possible to recover the underlying structure when there are not enough random columns. The attack reposes on a distinguisher on the dimension of the square code. This process allows to recover the secret key for all the short key parameters proposed by the author in O(n5) operations. Our analysis explains also why RLCE long keys stay out of reach of our attack.
CITATION STYLE
Couvreur, A., Lequesne, M., & Tillich, J. P. (2019). Recovering short secret keys of RLCE in polynomial time. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11505 LNCS, pp. 133–152). Springer Verlag. https://doi.org/10.1007/978-3-030-25510-7_8
Mendeley helps you to discover research relevant for your work.