Professor, Marche Polytechnic University, Italy
Code-based post-quantum cryptography
Abstract: Protecting information is an essential priority and symmetric and asymmetric cryptography are used for such a purpose. Symmetric cryptosystems ensure higher security levels but suffer the problem of key sharing. For this reason, asymmetric cryptosystems are preferred in many applications or, at least, as a means for key exchanging in symmetric systems. The security of asymmetric cryptography, however, is nowadays threatened by the advent of quantum computers. These shall have a great impact on the security of classic asymmetric cryptosystems, like RSA, Diffie-Helman and elliptic curves, that are based on either an integer factoring problem or a discrete logarithm problem. According to Shor’s algorithm, quantum computers promise to break these systems in polynomial time, so making them highly insecure. Despite large scale quantum computers are not yet ready for the market, the need to design, cryptanalyze and practically evaluate post-quantum cryptographic primitives is quite pressing, given the amount of intense scrutiny they demand. Such a pressing need is witnessed by the Post-Quantum Cryptography Standardization process, started by the National Institute of Standards and Technology (NIST) on December 2016 and that has recently entered the second round of selection for the candidate algorithms.
Code-based cryptography is one of the favorite options for overcoming the advent of quantum computers. All originates from the system proposed by Robert McEliece in 1978, known as “McEliece cryptosystem”: its cryptographic primitives are based on the decoding problem and, relying on the hardness of decoding a linear block code without any visible structure, put the adversary in the condition of decoding a random-like code. As a matter of fact, the original McEliece cryptosystem adopting Goppa codes, is still unbroken and, exploiting a different paradigm with respect to the most conventional approach, it is proved to be immune to attacks based on quantum computers.
The main drawback of the McEliece cryptosystem is the large key size and many efforts have been made to reduce it while preserving the security level ensured by the original system. Among the various alternatives proposed in the literature, special attention has been devoted to the possibility of replacing Goppa codes with Low-Density Parity-Check (LDPC) codes, in particular of Quasi-Cyclic (QC) type.
The talk will remind the basic elements of asymmetric cryptography and error correcting codes, and will present the way to merge them. It will also take stock of the advancements of the NIST call. Then, it will focus on the code-based solution, by discussing the advantages in terms of key size reduction, that can derive from the adoption of QC-LDPC codes, taking into account the attacks that can be moved to the modified version. Example of design for the system parameters will be presented, also in view of practical implementation.
Short Biography: Franco Chiaraluce received his Laurea degree (Hons.) in Electronics Engineering from the University of Ancona, Italy, in 1985. Since 1987 he is with the Polytechnic University of Marche and at present he is an Associate Professor at the Department of Information Engineering, where he is in charge of several courses in the area of Telecommunications. His research interests are currently focused on error correcting codes, physical layer security and cryptography. He has co-authored over 300 scientific papers, 2 books and 3 patents. Since many years, he cooperates with the European Space Agency (ESA) on research activities concerning the analysis, design, and performance evaluation of error correcting codes for space applications. He also contributes, on behalf of ESA, to the standardization issues promoted by the CCSDS (Consultative Committee of Space Data Systems). He is a Senior Member of IEEE and Member of IEICE.