Code-Based Cryptography: 10th International Workshop, CBCrypto 2022, Trondheim, Norway, May 29–30, 2022, Revised Selected Papers

Preface
Organization
Contents
Distinguishing and Recovering Generalized Linearized Reed–Solomon Codes
1 Introduction
2 Preliminaries
2.1 The Sum-Rank Metric
2.2 Automorphisms, Derivations, and Conjugacy
2.3 Isometries in the Sum-Rank Metric
2.4 Skew Polynomials
2.5 (Generalized) Linearized Reed–Solomon Codes
3 Problem Statement
4 Distinguishers for GLRS Codes
4.1 A Square-Code Distinguisher
4.2 An Overbeck-Like Distinguisher
5 Recovery of a Canonical Generator Matrix
5.1 Square-Code Approach
5.2 Overbeck-Like Approach
6 Conclusion
References
Verifying Classic McEliece: Examining the Role of Formal Methods in Post-Quantum Cryptography Standardisation
1 Introduction
1.1 Related Work
1.2 Our Contributions Towards Classic McEliece Implementation Verification
2 Our Toolchain and Its Target
3 Verifying Classic McEliece with SAW/Cryptol
3.1 Verification Details
4 Verifying Aspects of Classic McEliece with Lean
5 Conclusions and Perspectives
5.1 Recommendations
5.2 Future Work Using Similar Approaches
References
Key-Recovery Fault Injection Attack on the Classic McEliece KEM
1 Introduction
2 Classic McEliece KEM
2.1 Key Generation
2.2 Encapsulation
2.3 Decapsulation
2.4 Implementation
3 Key-Recovery Attack
3.1 Fault Model
3.2 Fault Attack on the Validity Checks (VCB)
3.3 Fault Attack on the ELP Coefficients
3.4 Computing Alternative Secret Keys
4 Fault Attack Implementation and Simulation
4.1 Key-Recovery Simulation
4.2 De-hashing: Obtaining the Faulty Error Vector from Hash Output
4.3 Simulation at Register Transfer Level
5 Summary
A Appendix
A.1 Classic McEliece KEM Algorithms and Parameters
References
Towards Automating Cryptographic Hardware Implementations: A Case Study of HQC
1 Introduction
1.1 Design Artifacts
1.2 Outline of the Paper
2 Preliminaries and Background
2.1 Notations
2.2 Background on HQC
3 HLS Design Implementation of the HQC
3.1 HLS Implementation: Basics
3.2 Methodology and Implementation
4 Results and Comparisons
4.1 Target Settings
4.2 Synthesis Results
4.3 Modular Comparisons Among Different Versions
4.4 Comparisons with Software Implementations
4.5 Comparison with State-of-art Hardware Implementations
5 Conclusions
References
Software Implementation of a Code-Based Key Encapsulation Mechanism from Binary QD Generalized Srivastava Codes
1 Introduction
2 Prerequisites
2.1 Notations
2.2 Coding Theory
2.3 Key Encapsulation Mechanism
3 KEM from Binary QD-GS Codes
3.1 Description
3.2 Security Analysis
4 Efficient Implementation
4.1 Implementation Details
4.2 Results
5 Conclusion
References
On Decoding High-Order Interleaved Sum-Rank-Metric Codes
1 Introduction
2 Preliminaries
2.1 Sum-Rank-Metric Codes
2.2 Interleaved Sum-Rank-Metric Codes and Channel Model
3 Decoding of High-Order Interleaved Sum-Rank-Metric Codes
3.1 The Error Support
3.2 Recovering the Error Support
3.3 A Metzner–Kapturowski-Like Decoding Algorithm
4 Implications for Decoding High-Order Interleaved Skew-Metric Codes
5 Comparison of Metzner-Kapturowski-Like Decoders in the Hamming, Rank and Sum-Rank Metric
6 Conclusion
References
Information Set Decoding for Lee-Metric Codes Using Restricted Balls
1 Introduction
2 Preliminaries
3 Distribution of a Random Lee Vector
4 Restricted-Balls Algorithm
4.1 Decoding up to the Minimum Lee Distance
4.2 Decoding Beyond the Minimum Distance
5 Comparison
Appendix A Asymptotics
Appendix A.1 Asymptotics of Lee Spheres
Appendix B Proofs of Lemma 4 and 7
References
Cryptanalysis of Ivanov–Krouk–Zyablov Cryptosystem
1 Introduction
2 Preliminaries
2.1 m–block Codes
2.2 Subfield Images of Codes
2.3 Generalized Reed–Solomon Codes
3 Ivanov–Krouk–Zyablov Cryptosystem
3.1 Protocol Description
3.2 Message–Recovery Attack
4 Direct Key–Recovery Attack
4.1 Case of Even k
4.2 Case of Odd k
5 Twisted Squares–Based Attack
5.1 Recovering the Support x
5.2 Recovering the Matrix Q
6 Conclusion
References
Author Index