The paper presents a novel cryptanalysis of the LG cryptosystem, a public-key encryption scheme based on λ-Gabidulin codes. The key findings are:
The security of several parameter sets of the LG cryptosystem has been overestimated. The authors present a structural attack that, although exponential in complexity, can break most of the proposed parameters.
The authors show the existence of "weak keys" that allow an attacker to recover an alternative private key in polynomial time. This is possible when the extension field Fqm has non-trivial subfields Fqℓ, where ℓ divides m.
The attack exploits the structure of Gabidulin codes and the specific way the LG cryptosystem hides this structure. The authors demonstrate that the LG cryptosystem is a particular instance of the Loidreau cryptosystem, which masks Gabidulin codes by multiplying the generator matrix with the inverse of a low-rank homogeneous matrix.
The authors provide a detailed analysis of the time complexity of their attacks and show that several parameter sets of the LG cryptosystem are vulnerable. This work highlights the need to carefully consider the structure of the underlying codes when designing rank-metric cryptosystems to avoid potential security weaknesses.
To Another Language
from source content
arxiv.org
Deeper Inquiries