Bibliographic Details
| Title: |
Method and Apparatus for Error Correcting Code Based Public Key Encryption Schemes |
| Document Number: |
20170104590 |
| Publication Date: |
April 13, 2017 |
| Appl. No: |
15/270824 |
| Application Filed: |
September 20, 2016 |
| Abstract: |
This invention discloses a method and system for generating a private key and a corresponding public key. These keys can be used for encrypting a message into a ciphertext for transmission through an insecure communication channel, and for decrypting said ciphertext into a clear plaintext. The goal of the present invention is to provide encryption and decryption methods of the McEliece type which are capable of improving the security level of a post-quantum cryptosystem. In one embodiment, this object is achieved by three methods: a method for creating a public key from a private linear code generator matrix, a method for encrypting a message into a ciphertext and a method for decrypting the ciphertext into a plaintext. The key generation and encryption methods of the present invention comprises the following steps: selecting an [n, k] linear code generator matrix Gs=[g0, . . . , gn] over GF(q) as the private key, where k, r, n and q are positive integers and where g0, . . . , gn−1 are length k column vectors; selecting k×r random matrices C0, . . . , Cn−1; selecting a k×k non-singular matrix S; selecting an n(r+1)×n(r+1) matrix A; selecting an n(r+1)×n(r+1) permutation matrix P; and setting the public key as G=S[g0, C0, . . . , gn−1, Cn−1]AP. receiving a public key G, which is a k×n(r+1) matrix over a finite field GF(q); generating an error vector e having elements in GF(q) and having a predetermined weight t; and encrypting a message vector m to a ciphertext vector y=mG+e. The main difference between the proposed cryptosystem and known variants of the McEliece cryptosystem consists in the way the private generator matrix is disguised into the public one by inserting and mixing random columns within the private generator matrix. |
| Claim: |
1. A method for generating a public key G and for generating a private key K from an error correcting code generator matrix Gs, the method comprising: a) obtaining said k×n generator matrix Gs for an [n, k, d] linear code over a finite field GF(q), wherein n, k, d, q are positive integers; b) obtaining a k×n(r+1) matrix G1 by inserting rn random columns into said matrix Gs, wherein r is a positive integer; c) selecting a random k×k non-singular matrix S; d) selecting a random n(r+1)×n(r+1) non-singular matrix A; e) selecting a random n(r+1)×n(r+1) permutation matrix P; f) computing said public key G=SG1AP; and g) obtaining said private key K=(S, Gs, A, P). |
| Claim: |
2. The method of claim 1 wherein computing said k×n(r+1) matrix G1 comprises: a) obtaining matrix columns g0, . . . , gn−1 from said generator matrix Gs; b) selecting random k×r matrices C0, C1, . . . , Cn−1 where C0, C1, . . . , Cn−1 have elements in GF(q); and c) obtaining said k×n(r+1) matrix G1=[g0, C0, g1, C1, . . . , gn−1, Cn−1]. |
| Claim: |
3. The method of claim 1 wherein selecting said non-singular matrix A comprises: a) selecting random (r+1)×(r+1) matrices A0, A1, . . . , An−1 where A0, A1, . . . , An−1 have elements in GF(q); and b) obtaining said n(r+1)×n(r+1) matrix [mathematical expression included] |
| Claim: |
4. The method of claim 3 wherein said k×n(r+1) matrix G1 is computed according to the method of claim 2. |
| Claim: |
5. A method for transmitting a message vector m between a sender and a receiver securely, the method comprising: a) at the receiver: obtaining a k×n generator matrix Gs for an [n, k, d] linear code over a finite field GF(q), wherein n, k, d, q, t are positive integers, and wherein a linear code generated by said generator matrix Gs corrects at least t errors; calculating a k×n(r+1) public key matrix G using said Gs; sending said public key matrix G to said sender; and obtaining a private key K from said Gs; b) at the sender: obtaining said integer n; obtaining said integer k, obtaining said integer d; obtaining said finite field GF(q); obtaining said message encryption public key G from said receiver; obtaining said message vector m having elements in GF(q); generating an error vector e where e has elements in GF(q), and where e has a predetermined weight t; computing a ciphertext vector y=mG+e; and sending said ciphertext vector y to the receiver; c) at the receiver: obtaining said ciphertext vector y from the sender; computing an inverse P−1 of said permutation matrix P; computing an inverse A−1 of said non-singular matrix A; computing an inverse S−1 of said non-singular matrix S; computing a vector yP−1 A−1 having a length n(r+1); selecting a sub-vector y′ of said vector yP−1 A−1, where y′ has a length n; using said private generator matrix Gs to decode said sub-vector y′ into a vector m′, where m′ has a length k; computing said plaintext message m=m'S−1; and checking a validity of said message m. |
| Claim: |
6. The method of claim 5 wherein said public key G and wherein said private key K are generated according to the method of claim 4. |
| Claim: |
7. The method of claim 6 wherein selecting said sub-vector y′ comprises: a) obtaining elements y′0, . . . , y′n(r+1)−1 of said vector yP−1 A−1; and b) setting said sub-vector y′=[y0, y′r+1, . . . , y′(n−1)(r+1)]. |
| Claim: |
8. The method of claim 7 wherein checking said validity of said message m comprises: a) computing a Hamming weight w=weight(y−mG); and b) accepting said message m if w≦t. |
| Claim: |
9. The method of claim 8 wherein generating said error vector e comprises: a) computing a message authentication tag e′=H(m) wherein H is a message authentication code algorithm; and b) computing said error vector e from said message authentication tag e′. |
| Claim: |
10. The method of claim 8 wherein generating said error vector e comprises: a) selecting a second private message m′; and b) computing said error vector e from said second message m′. |
| Claim: |
11. The method of claim 10 wherein recovering said second message m′ from said ciphertext y comprises: a) computing said first message m using the method of claim 5; b) computing said error vector e=y−mG; and c) computing said second message m′ from said error vector e. |
| Current International Class: |
04; 03; 04 |
| Accession Number: |
edspap.20170104590 |
| Database: |
USPTO Patent Applications |