mce_qd: add a security warning

2015-10-31 10:00:10 +01:00 · 2015-10-31 10:00:10 +01:00 · a2c1c3992d
parent 67192f621e
commit a2c1c3992d
1 changed files with 44 additions and 24 deletions
--- a/src/mce_qd.cpp
+++ b/src/mce_qd.cpp
@ -22,12 +22,26 @@ using namespace mce_qd;

 #include "decoding.h"
 #include "qd_utils.h"
+#include "iohelpers.h"

 #include <set>

+static void print_attack_warning()
+{
+	bool printed = false;
+	if (printed) return;
+	err ("\n***MCEQD SECURITY WARNING***\n\n"
+	     "Security of the QD-McEliece variant was greatly reduced to less than 2^50\n"
+	     "by an algebraic attack! The functions are kept only for compatibility.\n"
+	     "Be sure to use another encryption variant instead.");
+	printed = true;
+}
+
 int mce_qd::generate (pubkey&pub, privkey&priv, prng&rng,
                      uint m, uint T, uint block_count, uint block_discard)
 {
+	print_attack_warning();
+
 	//convenience
 	gf2m&fld = priv.fld;
 	std::vector<uint>&essence = priv.essence;
@ -201,6 +215,8 @@ int mce_qd::generate (pubkey&pub, privkey&priv, prng&rng,

 int privkey::prepare()
 {
+	print_attack_warning();
+
 	uint s, i, j;
 	std::vector<uint> Hsig, support;
 	uint omega;
@ -342,6 +358,8 @@ int pubkey::encrypt (const bvector& in, bvector&out, prng&rng)

 int pubkey::encrypt (const bvector & in, bvector & out, const bvector&errors)
 {
+	print_attack_warning();
+
 	uint t = 1 << T;
 	bvector p, g, r, cksum;
 	uint i, j;
@ -399,6 +417,8 @@ int privkey::decrypt (const bvector & in, bvector & out)

 int privkey::decrypt (const bvector & in, bvector & out, bvector & errors)
 {
+	print_attack_warning();
+
 	if (in.size() != cipher_size()) return 2;
 	polynomial synd;
 	uint i, tmp;