Security Assessment of the LG Cryptosystem

Étienne Burle,Hervé Talé Kalachi,Freddy Lende Metouke,Ayoub Otmani
2024-04-10
Abstract:The LG cryptosystem is a public-key encryption scheme in the rank metric using the recent family of $\lambdav-$Gabidulin codes and introduced in 2019 by Lau and Tan. In this paper, we present a cryptanalysis showing that the security of several parameters of the scheme have been overestimated. We also show the existence of some weak keys allowing an attacker to find in polynomial time an alternative private key.
Cryptography and Security
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is to evaluate and analyze the security of the LG public - key encryption scheme. Specifically, the author solves the problem in the following aspects: 1. **Propose a new structural attack**: The author shows that the security of certain parameters in the LG encryption system has been overestimated and proposes a new structural attack method. Although the complexity of this attack is not polynomial - time, its results show the vulnerability of the LG encryption system under certain parameters. 2. **Reveal the existence of weak keys**: The author discovers some weak keys that exist in certain situations. These weak keys allow an attacker to find an alternative private key in polynomial - time. This further indicates the potential security problems of the LG encryption system under specific parameter settings. 3. **Improve existing attack methods**: Through in - depth analysis of the structure and properties of the LG encryption system, the author improves the existing attack methods, especially for the encryption scheme based on λ - Gabidulin codes. ### Main contributions - **New attack method**: The author uses the structural characteristics of Gabidulin codes to propose a new structural attack method. Although the complexity of this attack is not polynomial - time, it reveals the vulnerability of the LG encryption system under certain parameter settings. - **Weak key analysis**: The author proves that when the order \( m \) of the extension field is not a prime number, the selection of certain secret parameters may lead to polynomial - time attacks. Specifically, if \( \gamma \) belongs to a proper sub - field \( F_{q^\ell} \), the weak keys can be identified by detecting the dimension of \( C_{\text{pub}}+C_{\text{pub}}[\ell] \). - **Parameter selection suggestions**: Based on the above analysis, the author provides guidance for the future design and selection of parameters in the LG encryption system, emphasizing the need to consider these new attack methods to ensure the security of the system. ### Conclusion The paper evaluates the security of the LG encryption system through two research methods (structural attack and weak key analysis). The first method, although with high complexity, reveals the problem that the security of certain parameters has been overestimated; the second method shows the possibility of the existence of weak keys under specific conditions, which leads to polynomial - time attacks. These findings are helpful for the future improvement and optimization of this type of encryption system. ### Formula representation To show the relevant formulas more clearly, the following are some key formulas involved in the paper: 1. **Generator matrix \( G_\lambda \)**: \[ G_\lambda = G\Delta \] where \( \Delta \) is a diagonal matrix satisfying \( \Delta_{i,i}=\lambda_i \), and \( G \) is defined as: \[ G = \begin{pmatrix} g_1 & \cdots & g_n \\ g^{[1]}_1 & \cdots & g^{[1]}_n \\ \vdots & \ddots & \vdots \\ g^{[k - 1]}_1 & \cdots & g^{[k - 1]}_n \end{pmatrix} \] 2. **Public matrix \( G_{\text{pub}} \)**: \[ G_{\text{pub}} = SGQ^{-1} \] where \( G \) is the generator matrix of Gabidulin codes, and the elements of \( Q \) belong to \( V=\langle 1,\gamma^{- 2},\gamma^{2}\rangle_{F_q} \). 3. **System of linear equations (3)**: \[ \sum_{i = 1}^n g_{\text{pub},a,i}\left(\sum_{j = 1}^m\left(\sum_{\ell = 1}^r x_{i,j,\ell}f_\ell\right)h^{[b]}_{0,j}\right)