|
|
|
|
|
|
by honzaik
494 days ago
|
|
|
afaik the "right kind of code" does a lot of heavy lifting for practical implementations, such as Classical McEliece. correct me if I am wrong as I havent spent much time looking into it, but the security analysis essentially says "we assume the Goppa code is indistinguishable from a random code so the best attack is to do generic decoding for a random code (NP-hard problem)". but there is no reduction to some NP-hard problem that Goppa code (the specific code used in Classical McEliece) is indistinguishable. the assumption is reasonable as nobody has been able to find a distinguisher for decades. also, if a distinguisher exists, it also doesn't translate into a direct attack against the system, it just means you cannot rule out "structural attacks" and jump to NP-hard problem. |
|
|
(And this is even with the simplification that polytime = practical and not-polytime = infeasible.)