26 Post Quantum Crypto for Dummies m = 01101100 c m encode = 10011001001 r = 10010001011 transmit = 01101100 decode errors Figure 3.1: Example for error correction on an unreliable channel. The error-correcting code enables the receiver to correct a certain number of bit-errors during decoding. considered secure. Lattice-based schemes were introduced in the end of the 1990s 1. Recently there have been advances in classical cryptanalysis of hash-based schemes. Therefore, the understanding and trust in lattice-based schemes is growing rapidly. Cryptography based on elliptic-curve isogenies was proposed in 2006 52 and refined using supersingular curves in 2011 38. This approach has some distinct features that are interesting for the implementation of efficient key-exchange protocols. However, it is the most juvenile family of post-quantum cryptography and not yet deeply understood and not considered ready for practical application. Code-based Cryptography The basic idea of code-based public-key encryption is to use error-correcting codes in order to hide the contents of a message during transmission. Traditionally, error-correction codes are used to detect and correct bit errors when messages are transmitted over an unreliable channel. The code can be chosen to fulfill the requirements of the channel; in particular the number t of correctable bit errors can be determined. First, the message ⃗ �� is converted into a code word ⃗�� of the respective code (see Figure 3.1). This adds redundancy, i.e., the code word is longer than the message. Then ⃗�� is transmitted over the channel. During transmission several bits of ⃗�� might be flipped, the receiver does not receive but = where is an error vector of some weight w �� ⃗�� ⃗�� ⃗⊕ �� ⃗�� ⃗(w bits in are 1, the other bits are 0). Now, the receiver maps to the �� ⃗�� ⃗closest code word ′ ⃗ in the code. If the number of errors in is smaller ���� ⃗��′ is than the number of errors that can be corrected, i.e., �� ≤ �� , then ⃗ equal to the original code word (otherwise decoding fails). Finally, the �� ⃗receiver applies the inverse of the encoding operation to ′ ⃗ and obtains ��the original message ⃗ ��.
PQC_for_Dummies
To see the actual publication please follow the link above