-
Bit-flip** Decoder Failure Rate Estimation for (v,w)-regular Codes
Authors:
Alessandro Annechini,
Alessandro Barenghi,
Gerardo Pelosi
Abstract:
Providing closed form estimates of the decoding failure rate of iterative decoder for low- and moderate-density parity check codes has attracted significant interest in the research community over the years. This interest has raised recently due to the use of iterative decoders in post-quantum cryptosystems, where the desired decoding failure rates are impossible to estimate via Monte Carlo simula…
▽ More
Providing closed form estimates of the decoding failure rate of iterative decoder for low- and moderate-density parity check codes has attracted significant interest in the research community over the years. This interest has raised recently due to the use of iterative decoders in post-quantum cryptosystems, where the desired decoding failure rates are impossible to estimate via Monte Carlo simulations. In this work, we propose a new technique to provide accurate estimates of the DFR of a two-iterations (parallel) bit flip** decoder, which is also employable for cryptographic purposes. In doing so, we successfully tackle the estimation of the bit flip** probabilities at the second decoder iteration, and provide a fitting estimate for the syndrome weight distribution at the first iteration. We numerically validate our results, providing comparisons of the modeled and simulated weight of the syndrome, incorrectly-guessed error bit distribution at the end of the first iteration, and two-iteration Decoding Failure Rates (DFR), both in the floor and waterfall regime for simulatable codes. Finally, we apply our method to estimate the DFR of LEDAcrypt parameters, showing improvements by factors larger than $2^{70}$ (for NIST category $1$) with respect to the previous estimation techniques. This allows for a $\approx 20$% shortening in public key and ciphertext sizes, at no security loss, making the smallest ciphertext for NIST category $1$ only $6$% larger than the one of BIKE. We note that the analyzed two-iterations decoder is applicable in BIKE, where swap** it with the current black-gray decoder (and adjusting the parameters) would provide strong IND-CCA$2$ guarantees.
△ Less
Submitted 7 February, 2024; v1 submitted 30 January, 2024;
originally announced January 2024.
-
A Code-specific Conservative Model for the Failure Rate of Bit-flip** Decoding of LDPC Codes with Cryptographic Applications
Authors:
Paolo Santini,
Alessandro Barenghi,
Gerardo Pelosi,
Marco Baldi,
Franco Chiaraluce
Abstract:
Characterizing the decoding failure rate of iteratively decoded Low- and Moderate-Density Parity Check (LDPC/MDPC) codes is paramount to build cryptosystems based on them, able to achieve indistinguishability under adaptive chosen ciphertext attacks. In this paper, we provide a statistical worst-case analysis of our proposed iterative decoder obtained through a simple modification of the classic i…
▽ More
Characterizing the decoding failure rate of iteratively decoded Low- and Moderate-Density Parity Check (LDPC/MDPC) codes is paramount to build cryptosystems based on them, able to achieve indistinguishability under adaptive chosen ciphertext attacks. In this paper, we provide a statistical worst-case analysis of our proposed iterative decoder obtained through a simple modification of the classic in-place bit-flip** decoder. This worst case analysis allows both to derive the worst-case behaviour of an LDPC/MDPC code picked among the family with the same length, rate and number of parity checks, and a code-specific bound on the decoding failure rate. The former result allows us to build a code-based cryptosystem enjoying the $δ$-correctness property required by IND-CCA2 constructions, while the latter result allows us to discard code instances which may have a decoding failure rate significantly different from the average one (i.e., representing weak keys), should they be picked during the key generation procedure.
△ Less
Submitted 11 December, 2019;
originally announced December 2019.
-
Systematic Parsing of X.509: Eradicating Security Issues with a Parse Tree
Authors:
Alessandro Barenghi,
Nicholas Mainardi,
Gerardo Pelosi
Abstract:
X.509 certificate parsing and validation is a critical task which has shown consistent lack of effectiveness, with practical attacks being reported with a steady rate during the last 10 years. In this work we analyze the X.509 standard and provide a grammar description of it amenable to the automated generation of a parser with strong termination guarantees, providing unambiguous input parsing. We…
▽ More
X.509 certificate parsing and validation is a critical task which has shown consistent lack of effectiveness, with practical attacks being reported with a steady rate during the last 10 years. In this work we analyze the X.509 standard and provide a grammar description of it amenable to the automated generation of a parser with strong termination guarantees, providing unambiguous input parsing. We report the results of analyzing a 11M X.509 certificate dump of the HTTPS servers running on the entire IPv4 space, showing that 21.5% of the certificates in use are syntactically invalid. We compare the results of our parsing against 7 widely used TLS libraries showing that 631k to 1,156k syntactically incorrect certificates are deemed valid by them (5.7%--10.5%), including instances with security critical mis-parsings. We prove the criticality of such mis-parsing exploiting one of the syntactic flaws found in existing certificates to perform an impersonation attack.
△ Less
Submitted 12 December, 2018;
originally announced December 2018.
-
Design and Implementation of a Digital Signature Scheme Based on Low-density Generator Matrix Codes
Authors:
Marco Baldi,
Alessandro Barenghi,
Franco Chiaraluce,
Gerardo Pelosi,
Joachim Rosenthal,
Paolo Santini,
Davide Schipani
Abstract:
In this paper we consider a post-quantum digital signature scheme based on low-density generator matrix codes and propose efficient algorithmic solutions for its implementation. We also review all known attacks against this scheme and derive closed-form estimates of their complexity when running over both classical and quantum computers. Based on these estimates, we propose new parametrization for…
▽ More
In this paper we consider a post-quantum digital signature scheme based on low-density generator matrix codes and propose efficient algorithmic solutions for its implementation. We also review all known attacks against this scheme and derive closed-form estimates of their complexity when running over both classical and quantum computers. Based on these estimates, we propose new parametrization for the considered system to achieve given pre-quantum and post-quantum security levels. Finally, we provide and discuss performance benchmarks obtained through a suitably developed and publicly available reference implementation of the considered system.
△ Less
Submitted 16 July, 2018;
originally announced July 2018.
-
LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes
Authors:
Marco Baldi,
Alessandro Barenghi,
Franco Chiaraluce,
Gerardo Pelosi,
Paolo Santini
Abstract:
This work presents a new code-based key encapsulation mechanism (KEM) called LEDAkem. It is built on the Niederreiter cryptosystem and relies on quasi-cyclic low-density parity-check codes as secret codes, providing high decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known statistical attacks, and takes advantage of a new decoding algorithm that provides faster decoding…
▽ More
This work presents a new code-based key encapsulation mechanism (KEM) called LEDAkem. It is built on the Niederreiter cryptosystem and relies on quasi-cyclic low-density parity-check codes as secret codes, providing high decoding speeds and compact keypairs. LEDAkem uses ephemeral keys to foil known statistical attacks, and takes advantage of a new decoding algorithm that provides faster decoding than the classical bit-flip** decoder commonly adopted in this kind of systems. The main attacks against LEDAkem are investigated, taking into account quantum speedups. Some instances of LEDAkem are designed to achieve different security levels against classical and quantum computers. Some performance figures obtained through an efficient C99 implementation of LEDAkem are provided.
△ Less
Submitted 26 January, 2018;
originally announced January 2018.
