Content uploaded by Newroz Nooralddin Abdulrazaq
Author content
All content in this area was uploaded by Newroz Nooralddin Abdulrazaq on Jun 10, 2016
Content may be subject to copyright.
ZANCO Journal of Pure and Applied Sciences
The official scientific journal of Salahaddin University-Erbil
ZJPAS (2016), 28 (2); 99-109
Cryptosystem Based on Error Correcting Codes
1Newroz N. Abdulrazaq and 2Thuraya M. Qaradaghi
1College of Science, Salahaddin University-Erbil, Erbil, Kurdistan Region, Iraq
2College of Engineering, Salahaddin University-Erbil, Erbil, Kurdistan Region, Iraq
1.INTRODUCTION
There has always been a need to keep
information secret from other parties. Now that
global computer networks are flourishing, the
need for secrecy is more pronounced than ever.
Although the exchange of sensitive information
over the internet are now in circulation, but a
lot of us use it carefully for fear of fraud and
theft. Therefore, protecting data and electronic
systems is important to our way of living.
Cryptography is the science of designing
cryptosystems that are used to keep data
unreadable, unbreakable, and to allow the
secure transmission of data (Wade and
Lawrence, 2006).
All communication channels contain some
degree of noise, namely interference caused by
various sources such as electric impulses,
neighboring channels, and etc.. Noise can also
interfere with data transmission. In order to
over-come the detrimental effects caused by
noise, one possible solution entails adding
redundancy to the data before transmitting it
over the channel, which enables error
correction at the receiver's end. Error-
correcting coding investigates how to
efficiently add redundancy to data streams in
order to ensure reliable communication
(Gadoulean, 2005).
McEliece cryptosystem is one of the most
promising public-key cryptosystems able to
resist attacks based on quantum computers. In
fact, differently from cryptosystems exploiting
integer factorization or discrete logarithms, it
relies on the hardness of decoding a linear
block code without any visible structure. The
name stands to McEliece (1978) who is
suggested to use error correction code in order
to sending knowledge in a secure method to the
destination over unsecured channel.
McEliece in his work used Irreducible Binary
Goppa code which is considered unbreakable
until now with suggested parameters. Binary
Goppa code is classified into two types;
Irreducible and Separable. The both types have
ability to correct a maximum errors comparing
to the other types of coding theory. Lee and
A R T I C L E I N F O
A B S T R A C T
Article History:
Received: 13/7/2015
Accepted: 05 /1/2016
Published:26/5/2016
The McEliece cryptosystem is the asymmetric type of cryptography which is
based on error correction code. The classical McEliece used irreducible binary
Goppa code which considered unbreakable until now especially with parameter
[1024, 524, 101] which is suggested by McEliece, but it is suffering from large
public key matrix which leads to be difficult practically. In this paper a new
design has been introduced and implemented for McEliece Cryptosystem
which is graphical user interface (GUI) using Visual Studio c#, and two types
of binary Goppa code have been used. Also for the first time McEliece
cryptosystem has been
implemented using separable binary Goppa code.
Separable McEliece cryptosystem decrease the size of public key matrix
comparing to irreducible type. The designed system in this work deals with
flexible parameters. And it includes three parts: Secrete and P
ublic keys
generation, Encryption, and Decryption.
Keywords:
McEliece;
Cryptosystem;
Goppa Codes
*Corresponding Author:
Thuraya M. Qaradaghi
Email:
Thuraya.Alqaradaghi@su.edu.krd
100 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
Brickell (1988) produced a systematic method
for checking the correctness of recovered
message which is obtained from best known
attacks on McEliece cryptosystem proposed by
(Carlisle, Adams, and Henk, 1988; Rao and
kill-Hyun, 1987). Leon (1988) provided an
algorithm to find minimum weights of all
extended quadratic residue binary codes with
possibility of small error (10-100). Pierre
Loidreau and Sendrier (2001) showed that they
can attack on the McEliece cryptosystem with
binary generator polynomial whenever a weak
key is chosen. They showed that their method
required 15 minutes in standard workstation
when (m=9, t=28) while they needed 500 years
to attack on full size parameter which is
suggested by McEliece (m=10, t=50).
The classical McEliece used irreducible binary
Goppa code, which considered unbreakable
until now, especially with parameter [1024,
524, 101] which is suggested by McEliece.
Actually, it suffers from large public key
matrix, which leads to be difficult practically
(with all platforms which have small memories
and virtual memories) (McEliece, 1978). After
that many variants of McEliece cryptosystems
were proposed in order to reduce the size of
public key (Baldi et al., 2011; Baldi et al.,
2007; Gabidulin, 2003; Ilanthenal and
Easwarakumar, 2014; Monic, Rosenthal, and
Shokrollahi, 2000). Unfortunately most of the
proposed systems were broken (Faugére et al,
2010; Minder and Shokrollahi, 2007; Sidelnkov and
Shestakov, 1992).
Until now there are limited implementations of
the McEliece cryptosystem. Most of them were
dealing with fixed parameters, except an
implementation proposed by Repka (2014)
which deals with unfixed parameters, using
C++ programming language, and he depends
on number theory library (NTL), and C++
programming language has been used to
factorize, test irreducibility, multiplication,
division, and other polynomial operations.
Due to above reasons, in this work McEliece
cryptosystem with binary Goppa code have
been studied, which is classified into
irreducible and separable binary Goppa code,
the both types have ability to correct a
maximum errors comparing to the other types
of coding theory, and a new design introduced
and implemented that involve the two types of
Goppa code. Also the designed system is the
first implementation of McEliece cryptosystem
using separable binary Goppa code.
2. MCELIECE CRYPTOSYSTEM
McEliece cryptosystem, are one of the
major types of public key cryptosystem. It
depends on hardness of finding nearest
codeword for a linear binary code. For
example, if we use suggested parameters from
McEliece (1978) which is [1024, 524, 2×50 + 1
= 101]. Goppa code, then the eavesdropper in
order to find locations of errors within the
message, must try (Strenzke, 2013):
(1)
The McEliece cryptosystem classified into
three processes, as shown in Figure (1): Key
generation, Encryption process, and Decryption
process.
Figure (1): McEliece Cryptosystem.
Public key cryptosystem based on two types
of keys (public and private), which are linked
together mathematically. A public key is
published and used to cipher a message, while
a private key should keep it secret and used for
decipher the message. The procedure of
preparing keys depending on Goppa code is
shown in Figure (2) (McEliece, 1978).
3.1 BINARY GOPPA CODES
The Binary Goppa code denoted by Γ(g(z), L),
where g(z) is a Goppa generator polynomial of
degree t over the extension field GF(2m), where
m is extension number, and L is the range of
code where (McEliece, 1978):
101 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
Figure (2): Key Generation Diagram.
(2)
And
(3)
With the vector c over GF(2) such that c = (c1,
c2, …, cn), and
(4)
If n=2mis the length of codeword c
constricted by range L, k is the dimension
bounded by k>n-mt, and the minimum distance
d≥2t + 1. Then [n, k, d] represents the
parameters of Goppa code Γ(g(z), L).
For Binary Goppa code, any generated
Polynomial g(z) is called separable when the
polynomial has no roots of multiplicity greater
than one (i.e. has no repeated roots). In this
case the minimum distance of the Goppa code
will be the larger d ≥2t + 1 and can be correct t
errors.
The generator matrix G of the binary Goppa
code used to encode and decode message,
while Parity check sum is important for
detecting and correcting errors.
The generator matrix G is derived from parity
check matrix H, the row space of G is the
vectors of null space of H modulo 2 such that:
(5)
I) Encoding message in Binary Goppa
Code:
The message could be encoded by partitioning
it to blocks of k-bits length, and multiplying
each block by the generator matrix G, i.e.:
(6)
The received message (y), is:
. (7)
II) Correcting Errors in Separable
Goppa Code
Let y=(y1, y2, …,yn) be received codeword
including t errors s.t d ≥2t + 1.The Separable
Goppa code errors correcting Algorithm is:
1. Calculate Parity check matrix Ĥ.
2. Calculate the Syndrome:
(8)
3. Solving Key equation using extended
Euclidean algorithm:
(9)
4. Finding the set of error location:
(10)
5. The error vector is
defined by for and zero’s
elsewhere.
6. Determine codeword .
III) Correcting Errors in Irreducible
Goppa Code
102 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
The Irreducible Goppa code errors
correcting Algorithm is:
1. Calculate the Syndrome:
(11)
2. Find σ(z) as shown below:
• Using extended Euclidean algorithm to
determine h(z) such that:
(12)
If , then the process is finished
and , otherwise continue.
• calculate d(z) such that : (13)
• determine and such that:
(14)
• Compute:
(15)
3. Calculate the set of error location:
(16)
4. The error vector is
defined by for and zero’s
elsewhere.
5. Determine codeword .
IV) Decoding the message:
When the errors are fixed, the message then
could be decoded; the encoded message in
equation (6) can be represented as matrix form:
(17)
For computing the message, Gaussian method
could be applied in order to remove generator
matrix G:
(18)
Where, is the identity matrix with size
, and p is a matrix with size
.
3.1 Encryption Process of McEliece
Cryptosystem
The encryption procedure is shown in
Figure (3) (McEliece, 1978).
Figure (3): Encryption steps.
Figure (4): Decryption steps.
S-
Gaussian Elimination
Method
Decode the
Message
Plain
Message
P-1
Cipher
Message
Message m
Padding m s.t
Participate m s.t
each participated
contains k bits
Cipher
Message
Public
Matrix
*
Error
Vector
103 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
3.1 Decryption Process of McEliece
Cryptosystem
To recover plain message from cipher
message c, the decryption steps shown in
Figure (4) should be followed.
4 THE PROPOSED SIMULATED
SYSTEM
The proposed implementation has been
done by Visual Studio C#. The reasons behind
selecting the C# platform are (Mark, 2001):
• Flexibility to Organize Source Code.
• Compiled into an intermediate language
called MSIL.
• Flexibility with multi Platforms, C# runs
under multiple platforms Windows and Mac
OSX except the Linux.
• Flexibility with parameters and data type.
The designed platform has been done with
three stages, the first one is for generating
secret and public key for the desired
cryptosystem, and the second is for encryption
process, while the last one is for decrypting the
message.
A) Key Generation Interface
This step includes:
Choosing Extension Field: This form starts to
enter an integer number for the specified
extension field (in binary Goppa code q = 2)
with in the textbox (see Figure (5)).The (check)
command used to create a polynomial of
form , and then factored it. The all
irreducible polynomial are shown in the
Combo-box.
Figure (5): Choosing Extension Field Form.
Choosing Random Polynomial: As seen in the
(Figure (6)), the form is classified into three
commands, the first command generates
random polynomial or it is chosen by an user,
and then the process starts to test if the picked
polynomial is separable or irreducible, and
specify the range of Goppa code. While the
second command is to find the secret generator
matrix which is derived from the null-spaces of
parity check sum, and the third command
jumps to the next form in order to complete
keg generation process.
Figure (6): Random Generator Polynomial and
Secret Generator Matrix Form.
The important process here is the null-space of
party check matrix which is used to generate
secret matrix, and specifying the range of
Goppa code.
Nonsingular Matrix: This form includes three
commands as shown in Figure (7), the
Nonsingular Matrix bottom generates random
matrix (A) or it is picked from the user, and
then check if it exit another matrix (B) derived
from gauss elimination form: (19)
This approach is faster than determining the
determinant of a matrix, at the same time
reduces the probability of choosing invertible
matrix.
And finally, finding the Permutation and Public
key matrices.
Figure (7): Nonsingular Matrix Form.
B) Encryption Platform
Entering the Message: There are two ways
for entering the message, the first way is by
importing file from specified folder (as shown
in Figure (8)),while the other is by entering the
104 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
message within the text-box (as shown in
Figure (9). The (Save) command is response to
save the message in string and convert it to
ASCII code characters.
Figure (8): Import File Form.
Figure (9): Enter Message in Text-Box Form.
Encryption Process: The (Encrypt) command
converts each ASCII code character into binary
form. Every character must be padded into
seven bits due to maximum number of ASCII
code which have seven bits, as shown in Figure
(10).
Before fetching bits (which must be equal to
the number of rows of public generator matrix),
the binary string should be divisible to the
number of rows. Otherwise it must be padded
with zeros.
Figure (10): Encryption Process Form.
C) Decryption Process
The decryption includes:
Import Random Generator Polynomial and
Parity Check Sum: The random polynomial
imported first, built the range of Goppa code,
and then check if the generator polynomial is
irreducible or separable polynomial.
Partition Ciphered Message and Inverse of
Permutation Matrix: This stage of decryption
process classified into three commands (as
shown in Figure (11), the first command starts
to partition ciphered message, where each
partition include number of rows of secret
generator matrix in bits. The second command
is to find the inverse of permutation matrix,
and then multiply each partitioned message by
the inverse of permutation matrix. The third
command jump to the next form in order to
complete Decryption process.
Figure (11): Partitioning the Ciphered Message and
Inverse of Permutation Matrix.
Syndrome and Error Locater: The most
important form in decryption process because it
finds the error locater in each partitioned
message. This form include three commands
(as shown in Figure (12)), the first bottom find
the syndrome for each partitioned cipher
message. The second bottom locates the errors
in each partitioned message depending on type
of Goppa code (irreducible or separable), each
type have its own process.
Figure (12): Syndrome and Error Locater Form.
105 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
Removing Secret Generator Matrix: After
removing the errors from the ciphered
message, it is added to the secret generator
matrix, as shown in Figure (13), while the
second command remove the secret generator
matrix from ciphered message by calculating
Gaussian elimination method for the created
matrix.
Figure (13): Removing Secret Generator Matrix
Form.
Inverse of Nonsingular Matrix: Determining
the original message in binary form by
multiplying the message, which is founded in
previous form, with the inverse of Nonsingular
matrix.
Decryption Process: Converts the message
from binary form into readable (original)
message, by converting every (7 bits) into
decimal form, and then convert every decimal
into character using the inverse of ASCII code.
The plain text (original message) is showed in
the text-box of the form in Figure (14).
Figure (14): Decryption Process Form.
5 RESULTS AND DISCUSSION
As mentioned before Visual Studio C# has
been used to simulate the complete process,
and the forms presented in the previous section
(Figures (5-14)). In order to show some of the
results, a part of the process is presented as
below:
Key Generation for McEliece Cryptosystem
using Separable Goppa Code:
Extension field which is isomorphic
to is used.Where k(x) is an
irreducible and primitive polynomial, which is
picked from factorization of
(
Now take
Therefore,
Now Consider the Goppa code , and defined as below:
And
Here: m = 5; q = 2; n = 27 and t = 3
Finding
106 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
s.t.
By the same way, hi could be found for all αi,
and then parity check matrix is found.
The parity check Matrix H3×27 is:
The Parity check matrix could be written in the
form of binary H15×27:
The secret generator matrix can be founded by
taking null space of parity check matrix (H)
modulo2:
As it is clear, the number of rows = 12 and
number of columns=27, which is satisfies the
parameters of Goppa code, and must satisfying
the condition G ×HT = 0.
Now let us pick a 12 × 12 Nonsingular matrix
as below:
107 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
Calculating :
Now let take permutation matrix as
follows:
Finding public generator matrix using equation
G* = S ×G×P:
Finally G, S, and P are set as secret keys for
McEliece cryptosystem, while G*and degree of
generator polynomial (t) is set as public key
matrix.
For example, to encrypt the word
(Cryptography) using parameters of separable
Goppa code:
• First each character from word
(Cryptography) should be to decimal
using ASCII code:
Then, convert each decimal to binary with
length 7 bit:
• And then, collect it together:
10000111110010111100111100001110100110
11111100111111001011000011110000110100
01111001
• Therefore the binary message will be
partitioned into:
108 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
• Multiply each message by public
generator matrix:
• For each message select an arbitrary
vector errors which contains 3 errors (i.e.
each vector has only 3 one’s in different
position).
• Finally we get the ciphered message by
taking c = m ×G* + e:
The encrypted message will be sent to the
destination in order to decrypt it. The process
explained is just a short example, and the
above results are a part of the details. There is
no difference between the theoretical and
simulated results. The simulated program gives
exact results in a very short time, and the
program could be used for a larger dimensions.
6 CONCLUSIONS
In This paper a new implementation with
graphical user interface for McEliece
cryptosystem using visual studio C# has been
presented. The designed system harness both
types (Irreducible and Separable) Goppa code
for McEliece public key cryptosystem. The
both types have ability to correct a maximum
errors comparing to the other types of coding
theory. Implementing McEliece cryptosystem
using binary separable Goppa code is
considered the first such an implementation.
Separable McEliece cryptosystem decrease the
size of public key matrix comparing to
irreducible type.
The designed system allows to use any
parameters of Goppa code with capability to
change error vector for each block messages.
Also the system randomly generate a Goppa
code and then test it, if the code match the
conditions, then it starts the processing to
encrypt the message, whereas the system
inform the user why the conditions dose not
yields, then starts to generate a new
parameters. Likewise, the system records every
details and operations required by McEliece
cryptosystem (for key generation, encryption,
and decryption process) in text files which
helps the researchers to do a well studying for
the designed system and it is useful for
teaching propose. Another advantage of the
implementation is to use Gaussian elimination
method instead of determinant method in order
to generate nonsingular matrix.
Due to there is no such a study for the
security of separable McEliece cryptosystem, it
is recommended to study the complexity of
109 Abdulrazaq N. and Qaradaghi T./ ZJPAS: 2016, 28(2): 99-109
McEliece cryptosystem using separable Goppa
code against all possible attacks.
References:
1- M. Baldi, M. Bianchi, F. Chiaraluce, J.
Rosenthal, D. Schipani. A Variant of the McEliece
Cryptosystem with Increased Public Key Security.
Workshop on Coding and Cryptography WCC
2011, pages 173-182, Paris, France, Apr. 2011.
2- M. Baldi, F. Chiaraluce, R. Garello, and F.
Mininni. Quasi-Cyclic Low-Density Parity-Check
Codes in the McEliece Cryptosystem. In ICC,
pages 951-956. IEEE, 2007.
3- Carlisle M. Adams and Henk Meijer.
Security-Related Comments Regarding McEliece
Public-Key Cryptosystem, advances in cryptology-
Crypto ’87 (LNCS 293), pages 224-228, 1988.
4- J. -C. Faugére, A. Otmani, L. Perret, and J.
-P. Tillich. Algebraic Cryptanalysis of McEliece
Variants with Compact Keys. In H. Gilbert, editor,
EUROCRYPT, volume 6110 of Lecture Notes in
Computer Science, pages 279-298. Springer, 2010.
5- E. M. Gabidulin, A. V. Ourivski, B.
Honary, and B. Ammar. Reducible rank codes and
their applications to cryptography. IEEE
Transactions on Information Theory, 49(12):3289-
3293, 2003.
6- Gadoulean Maximilien. Cryptosystem
Using Error-Correction Codes Based on the Rank
Metric. Lehigh University, Master Thesis 2005.
7- K. Ilanthenral and K. S. Easwarakumar.
Hexi, McEliece Public Key Cryptosystem, Applied
Mathematics and Information Science, Vol. 8, Issue
5, page 2595, 2014.
8- P. J. Lee and E. F. Brickell. An
Observation on the Security of McEliece Public-
Key Cryptosystem. Euro crypt, Vol. 330 of Lecture
Notes in Computer Science, pages 275-280.
Springer, 1988.
9- J. S. Leon. A probabilistic algorithm for
computing minimum weights of large error
correcting codes. IEEE Transactions on
Information Theory, 34(5):1354-1359, 1988.
10- P. Loidreau and N. Sendrier. Weak keys in
the McEliece public-key cryptosystem. IEEE
Transactions on Information Theory, 47(3):1207-
1211, 2001.
11- Mark Eaddy, Dr. Dobb’s Journal February
2001, http://www1. cs.columbia.edu/
eaddy/publications/csharpvsjava-eaddy-ddj-
feb01.pdf, (Accessed 3-6-2015).
12- R. McEliece. A Public-Key Cryptosystem
Based on Algebraic Coding Theory. Technical
report, NASA, 1978.
13- L. Minder and A. Shokrollahi.
Cryptanalysis of the Sidelnikov Cryptosystem. In
M. Naor, editor, EUROCRYPT, volume 4515 of
Lecture Notes in Computer Science, pages 347-
360. Springer, 2007.
14- C. Monico, J. Rosenthal, and A.
Shokrollahi. Using low density parity check codes
in the McEliece cryptosystem. In IEEE
International Symposium on Information Theory,
ISIT 2000, page 215. IEEE, 2000.
15- T. R. N. Rao and Kill-Hyun Nam. Private-
Key Algebraic-Coded Cryptosystem. In Andrew M.
Odlyzko, editors, CRYPTO, Vol. 263 of Lecture
Notes in Computer Science, pages 35-48. Springer,
1987.
16- Repka Marek, McEliece PKC Calculator,
Journal of Electrical Engineering, volume 65, Issue
6, 342-984, Nov, 2014.
17- V. M. Sidelnikov and S. O. Shestakov. On
insecurity of cryptosystems based on generalized
Reed-Solomon codes. Discrete Mathematics and
Applications, 2(4):439-444, 1992.
18- F. Strenzke, Efficiency and Implementation
Security of Code-Based Cryptosystems, PhD
dissertation, Universität Darmstadt, Germany,
2013.
19- Wade Trappe, Lawrence Washington,
Introduction to Cryptography with Coding Theory,
2nd ed., USA Pearson, 2006.
