## No full-text available

To read the full-text of this research,

you can request a copy directly from the author.

Code-based cryptography is one of the few mathematical techniques that enables the construction of public-key cryptosystems that are secure against an adversary equipped with a quantum computer. The McEliece public-key encryption scheme and its variants are candidates for a postquantum public-key encryption standard.

To read the full-text of this research,

you can request a copy directly from the author.

... The idea of the McEliece system [1,7,8] is to select the error-correcting code, for which effective (polynomial-time) decoding algorithm is known, and to hide the structure of this code in linear code of random structure. This idea is realized as follows. ...

... obtained by the coordinates permutation). It is supposed that the code equivalent to Goppa code can not be distinguished from the random code, though it is known that this is not true in some cases [7]. Additional requirement to private code is that code construction should allow exponentially large key space for given parameters of the code. ...

... LDPC-code is defined by its parity-check matrix H, containing low number of nonzero elements. The term "low number" is not formally defined, moreover, in the number of works on modified McEliece systems based on such codes the term "middle density" (MDPC) is used [7,17,18], but in both cases we may admit that we consider the codes with relatively sparse parity-check matrix, for which the decoders utilizing its sparseness show rather high correcting capability (low error probability). In general, LDPC codes are usually defined and analyzed as probabilistic ensembles of random codes with specific parameters, which is additional advantage for their usage as secret keys in code-based systems. ...

Introduction: Today the investigations of post-quantum cryptosystems secure against quantum computations is the area of great interest. An important direction here is code-based cryptography utilizing the mathematical problems from error-correcting coding theory. The improvement of existing code-based systems may be achieved both in practical part (reducing the key sizes) and theoretically by using more complicated mathematical code-based tasks. Purpose: The development of public-key code-based cryptosystem using low-density parity-check codes with burst correction; the estimation of the parameters of the obtained system. Results: The variant of code-based cryptosystem using random block permutation low-density parity-check codes is proposed. The cryptocomplexity of the system is supposed to be based on the complete decoding problem, which is believed to be a harder mathematical problem than those used in existing systems. With high probability, the analysis of the system by using decoding methods is not possible at all, which both increases the long-term cryptocomplexity of the system and allows to reduce the key size. The evaluation of the underlying code selection is performed, the approaches to the selection of the parameters of the proposed system on the basis of the required level of cryptocomplexity are considered. Practical relevance: The proposed system allows to reduce the public-key size as compared to the classical McEliece system, cryptocomplexity also comparable, with the underlying mathematical problem to be more stable against perspective attacks.

... Code-based cryptography [25,26] has its security relying on the hardness of problems from coding theory, for example, syndrome decoding (SD) and learning parity with noise (LPN). These cryptosystems are based on error-correcting codes to construct a one-way function. ...

... The McEliece was initially built in 1978 using the binary goppa code with [n,k] = [1024, 524] [76]. Subsequently, several variants of McEliece were built using different linear codes [26]. However, those variants were proven to be susceptible to attacks [19,77], and only the McEliece built using the Binary Goppa Code is found to be quantum attack resistant to date. ...

... In 2017, Sendrier [26] published a survey paper that focuses on the McEliece public-key encryption scheme and its variants which are the candidates of post-quantum public-key encryption standard. This paper also focuses on other cryptographic primitives using codes such as zero-knowledge authentication and digital signature. ...

Cryptography has been used from time immemorial for preserving the confidentiality
of data/information in storage or transit. Thus, cryptography research has also been evolving from the classical Caesar cipher to the modern cryptosystems, based on modular arithmetic to the contemporary cryptosystems based on quantum computing. The emergence of quantum computing poses a major threat to the modern cryptosystems based on modular arithmetic, whereby even the computationally hard problems which constitute the strength of the modular arithmetic ciphers
could be solved in polynomial time. This threat triggered post-quantum cryptography research to design and develop post-quantum algorithms that can withstand quantum computing attacks. This paper provides an overview of the various research directions that have been explored in post-quantum cryptography and, specifically, the various code-based cryptography research dimensions that have been explored. Some potential research directions that are yet to be explored in code-based cryptography research from the perspective of codes is a key contribution of this paper

... Quantum-resistant blockchain aims to counteract quantum attacks, such as those based on Grover's and Shor's algorithms, through the utilization of mathematical algorithms and protocols that are currently effective against quantum computers. Lattice cryptosystems [27], [28], [29], multivariate cryptosystems [30], [31], code-based cryptosystems [32], [33], and some others cryptographic schemes are recognized as quantum-resistant postquantum cryptosystems. ...

Over recent decades, rapid technological advancements have significantly transformed living standards and socio-economic conditions. As emerging technologies like the metaverse emerge, substantial computational demands, unbreakable security, and ultra-fast internet connectivity become increasingly necessary. Traditional computing paradigms face limitations in meeting these demands, leading to the exploration of quantum computing as a potential solution.
Within the metaverse, ensuring robust security is of paramount importance, especially for specialized applications in sensitive sectors such as military and defense systems, government institutions, international organizations, and others. The anticipated power of quantum computers to break existing encryption schemes by 2030 poses a looming threat, particularly the ”store-now-decrypt-later (SNDL) attack” strategy.
This thesis dissertation addresses these challenges by proposing multiple quantum-enabled solutions for the metaverse. First, we propose a quantum-enhanced secure multiparty space-sharing and authentication mechanism. This mechanism partitions the metaverse into subspaces, each governed by multiple authorities responsible for
user verification and blockchain-based user information storage. Quantum multiparty secure computation is employed for validating user information. Following user verification, a real-time avatar generation scheme using MediaPipe is implemented. To further enhance security, we present a quantum federated learning-based attack detection system for the metaverse, leveraging the B92 quantum key distribution protocol to encrypt communications between federated servers and clients. Finally, we introduce a user-centric software module, termed
”web inside of the web,” which consolidates various applications and features, including a virtual pocket wallet for metaverse users.

... Classical cryptographic methods such as RSA and ECC, which rely on number-theoretic problems, are vulnerable to quantum attacks. Conversely, CBC utilizes the computationally intensive NP-hard problem of decoding arbitrary linear codes [78][79][80]. The foundational algorithm in this domain, the McEliece cryptosystem, introduced in 1978 [81], employs Goppa codes known for robust error correction. ...

Unmanned Aerial Vehicles (UAVs), commonly known as drones, are increasingly being employed across a broad spectrum of applications, ranging from military operations to commercial purposes. However, as UAVs become more integrated into everyday life, security and privacy concerns are similarly escalating due to vulnerabilities arising from operating on open wireless channels and having limited onboard computational resources. Moreover, with the emergence of quantum computers, conventional cryptographic methods that ensure the security and privacy of UAV communications are at severe risk. These risks encompass the possibility of unauthorized access, breaches of data, and cyber-physical attacks that jeopardize the integrity, confidentiality, and availability of UAV operations. Quantum computers are expected to break the conventional cryptography methods, such as symmetric and asymmetric schemes, with the support of Grover's and Shor's algorithms, respectively. Consequently, traditional cryptographic algorithms must give way to quantum-resistant algorithms, referred to as Post-Quantum Cryptography (PQC) algorithms. Although researchers actively develop, test, and standardize new PQC algorithms, the threat persists despite the progress made through these consistent efforts. This review article first examines the security and privacy landscape, including threats and requirements of UAVs. This article also discusses PQC and various PQC families and the status of the NIST's implementation and standardization process. Lastly, we explore challenges and future directions in implementing PQC for UAVs. INDEX TERMS Post-quantum cryptography, privacy, quantum attacks, security, UAVs

... Some of the main approaches in this area rely on difficult decoding of the randomly generated linear code. The inability of quantum algorithms to decode random linear code makes this a suitable candidate for post-quantum cryptography [31]. ...

The Internet of Medical Things (IoMT) has significantly enhanced the healthcare system by enabling advanced patient monitoring, data analytics, and remote interactions. Given that IoMT devices generate vast amounts of sensitive data, robust privacy mechanisms are essential. This privacy requirement is critical for IoMT as, generally, these devices are very resource-constrained with limited storage, computation, and communication capabilities. Blockchain technology, with its decentralisation, transparency, and immutability, offers a promising solution for improving IoMT data security and privacy. However, the recent emergence of quantum computing necessitates developing measures to maintain the security and integrity of these data against emerging quantum threats. This work addresses the current gap of a comprehensive review and analysis of the research efforts to secure IoMT data using blockchain in the quantum era. We discuss the importance of blockchain for IoMT privacy and analyse the impact of quantum computing on blockchain to justify the need for these works. We also provide a comprehensive review of the existing literature on quantum-resistant techniques for effective blockchain solutions in IoMT applications. From our detailed review, we present challenges and future opportunities for blockchain technology in this domain.

... Legitimate users who are aware of a hidden trapdoor can correct the faults and recover the cleartext. Adversaries are reduced to a general decoding task, which is thought to be difficult on average, even when faced with quantum adversaries (Sendrier, 2017). The general operation of code-based cryptography is depicted in Figure 4. McEliece is one of the most well-known methods within code-based cryptography. ...

With the development of technology and its integration with scientific realities, computer systems continue to evolve as infrastructure. One of the most important obstacles in front of quantum computers with high‐speed processing is that its existing systems cause security vulnerabilities. Therefore, in order to take advantage of quantum systems, existing systems that are already secure must also be secure in the post‐quantum scenario. One of these systems is edge computing. There are challenges in terms of computational power for the implementation of pre‐ and post‐quantum methods in structures with resource‐constrained devices. This article reviews the post‐quantum security threats of edge devices and systems and the secure methods developed for them. Although there is relatively little research in this field, it remains relevant. In the studies reviewed, lattice‐based approaches are often highlighted for making edge systems quantum‐resistant. Additionally, these studies indicate that there has been an increasing trend in this field in recent years.
This article is categorized under: Applications of Computational Statistics > Defense and National Security
Algorithms and Computational Methods > Networks and Security

... Quantumresistant blockchain aims to counteract quantum attacks, such as those based on Grover's and Shor's algorithms, through the utilization of mathematical algorithms and protocols that are currently effective against quantum computers. Lattice cryptosystems [118], [119], [120], multivariate cryptosystems [121], [122], code-based cryptosystems [123], [124], and some others cryptographic schemes are recognized as quantum-resistant post-quantum cryptosystems. ...

Over the last few decades, technology has been improving dramatically and consequently transformed the standard of living and socio-economic conditions. The entire process will revolutionize when the next advanced technologies will be fully functional. Advanced technologies like the metaverse, Web 3.0, and others necessitate high computing power, invincible security, and ultra-fast internet. Despite increasing demand, traditional computing methods have limitations and are not capable of satisfying the requirements. To solve these tribulations, quantum computing is shining a light of hope. This survey aims to analyze the methodology, constraints, and potential of integrating quantum computing with the metaverse. We begin with an overview of quantum computing and related terms. We then investigate the feasibility of applying quantum-enabled technologies to enhance the metaverse. Furthermore, this survey also considers middleware for seamless conversion between traditional and quantum computing with the metaverse. In the subsequent phase of this survey, our objective is to discern and delineate the prospective application domains for the quantum-enabled metaverse. In essence, the difficulties of integrating quantum computing with the metaverse, present research approaches, and open research issues with consequences for additional in-depth investigations are highlighted.

... Code-based cryptography: Code-based cryptography is based on the McEliece public-key encryption scheme which is known to be one of the most suitable candidates for the post-quantum era as it has been proving its security for over 40 years. Similar to lattice-based encryption, there is no known algorithm or method that can be used to breach this scheme [141][142][143]. ...

Established and emerging technologies such as 5G, Internet of Things (IoT), and blockchain will play an increasingly significant role in smart city applications, which reinforce the importance of designing security and privacy-aware/preserving solutions. Hence, we comprehensively survey articles focusing on blockchain for a secure IoT-enabled smart city based on 5G and beyond, published between 2016 and 2023. In this survey, we first introduce the seminal contributions and background technological knowledge regarding smart city. Furthermore, based on the layered blockchain-based architecture of the IoT-enabled smart city, we provide an all-inclusive summary of previous works and outline the blockchain research framework in smart city. Then, we discuss how to use blockchain and beyond 5G in smart city applications, including smart manufacturing, and smart vehicular networks. In addition to reviewing the existing approaches described in the 125 articles surveyed, we also identify several limitations and present potential extensions to design future blockchain-based solutions for smart cities.

... These algorithms offer protection against both classical and quantum attacks and are designed to work compatible with existing communication protocols. There are five primary classes of PQC algorithms: lattice-based cryptography [6], code-based cryptography [7], multivariate-based cryptography [8], hashbased cryptography [9], and isogeny-based cryptography [10]. Lattice-based cryptography is considered a top contender for future PQC standard algorithms. ...

In an IoT-based healthcare system, medical IoT devices gather and transmit critical patient data. Ensuring the security and privacy of medical data is paramount. One of the most critical challenges in this regard is the authentication of participating entities. The literature proposes specific authentication approaches for healthcare systems based on integer factorization and discrete logarithm problems. However, the advent of quantum computers would fundamentally break all of these protocols. In this study, we conducted an analysis of a recently proposed authentication and access control scheme for e-health systems, which is based on lattice-based cryptography and was developed by Gupta et al.. Our analysis revealed that the scheme is vulnerable to several types of attacks, including impersonation, de-synchronization, and smart card stolen attacks, which could compromise the confidentiality and integrity of sensitive medical data. To address these security challenges, we propose an alternative authentication and access control scheme that uses Saber, a finalist lattice-based key encapsulation algorithm from round three of the NIST PQC standardization. One of the biggest advantages of Saber is its simplicity and efficiency. Our proposed scheme is designed specifically for e-health systems and provides robust protection against the vulnerabilities identified in Gupta et al.’s scheme. We believe that our proposed scheme represents a significant improvement over existing approaches and could help to enhance the security and privacy of e-health systems. Upon completion of our improved protocol, we proceeded to implement it within the Vivado 2018.3 environment for Zynq UltraScale FPGAs. To gather insight into its performance, we conducted a performance comparison study with various related protocols.

... Having proven to be quantum-resistant, code-based cryptosystems use the theory of error correcting codes (more precisely, they are based upon structural codes with some intentionally inserted errors such that only the legitimate receiver with the right knowledge would be able to recover the plaintext). Their security inherently relies on the fact that decoding a codeword without the knowledge of the encoding scheme is an NP-complete problem [23], [24]. The security of codebased cryptosystems does not rely on the complexity of any mathematical problem that quantum computers solve efficiently. ...

It is a matter of time before quantum computers will break the cryptosystems like RSA and ECC underpinning today’s internet protocols. As Post-Quantum Cryptography (PQC) is a low-cost approach compared to others like quantum key distribution, the National Institute of Standards and Technology (NIST) has recently reviewed and analyzed numerous approaches to PQC. As a PQC candidate, Bit Flipping Key Encapsulation (BIKE) is expected to be standardized as a general-purpose Key Encapsulation Mechanism (KEM) by NIST. However, it lacks a comprehensive review of BIKE associated with technical analysis. This paper aims to present an in-depth review and analysis of the BIKE scheme with respect to relevant attacks. We provide a comprehensive review of the original McEliece (ME) scheme and present a detailed discussion on its practical challenges. Furthermore, we provide an in-depth study on the challenges of ME and BIKE cryptosystems in achieving the Indistinguishability under Chosen-Ciphertext Attack (IND-CCA) security. We provide an analysis of these cryptosystems and their security against several attacks before pointing out the research gaps for strengthening BIKE.

... Post-quantum cryptography [2] is the development of cryptographic mechanisms [3][4][5] that are secure against quantum attacks. Code-based cryptographic primitives [6] have been shown to be resistant to quantum attacks. The first code-based cryptosystem was introduced by McEliece and is known as the McEliece cryptosystem [7]. ...

Digital signature schemes are used for the authentication and verification of signatures. The Courtois–Finiasz–Sendrier (CFS) digital signature is a well‐known code‐based digital signature scheme based on the Niederreiter cryptosystem. However, it is not widely used due to the computation time of the signing algorithm. Most code‐based digital signature schemes are based on the Niederreiter cryptosystem. This paper proposes a new code‐based digital signature that is based on the McEliece cryptosystem. Key generation, signing, and verification algorithms are presented. The key generation algorithm constructs a public key using random inverse matrices. The signing algorithm has lower complexity and requires less computation time than the CFS scheme to sign a document. The verification algorithm is able to detect forgeries. It is shown that the proposed scheme is secure against public key structural attacks.

... They are based on NP-hard problems, which can not be solved in polynomial time when using tradition computer algorithms or quantum computer algorithms. The main algorithms of post-quantum signatures can be grouped into four divisions, i.e., lattice-based signatures [24][25][26], multivariate signatures [27][28][29], hash-based signatures [30][31][32] and code-based signatures [33][34][35]. Such signatures are claimed be secure under quantum computer attacks. ...

Machine learning (ML) is the core of Artificial Intelligence (AI), and it is the fundamental way to make computer have intelligence. ML is a technology that uses algorithms to parse data, constantly learn, and make judgements and predictions about what happens. With the continuous development of ML technology, using ML algorithms to analyze the security of physical hardware has gradually become one of the hot spots in the research field. In the field of hardware security, post quantum cryptography is one of the research hotspots, e.g., multivariate cryptography. However, analyzing post-quantum signatures based on ML is still in the early stage. As substitutions of current used signatures, post-quantum signatures should fully consider side channel attack based on ML techniques so that they can be used in reality. In order to address such challenges, we present ML techniques to exploit the measurement of side channel attacks to post-quantum signatures. We propose a ML model for the measurement of side channel attacks. The efficiency of the proposed model is measured and it can be extended to analyze other similar signatures.

... These properties are desirable in code-based cryptography. On the other hand, although there is no general complexity result for QC-SDP, this problem is considered hard by the cryptographic community [26] and the best known algorithms to solve it are the same to solve the SDP with the only advantage that the computational cost is reduced by a constant factor [25,19]. There is an attempt to show that the decisional variant of QC-SDP is NP-complete but it is only limited to a particular form of QC codes [6]. ...

We prove that the problem of decoding a quasi-cyclic linear code is NP-hard, and the corresponding decision problem is NP-complete. We also discuss the cryptographic significance of this result.

... The mainstream PQC algorithms can be divided into four categories according to the construct method [12]: multivariate cryptography [13], code-based cryptography [14], hashbased signatures [15], and lattice-based cryptography [16]. In order to promote the practical application of these algorithms, the efficient and reliable hardware implementation of PQC has become a concerned research direction. ...

Polynomial multiplication is the most computationally expensive part of the lattice-based cryptography algorithm. However, the existing acceleration schemes have problems, such as low performance and high hardware resource overhead. Based on the polynomial multiplication of number theoretic transformation (NTT), this paper proposed a simple element of Montgomery module reduction with pipeline structure to realize fast module multiplication. In order to improve the throughput of the NTT module, the block storage technology is used in the NTT hardware module to enable the computing unit to read and write data alternately. Based on the NTT hardware module, a precalculated parameter storage and real-time calculation method suitable for the hardware architecture of this paper is also proposed. Finally, the hardware of polynomial multiplier based on NTT module is implemented, and its function simulation and performance evaluation are carried out. The results show that the proposed hardware accelerator can have excellent computing performance while using fewer hardware resources, thus meeting the requirements of lattice cipher algorithms in security chips. Compared with the existing studies, the computing performance of the polynomial multiplier designed in this paper is improved by approximately 1 to 3 times, and the slice resources and storage resources used are reduced by approximately 60% and 17%, respectively.

... Although it is possible to check the error for some specialized codes, it is quite difficult for arbitrary linear codes. In this sense, one of the special codes is Goppa codes that allow effective error correction [9]. Using Goppa codes, a secure code-based scheme can be created by hiding the encoding and decoding steps. ...

The production of quantum computers with fast processing power and practical use will adversely affect the foundations of secure communication, especially for public-key cryptosystems (PKCs). Potential problems and solution scenarios are created early to design quantum-resistant PKCs. In this paper, the emergence of the concept of post-quantum cryptography (PQC) and early precautionary actions are explained. In addition, cryptosystem families that are known/believed to be secure in the presence of quantum computers are discussed. Based on these classes, the selected encryption/key encapsulation (KEM) and signature schemes of the NIST PQC process are expressed. Finally, some open problems for the post-quantum era are summarized.

... To encrypt the message, the sender needs to add a specific amount of random noise [1,[12][13][14]. The noise can be removed only using the Goppa code [66,70]. It is a computationally It is based on quasi-cyclic moderate density parity-check (QC-MDPC) codes that can be decoded using bit flipping decoding techniques [68]. ...

-Quantum computer is no longer a hypothetical idea. It is the world's most important technology and there is a race among countries to get supremacy in quantum technology. It is the technology that will reduce the computing time from years to hours or even minutes. The power of quantum computing will be a great support for the scientific community. However, it raises serious threats to cybersecurity. Theoretically, all the cryptography algorithms are vulnerable to attack. The practical quantum computers, when available with millions of qubits capacity, will be able to break nearly all modern public-key cryptographic systems. Before the quantum computers arrive with sufficient ‘qubit’ capacity, we must be ready with quantum-safe cryptographic algorithms, tools, techniques, and deployment strategies to protect the ICT infrastructure. This paper discusses in detail the global effort for the design, development, and standardization of various quantum-safe cryptography algorithms along with the performance analysis of some of the potential quantum-safe algorithms. Most quantum-safe algorithms need more CPU cycles, higher runtime memory, and a large key size. The objective of the paper is to analyze the feasibility of the various quantum-safe cryptography algorithms.

... Of numerous approaches, code-based cryptosystems (CBC) are considered a promising alternative to the existing PKE schemes [7], [8]. Based on the theory of error-correcting codes, their underlying security relies on that decoding a codeword without the knowledge of an encoding scheme is an N P-complete problem [9]. The idea of CBC was incepted by McEliece in 1978 [10] has remained secure against classical and quantum attacks but at the cost of a larger key size. ...

The evolution of quantum computers poses a serious threat to contemporary public-key encryption (PKE) schemes. To address this impending issue, the National Institute of Standards and Technology (NIST) is currently undertaking the Post-Quantum Cryptography (PQC) standardization project intending to evaluate and subsequently standardize the suitable PQC scheme(s). One such attractive approach, called Bit Flipping Key Encapsulation (BIKE), has made to the final round of the competition. Despite having some attractive features, the IND-CCA security of the BIKE depends on the average decoder failure rate (DFR), a higher value of which can facilitate a particular type of side-channel attack. Although the BIKE adopts a Black-Grey-Flip (BGF) decoder that offers a negligible DFR, the effect of weak-keys on the average DFR has not been fully investigated. Therefore, in this paper, we first perform an implementation of the BIKE scheme, and then through extensive experiments show that the weak-keys can be a potential threat to IND-CCA security of the BIKE scheme and thus need attention from the research community prior to standardization. We also propose a key-check algorithm that can potentially supplement the BIKE mechanism and prevent users from generating and adopting weak keys to address this issue.

... To encrypt the message, the sender needs to add a specific amount of random noise [1,[12][13][14]. The noise can be removed only using the Goppa code [66,70]. It is a computationally It is based on quasi-cyclic moderate density parity-check (QC-MDPC) codes that can be decoded using bit flipping decoding techniques [68]. ...

Quantum computer is no longer a hypothetical idea. It is the worlds most important technology and there is a race among countries to get supremacy in quantum technology. Its the technology that will reduce the computing time from years to hours or even minutes. The power of quantum computing will be a great support for the scientific community. However, it raises serious threats to cybersecurity. Theoretically, all the cryptography algorithms are vulnerable to attack. The practical quantum computers, when available with millions of qubits capacity, will be able to break nearly all modern public-key cryptographic systems. Before the quantum computers arrive with sufficient qubit capacity, we must be ready with quantum-safe cryptographic algorithms, tools, techniques, and deployment strategies to protect the ICT infrastructure. This paper discusses in detail the global effort for the design, development, and standardization of various quantum-safe cryptography algorithms along with the performance analysis of some of the potential quantum-safe algorithms. Most of the quantum-safe algorithms need more CPU cycles, higher runtime memory, and large key size. The objective of the paper is to analyze the feasibility of the various quantum-safe cryptography algorithms.

... At the time of writing, two quantum-safe candidate methods have been proposed, namely post-quantum cryptography and quantum cryptography. The family of post-quantum cryptography [14]- [16] consists of code-based [17], hash-based [18], lattice-based [19], and multivariate [20] cryptosystems that have been proven safe against the known quantum attacks. They have the advantage of being compatible with existing cryptographic infrastructures and can reach high secret-key rates over relatively long distances. ...

Quantum key distribution (QKD) constitutes a
symmetric secret key negotiation protocol capable of maintaining
information-theoretic security. Given the recent advances in QKD
networks, they have evolved from academic research to some
preliminary applications. A QKD network consists of two or more
QKD nodes interconnected by optical fiber or free space links.
The secret keys are negotiated between any pair of QKD nodes,
and then they can be delivered to multiple users in various areas
for ensuring long-term protection and forward secrecy. We
commence by introducing the QKD basics, followed by reviewing
the development of QKD networks and their implementation in
practice. Subsequently, we describe the general QKD network
architecture, its elements, as well as its interfaces and protocols.
Next, we provide an in-depth overview of the associated physical
layer and network layer solutions, followed by the standardization
efforts as well as the application scenarios associated with QKD
networks. Finally, we discuss the potential future research
directions and provide design guidelines for QKD networks.

... Given: p, n 0 , w, a random parity check matrix H of a QC code and let s ∈ F p q be a syndrome. Although there is no general complexity result for quasi-cyclic codes, decoding these codes are considered hard by the cryptographic community [20]. In practice, the best attacks are the same as those for non-circulant codes up to a small factor [21,22]. ...

We propose to replace the Goppa codes with QC-LDPC codes in the digital signature scheme mCFSc. With this modification, we obtain a considerable reduction (50 times on average) of the public key sizes without losing security. Our theoretical security model is the same as for the mCFS scheme. We discuss the possibility of applying some known methods to attacks on the hash function and on the public/private key setting. We also propose a set of parameters for several security levels; for example, we can get 80 bits of security with the public key size ≈ 1.82 KB, 128 bits of security with ≈ 3.87 KB, and 256 bits of security with ≈ 13.88 KB.

... These days, binary and nonbinary codes such as q-ary Hamming codes, the binary and ternary Golay codes, and q-ary Reed-Solomon codes are used in internet communication, GPS signals, mobile phones, and computer devices. It is well known that error-correcting codes are closely related to cryptography [7,24]. Moreover, researchers have recently started investigating the relation between error-correcting codes and deep learning [3,18]. ...

This paper gives new methods of constructing symmetric self-dual codes over a finite field GF(q) where q is a power of an odd prime. These methods are motivated by the well-known Pless symmetry codes and quadratic double circulant codes. Using these methods, we construct an amount of symmetric self-dual codes over GF(11), GF(19), and GF(23) of every length less than 42. We also find 153 new self-dual codes up to equivalence: they are [32, 16, 12], [36, 18, 13], and [40, 20, 14] codes over GF(11), [36, 18, 14] and [40, 20, 15] codes over GF(19), and [32, 16, 12], [36, 18, 14], and [40, 20, 15] codes over GF(23). They all have new parameters with respect to self-dual codes. Consequently, we improve bounds on the highest minimum distance of self-dual codes, which have not been significantly updated for almost two decades.

This research addresses the critical challenge of maintaining network security and privacy in the face of emerging quantum computing technologies. While classical cryptographic methods have long been the cornerstone of network security, the advent of quantum computing threatens to render many of these techniques obsolete. While previously proposed solutions, such as post-quantum cryptography and quantum key distribution, are useful in some aspects of maintaining the security of communications between individuals or organizations, they are often insufficient to protect against the full range of security implications that arise from quantum computing, especially in open shared quantum computing environments. Research in this area is largely challenged by the immaturity of the quantum hardware, quantum error correction, and how to best design secure quantum-safe network architectures in the long term, lack of frameworks for cryptography, and we have very little idea about the best way to use quantum computers to perform certain types of cryptographic attacks for periods well into the future, known as 'collect now, break later' attacks. This paper uses qualitative methodology which is based on systematic literature reviews, using case studies and a document analysis, with the purpose of providing an unabridged and precise assessment on the impact of quantum computing on network security. The study synthesizes the findings from several academic databases regarding the use of quantum technologies in real-world security applications. The findings highlight that quantum computing brings about breakthrough levels of computational power, as well as allowing for super-secure data transmission with quantum key distribution. But there are also new risks, such as crosstalk attacks, qubit sensing attacks and challenges from quantum decoherence and scalability. The paper identifies possible mitigation measures, including new techniques for quantum error correction, quantum-safe cryptography and novel approaches for quantum resources sharing. The findings are of significance for the economy and society as a whole, as they outline the urgency to shift security approaches for networks by developing quantum-safe algorithms and protocols, the importance of interdisciplinary collaboration to this end, and the need to develop policies to prepare for a post-quantum cryptographic era. This range of analysis offers to the researchers, policy-makers and industry professionals a roadmap and concrete guiding principles for future innovation and development of quantum-enhanced network security, concluding that although quantum computing poses as a profound security threat, it could, at the same time, offer revolutionary pathways for secure communications and data-protection when used properly.

Quantum computing has tremendous potential to change the world by solving many previously unsolvable problems. However, with this tremendous computational power comes threats to our existing technologies safeguarding the world's communication channels and data storage. Specifically, it threatens our standardized and widely deployed cryptographic systems that are in use today. These existing cryptosystems are based on mathematical techniques that are difficult (essentially infeasible) for a classical computer to solve. Quantum computing presents a threat since many previously infeasible problems are likely to become feasible or even easy to solve by a quantum computer. This paper briefly reviews quantum computing and its properties before studying related work into postquantum cryptography. The eventuality of quantum computing is discussed based on readily available research and public information, in addition to expert opinion, which then provides insight into the eventuality of postquantum cryptography and the validity of action, or inaction, around this research. Further topics focus on the standardization of postquantum cryptosystems, and future research trends and opportunities in the field of postquantum cryptography.

Communication security has to evolve to a higher plane in the face of the threat from the massive computing power of the emerging quantum computers. Quantum secure direct communication (QSDC) constitutes a promising branch of quantum communication, which is provably secure and overcomes the threat of quantum computing, whilst conveying secret messages directly via the quantum channel. In this survey, we highlight the motivation and the status of QSDC research with special emphasis on its theoretical basis and experimental verification. We will detail the associated point-to-point communication protocols and show how information is protected and transmitted. Finally, we discuss the open challenges as well as the future trends of QSDC networks, emphasizing again that QSDC is not a pure quantum key distribution (QKD) protocol, but a fully-fledged secure communication scheme.

Significant progress has been made since the research community explicitly started defining a vision for 6
^{th}
generation network (6G). The goal of the present paper is to revisit research challenges in six key technology areas for 6G, summarize some of the main achievements so far and articulate remaining challenges. Research on new spectrum technologies mainly focuses on the upper mid-band 7-15 GHz for providing higher capacity with coverage from existing cell sites in an energy efficient way. Use of machine learning at the wireless transmitter and receiver opens opportunities for new system design paradigms and improved performances compared to conventional signal processing. Joint communication and sensing (JCAS) exploits base stations as a ubiquitously avaiable wireless sensing modality with minimal impairment of the quality of service (QoS) of a communication link. At the end-points of the 6G network there will be specialized mobile subnetworks with challenging networking requirements. An important concern is to create crypto-agile networks that protect against emerging security threats, provide resilience and preserve privacy. Research on concepts and algorithms for any of these areas should be coupled with their integration into a cognitive cloud architecture to evaluate system trade-offs and enable a flexible automated deployment involving multiple actors.

The evolution of quantum computers poses a serious threat to contemporary public-key encryption (PKE) schemes. To address this impending issue, the National Institute of Standards and Technology (NIST) is currently undertaking the Post-Quantum Cryptography (PQC) standardization project intending to evaluate and subsequently standardize the suitable PQC scheme(s). One such attractive approach, called Bit Flipping Key Encapsulation (BIKE), has entered the final round of the competition. Despite having some attractive features, the IND-CCA security of BIKE depends on the average decoder failure rate (DFR), a higher value of which can facilitate a particular type of side-channel attack. Although BIKE adopts the Black-Grey-Flip (BGF) decoder that offers a negligible DFR, the effect of weak-keys on the average DFR has not been fully investigated. In this paper, we implement the BIKE scheme, and then through extensive experiments show that the weak-keys can be a potential threat to IND-CCA security of the BIKE scheme and thus need attention from the relevant research community. We also propose a key-check algorithm that can potentially supplement the BIKE mechanism and prevent users from adopting weak-keys.

Recently, Internet-of-Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain-based IoT solutions have been proposed that address trust limitation by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource-constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low-powered consensus protocols and smart contract design to assess and validate the blockchain-IoT ecosystems. We discuss the key blockchain concepts and present the scalability and performance issues of consensus protocols to support IoT. Further, we discuss smart contract vulnerabilities and blockchain attacks. Open issues and future directions are presented, supported through a case study of low-powered consensus protocol design in the blockchain-IoT ecosystem. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.

Internet of Things (IoT) techniques have been employed in many areas, e.g., vehicles, smart home, and medicine. Among the applications of IoTs, the Internet of Vehicles (IoV) is one of the most popular techniques. IoVs are protected by public key cryptographic systems, such as RSA and ECC. However, such systems are vulnerable to quantum computer attacks. Thus, we improve the security of IoV-based post-quantum signatures, which can resist quantum computer attacks. The key operations are divisions in a finite field. Hence, we improve the security of IoV-based post-quantum signatures with division by employing systolic architectures. We propose a systolic architecture for computing division in composite fields. After that, we improve the IoT security-based post-quantum signatures with systolic divisions. We test and verify our design on a Field-Programmable Gate Array (FPGA); the experimental results confirm our estimates. Furthermore, the optimized method proposed can be further applied to various applications like solving system of linear equations and cryptographic applications for IoT security.

Recent advancement in quantum information processing technology has led to the emergence of advanced cryptography in the post-quantum era. Next generation cryptographic techniques aim to be mathematically resistant against any known attacks related to quantum computing, and can be easily implemented on traditional hardware platforms. The National Institutes of Standards and Technology (NIST) has entered the fourth-round standardization process of post-quantum cryptography (PQC). Software implementations of PQC candidates have been widely investigated. Interests in domain-specific hardware acceleration of PQC algorithms have risen, in particular using field-programmable gate arrays (FPGAs). While conventional general-purpose hardware platforms have been used for PQC implementations, modern FPGAs promise software-hardware co-optimisation, deep pipeline parallelism and trivial support for custom-precision arithmetic. Therefore, the time is ripe for reviewing recent FPGA-based PQC implementations. This article first surveys state-of-the-art advances in PQC implementations on FPGAs, including fast arithmetic, algorithm-hardware codesign approaches and open-source PQC hardware projects, then gives a brief review of recent attacks on PQC algorithms and their hardware implementations. Finally, we summarise the challenges for hardware implementations along with potential research directions in this promising field.

Asymmetric cryptography plays an essential role in many areas, including cloud computing, big data, blockchain, and the Internet of Things (IoT). However, most of them are based on the difficulty of factorizing large numbers or discrete logarithm problems, which are not secure to quantum computer attacks. SimpleMatrix is a new multivariate encryption scheme based on simple matrix multiplications, which can resist quantum computer attacks. Because of the low speed and demands of large finite fields, SimpleMatrix is limited in applications that use small finite fields. As a result, it is critical to improve the efficiency of SimpleMatrix to make its applications broader. In this paper, we speed up the encryption and decryption of SimpleMatrix by building efficient small finite field arithmetics based on Field-Programmable Gate Arrays (FPGAs) technology. We propose a fast architecture for encryption and decryption of SimpleMatrix based on table look-up based composite field multiplications and inversions and fast Gauss-Jordan elimination for solving systems of linear equations in a composite field. We test and verify the hardware architecture of SimpleMatrix on an FPGA, and the experimental results confirm our estimates and comparisons show that our design is much faster than other implementations. Thus, the hardware architecture can be used in FPGA-based systems of cloud computing, IoT, etc., for accelerating encryption and decryption.

Quantum technology is an asset for digitisation and the cyberrealm. It aims at designing faster and more advanced solutions to present-day problem statements. Blockchain is a decentralised structure and thus lacks a supervisory authority to monitor it. Hence, it is important to imbibe security in blockchain when we are specifically moving towards quantum development. While dealing with blockchain, quantum technology enables faster transactions and quantum cryptosystems and devices can safeguard security into the blockchain systems as well. Thus, the paper focuses on discussing approaches to implement blockchain within quantum cryptosystems along with quantum cryptography. The paper discusses the attacks compromising the classical or quantum security and mechanisms proposed to counter the attacks. The prime focus of the paper is to discuss security implementations and methods in the quantum domain and contribute to quantum cryptography in the blockchain. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

Network in Box (NIB) is a self-organizing and portable device. The six-generation wireless communication technologies (6G) can empower NIB with better spectrum efficiency by integrating satellite broadcasting. 6G-enabled NIB is promising to promote the communication efficiency of Internet of Vehicles (IoV). IoV has emerged as the concrete practice of intelligent transportation. However, IoV is vulnerable to attacks from quantum computers because they use traditional RSA and elliptic cure cryptographic systems. Therefore, it is critical to improving the security of IoV against quantum computer attacks. This paper proposes the first secure scheme based on post-quantum techniques for 6G-enabled NIB to protect IoV against quantum attacks. On the one hand, a blockchain-based public key infrastructure is proposed to authenticate the IoV devices securely. On the other hand, we design a blockchain-based multi-party key agreement and communication system to support multi-party communication among IoV devices. The extensive theoretical analysis and experimental results indicate that the proposed blockchain system based on 6G-enabled NIB can achieve high security and efficiency for IoV.

This article focuses on the self-dual monomial codes that have an underlying structure of decreasing/weakly decreasing monomial codes. Having such a property permits an in-depth analysis of their structure: The permutation group of a subclass is (significantly) bigger than the affine group. Upon looking at higher powers of the code, we see that its third power is the entire space, but the dual of the square code gives information helpful for decoding. Using operations such as shortening, puncturing and taking the discrete derivative, we extract the subcode generated by the multiples of a certain variable. Recently, self-dual monomial codes have been proposed for a McEliece public key encryption scheme. They seem to possess strong security features - they have a large permutation group, they are self-dual, there are exponentially many of them by counting the possible monomial bases used in their construction. A more detailed analysis allows us to identify subclasses where the square code and shortening methods yield non-trivial results; in these cases, the security is dominated by the complexity of the Information Set Decoding, which is exponential in the square root of the length of the code. This is a solid argument for the security of the McEliece variant based on self-dual monomial codes.

In this work, we propose two McEliece variants: one from Moderate Density Parity-Check (MDPC) codes and another from quasi-cyclic MDPC codes. MDPC codes are LDPC codes of higher density (and worse error-correction capability) than what is usually adopted for telecommunication applications. However, in cryptography we are not necessarily interested in correcting many errors, but only a number which ensures an adequate security level. By this approach, we reduce under certain hypotheses the security of the scheme to the well studied decoding problem. Furthermore, the quasi-cyclic variant provides extremely compact-keys (for 80-bits of security, public-keys have only 4801 bits).

The purpose of this talk is to study the difficulty of the Goppa Code Distinguishing (GD) problem, which is the problem of distinguishing the public matrix in the McEliece cryptosystem from a random matrix. It is widely believed that this problem is computationally hard as proved by the increas-ing number of papers using this hardness assumption. One can consider that disproving/mitigating this hardness assumption is a breakthrough in code-based cryptography. In this paper, we present an efficient distinguisher for alternant and Goppa codes over binary/non binary fields. Our distinguisher is based on a recent algebraic attack against compact variants McEliece which reduces the key-recovery to the problem of solving an algebraic system of equations. We exploit a defect of rank in the (linear) system obtained by linearizing this algebraic system. It turns out that our distinguisher is also highly discriminant. Indeed, we are able to precisely quantify the defect of rank for "generic" binary and non-binary random, alternant and Goppa codes. We have verified these formulas with practical experiments, and a theoretical expla-nation for such defect of rank is also provided. To our knowledge, this is the first serious cryptographic weakness observed on McEliece since thirty years.

In this paper we propose a new approach to investigate the security of the McEliece cryptosystem. We recall that this cryptosystem relies on the use of error-correcting codes. Since its invention thirty years ago, no ecient attack had been devised that managed to recover the private key. We prove that the private key of the cryptosystem satises a system of bi-homogeneous polynomial equations. This property is due to the particular class of codes considered which are alternant codes. We have used these highly structured algebraic equations to mount an ecient key-recovery attack against two recent variants of the McEliece cryptosystems that aim at reducing public key sizes. These two compact variants of McEliece managed to propose keys with less than 20,000 bits. To do so, they proposed to use quasi-cyclic or dyadic structures. An implementation of our algebraic attack in the computer algebra system Magma allows to nd the secret-key in a negligible time (less than one second) for almost all the proposed challenges. For instance, a private key designed for a 256-bit security has been found in 0.06 seconds with about 2 17:8 operations.

McEliece is one of the oldest known public key cryptosys- tems. Though it was less widely studied than RSA, it is remarkable that all known attacks are still exponential. It is widely believed that code-based cryptosystems like McEliece do not allow practical digital signatures. In the present paper we disprove this belief and show a way to build a practical signature scheme based on coding theory. Its security can be reduced in the random oracle model to the well-known syndrome decoding problem and the distinguishability of permuted binary Goppa codes from a random code. For example we propose a scheme with signatures of 81-bits and a binary security workfactor of 283.

The Goppa Code Distinguishing (GCD) problem consists in distinguishing the matrix of a Goppa code from a random matrix. Up to now, it is widely believed that the GCD problem is a hard decisional problem. We present the first technique allowing to distinguish alternant and Goppa codes over any field. Our technique can solve the GCD problem in polynomial-time provided that the codes have rates sufficiently large. The key ingredient is an algebraic characterization of the key-recovery problem. The idea is to consider the dimension of the solution space of a linearized system deduced from a particular polynomial system describing a key-recovery. It turns out that experimentally this dimension depends on the type of code. Explicit formulas derived from extensive experimentations for the value of the dimension are provided for “generic” random, alternant, and Goppa code over any alphabet. Finally, we give explanations of these formulas in the case of random codes, alternant codes over any field and binary Goppa codes.

In this paper we describe simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys. The schemes are provably secure against any known or chosen message attack ff factoring is difficult, and typical implementations require only 1% to 4% of the number of modular multiplications required by the RSA scheme. Due to their simplicity, security and speed, these schemes are ideally suited for microprocessor-based devices such as smart cards, personal computers, and remote control system.q.

We propose a new decoding algorithm for random binary linear codes. The so-called information set decoding algorithm of Prange (1962) achieves worst-case complexity $2^{0.121n}$. In the late 80s, Stern proposed a sort-and-match version for Prange’s algorithm, on which all variants of the currently best known decoding algorithms are build. The fastest algorithm of Becker, Joux, May and Meurer (2012) achieves running time $2^{0.102n}$ in the full distance decoding setting and $2^{0.0494n}$ with half (bounded) distance decoding.
In this work we point out that the sort-and-match routine in Stern’s algorithm is carried out in a non-optimal way, since the matching is done in a two step manner to realize an approximate matching up to a small number of error coordinates. Our observation is that such an approximate matching can be done by a variant of the so-called High Dimensional Nearest Neighbor Problem. Namely, out of two lists with entries from ${\mathbb F}_2^m$ we have to find a pair with closest Hamming distance. We develop a new algorithm for this problem with sub-quadratic complexity which might be of independent interest in other contexts.
Using our algorithm for full distance decoding improves Stern’s complexity from $2^{0.117n}$ to $2^{0.114n}$. Since the techniques of Becker et al apply for our algorithm as well, we eventually obtain the fastest decoding algorithm for binary linear codes with complexity $2^{0.097n}$. In the half distance decoding scenario, we obtain a complexity of $2^{0.0473n}$.

Algorithms for secure encryption in a post-quantum world are currently receiving a lot of attention in the research community, including several larger projects and a standardization effort from NIST. One of the most promising algorithms is the code-based scheme called QC-MDPC, which has excellent performance and a small public key size. In this work we present a very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterative decoding step and this can fail with some small probability. We identify a dependence between the secret key and the failure in decoding. This can be used to build what we refer to as a distance spectrum for the secret key, which is the set of all distances between any two ones in the secret key. In a reconstruction step we then determine the secret key from the distance spectrum. The attack has been implemented and tested on a proposed instance of QC-MDPC for 80 bit security. It successfully recovers the secret key in minutes.
A slightly modified version of the attack can be applied on proposed versions of the QC-MDPC scheme that provides IND-CCA security. The attack is a bit more complex in this case, but still very much below the security level. The reason why we can break schemes with proved CCA security is that the model for these proofs typically does not include the decoding error possibility.

We present a construction for non-interactive zero-knowledge proofs of knowledge in the random oracle model from general sigma-protocols. Our construction is secure against quantum adversaries. Prior constructions (by Fiat-Shamir and by Fischlin) are only known to be secure against classical adversaries, and Ambainis, Rosmanis, Unruh (FOCS 2014) gave evidence that those constructions might not be secure against quantum adversaries in general.
To prove security of our constructions, we additionally develop new techniques for adaptively programming the quantum random oracle.

This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.

Recently Chor and Rivest proposed a knapsack-type cryptosystem for low-weight message vectors. We introduce cryptosystems of this type involving public keys with fewer bits and yielding a higher information rate than the Chor-Rivest cryptosystem. The design of these cryptosystems is based on techniques from algebraic coding theory.

Almost all of the current public-key cryptosystems (PKCs) are based on number theory, such as the integer factoring problem and the discrete logarithm problem (which will be solved in polynomial-time after the emergence of quantum computers). While the McEliece PKC is based on another theory, i.e. coding theory, it is vulnerable against several practical attacks. In this paper, we carefully review currently known attacks to the McEliece PKC, and then point out that, without any decryption oracles or any partial knowledge on the plaintext of the challenge ciphertext, no polynomial-time algorithm is known for invert- ing the McEliece PKC whose parameters are carefully chosen. Under the assumption that this inverting problem is hard, we propose slightly mod- ified versions of McEliece PKC that can be proven, in the random oracle model, to be semantically secure against adaptive chosen-ciphertext at- tacks. Our conversions can achieve the reduction of the redundant data down to 1/3 ∼ 1/4 compared with the generic conversions for practical parameters.

A public-key cryptosystem which appears quite secure while at the same time allowing extremely rapid data rates, is constructed for use in multi-user communication networks, such as those envisioned by NASA for the distribution of space-acquired data.

We consider the problem to determine the maximal number of satisfiable equations in a linear system chosen at random. We make several plausible conjectures about the average case hardness of this problem for some natural distributions on the instances, and relate them to several interesting questions in the theory of approximation algorithms and in cryptography. Namely we show that our conjectures imply the following facts:
◦ Feige’s hypothesis about the hardness of refuting a random 3CNF is true, which in turn implies inapproximability within a constant for several combinatorial problems, for which no NP-hardness of approximation is known.
◦ It is hard to approximate the NEAREST CODEWORD within factor n
1-ε
.
◦ It is hard to estimate the rigidity of a matrix. More exactly, it is hard to distinguish between matrices of low rigidity and random ones.
◦ There exists a secure public-key (probabilistic) cryptosystem, based on the intractability of decoding of random binary codes.

MEMBER, IEEE, AND HENK C. A. V~ TILBORG The fact that the general decoding problem for linear codes and the general problem of finding the weights of a linear code are both NP-complete is shown. This strongly suggests, but does not rigorously imply, that no algorithm for either of these problems which runs in polynomial time exists.

Zero-knowledge proofs were introduced in 1985, in a paper by Goldwasser, Micali and Rackoff ([6]). Their practical significance was soon demonstrated in the work of Fiat and Shamir ([4]), who turned zero-knowledge proofs of quadratic residuosity into efficient means of establishing user identities. Still, as is almost always the case in public-key cryptography, the Fiat-Shamir scheme relied on arithmetic operations on large numbers. In 1989, there were two attempts to build identification protocols that only use simple operations (see [11, 10]). One appeared in the EUROCRYPT proceedings and relies on the intractability of some coding problems, the other was presented at the CRYPTO rump session and depends on the so-called Permuted Kernel problem (PKP). Unfortunately, the first of the schemes was not really practical. In the present paper, we propose a new identification scheme, based on error-correcting codes, which is zero-knowledge and is of practical value. Furthermore, we describe several variants, including one which has an identity based character. The security of our scheme depends on the hardness of decoding a word of given syndrome w.r.t. some binary linear error-correcting code.

On the Use of Structured Codes in Code Based Cryptography

- N Sendrier
- S Nikova
- B Preneel
- L Storme

On the Use of Structured Codes in Code Based Cryptography

- sendrier