A CCA2 secure variant of the mceliece cryptosystem

Nico Dottling, Rafael Dowsley, Jörn Muller-Quade, Anderson C.A. Nascimento

Research output: Contribution to journalArticleResearchpeer-review

21 Citations (Scopus)


The McEliece public-key encryption scheme has become an interesting alternative to cryptosystems based on number-theoretical problems. Different from RSA and ElGamal, McEliece PKC is not known to be broken by a quantum computer. Moreover, even though McEliece PKC has a relatively big key size, encryption and decryption operations are rather efficient. In spite of all the recent results in coding-theory-based cryptosystems, to the date, there are no constructions secure against chosen ciphertext attacks in the standard modelthe de facto security notion for public-key cryptosystems. In this paper, we show the first construction of a McEliece-based public-key cryptosystem secure against chosen ciphertext attacks in the standard model. Our construction is inspired by a recently proposed technique by Rosen and Segev.

Original languageEnglish
Pages (from-to)6672-6680
Number of pages9
JournalIEEE Transactions on Information Theory
Issue number10
Publication statusPublished - Oct 2012
Externally publishedYes


  • CCA2 security
  • McEliece assumptions
  • public-key encryption
  • standard model

Cite this