Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Minrank-based Encryption Scheme à la Alekhnovich-Regev

Thomas Debris-Alazard, Philippe Gaborit, Romaric Neveu, Olivier Ruatta

TL;DR

The paper introduces MinRankPKE, a public-key encryption scheme built in the Alekhnovich–Regev framework whose security rests on stationary-$\mathsf{MinRank}$, a variant of MinRank with correlated errors across multiple instances. It proves a search-to-decision reduction that ties security to decisional stationary-$\mathsf{MinRank}$, and shows that attacks reduce to solving MinRank-like instances, implying security close to decoding a random matrix code. To enhance practicality, the scheme uses Gabidulin codes to enable multi-bit encryption and a single larger public-key, achieving concrete parameter sets with PK and ciphertext sizes on the order of tens of kilobytes and competitive runtimes. The work also develops a detailed hardness landscape, including MSL and stationary-$\mathsf{MinRank}$ formulations, and positions the scheme as a useful, structure-aware addition to the code-based post-quantum crypto family with future directions for efficiency and potential structured variants.

Abstract

Introduced in 2003 and 2005, Alekhnovich and Regev' schemes were the first public-key encryptions whose security is only based on the average hardness of decoding random linear codes and LWE, without other security assumptions. Such security guarantees made them very popular, being at the origin of the now standardized HQC or Kyber. We present an adaptation of Alekhnovich and Regev' encryption scheme whose security is only based on the hardness of a slight variation of MinRank, the so-called stationary-MinRank problem. We succeeded to reach this strong security guarantee by showing that stationary-MinRank benefits from a search-to-decision reduction. Our scheme therefore brings a partial answer to the long-standing open question of building an encryption scheme whose security relies solely on the hardness of MinRank. Finally, we show after a thoroughly security analysis that our scheme is practical and competitive with other encryption schemes admitting such strong security guarantees. Our scheme is slightly less efficient than FrodoKEM, but much more efficient than Alekhnovich and Regev' original schemes, with possibilities of improvements by considering more structure, in the same way as HQC and Kyber.

A Minrank-based Encryption Scheme à la Alekhnovich-Regev

TL;DR

The paper introduces MinRankPKE, a public-key encryption scheme built in the Alekhnovich–Regev framework whose security rests on stationary-, a variant of MinRank with correlated errors across multiple instances. It proves a search-to-decision reduction that ties security to decisional stationary-, and shows that attacks reduce to solving MinRank-like instances, implying security close to decoding a random matrix code. To enhance practicality, the scheme uses Gabidulin codes to enable multi-bit encryption and a single larger public-key, achieving concrete parameter sets with PK and ciphertext sizes on the order of tens of kilobytes and competitive runtimes. The work also develops a detailed hardness landscape, including MSL and stationary- formulations, and positions the scheme as a useful, structure-aware addition to the code-based post-quantum crypto family with future directions for efficiency and potential structured variants.

Abstract

Introduced in 2003 and 2005, Alekhnovich and Regev' schemes were the first public-key encryptions whose security is only based on the average hardness of decoding random linear codes and LWE, without other security assumptions. Such security guarantees made them very popular, being at the origin of the now standardized HQC or Kyber. We present an adaptation of Alekhnovich and Regev' encryption scheme whose security is only based on the hardness of a slight variation of MinRank, the so-called stationary-MinRank problem. We succeeded to reach this strong security guarantee by showing that stationary-MinRank benefits from a search-to-decision reduction. Our scheme therefore brings a partial answer to the long-standing open question of building an encryption scheme whose security relies solely on the hardness of MinRank. Finally, we show after a thoroughly security analysis that our scheme is practical and competitive with other encryption schemes admitting such strong security guarantees. Our scheme is slightly less efficient than FrodoKEM, but much more efficient than Alekhnovich and Regev' original schemes, with possibilities of improvements by considering more structure, in the same way as HQC and Kyber.

Paper Structure

This paper contains 17 sections, 18 theorems, 82 equations, 3 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Notation and Matrix Codes Background
  3. $\mathsf{MinRank}$-based Encryption à la Alekhnovich-Regev
  4. MinRankPKE
  5. Algorithmic hardness of $\mathsf{MinRank}$ Support Learning and stationary-$\mathsf{MinRank}$
  6. A general approach for the $\mathsf{MSL}$ problem
  7. Combinatorial attacks
  8. Algebraic attacks
  9. Support Minors.
  10. Minors
  11. Attacking the stationary-$\mathsf{MinRank}$ problem
  12. Relations between the problems
  13. Parameters
  14. Sizes and performances of the scheme
  15. Comparison with other encryption schemes
  16. ...and 2 more sections

Key Result

Theorem 1

Let $\ell_1$ matrices $\mathbf{E}_{i}$'s such that their columns span the same space of small dimension $r$, and let $\ell_2$ matrices $\mathbf{F}_{j}$'s such that their rows span the same space of small dimension $d$. Then, the matrix composed of all the $\ell_1 \times \ell_2$ inner products $\lang

Figures (3)

  • Figure 1: Our first $\mathsf{MinRank}$-based public-key encryption scheme.
  • Figure 2: The $\mathrm{MinRankPKE}$ encryption scheme
  • Figure 3: The notation $\mathsf{A} \rightarrow \mathsf{B}$ indicates that problem $\mathsf{A}$ reduces to problem $\mathsf{B}$. In other words, solving the problem $\mathsf{B}$ leads to a solution of the problem $\mathsf{A}$. A dashed arrow $\dashrightarrow$ means there is a change of parameters in the reduction, making it impractical for a large set of parameters. Finally, what we mean by "same parameters for $\mathsf{MinRank}$" is that when stationary-$\mathsf{MinRank}$ is outside the parameters for which a reduction to $\mathsf{MSL}$ is possible, there is at the moment no better way than to attack only one of the $\mathsf{MinRank}$ instances.

Theorems & Definitions (48)

  • Theorem 1: Informal
  • Definition 1: $\mathsf{MinRank}$, primal representation
  • Remark 1
  • Definition 2: $\mathsf{MinRank}$, dual representation
  • Theorem 2
  • proof
  • Proposition 1: Correctness of decryption
  • proof
  • Definition 3: stationary-$\mathsf{MinRank}$
  • Remark 2
  • ...and 38 more