Polynomial-Time Key Recovery Attack on the Lau-Tan Cryptosystem Based on Gabidulin Codes

12/31/2021

∙

This paper presents a key recovery attack on the cryptosystem proposed by Lau and Tan in a talk at ACISP 2018. The Lau-Tan cryptosystem uses Gabidulin codes as the underlying decodable code. To hide the algebraic structure of Gabidulin codes, the authors chose a matrix of column rank n to mix with a generator matrix of the secret Gabidulin code. The other part of the public key, however, reveals crucial information about the private key. Our analysis shows that the problem of recovering the private key can be reduced to solving a multivariate linear system over the base field, rather than solving a multivariate quadratic system as claimed by the authors. Solving the linear system for any nonzero solution permits us to recover the private key. Apparently, this attack costs polynomial time, and therefore completely breaks the cryptosystem.

READ FULL TEXT

Polynomial-Time Key Recovery Attack on the Lau-Tan Cryptosystem Based on Gabidulin Codes

Two modifications for Loidreau's code-based cryptosystem

Practical Algebraic Attack on DAGS

Polynomial time attack on high rate random alternant codes

A new approach based on quadratic forms to attack the McEliece cryptosystem

A structural attack to the DME-(3,2,q) cryptosystem

A New Lever Function with Adequate Indeterminacy

Multivariate Public Key Cryptosystem from Sidon Spaces

Polynomial-Time Key Recovery Attack on the Lau-Tan Cryptosystem Based on Gabidulin Codes

Related Research

Two modifications for Loidreau's code-based cryptosystem

Practical Algebraic Attack on DAGS

Polynomial time attack on high rate random alternant codes

A new approach based on quadratic forms to attack the McEliece cryptosystem

A structural attack to the DME-(3,2,q) cryptosystem

A New Lever Function with Adequate Indeterminacy

Multivariate Public Key Cryptosystem from Sidon Spaces