. Permet-de-connaître, Tandis que dans ce cas, nous voulons calculer le nombre de mots de poids minimal dans P j (C(i)) pour chaque couple de positions (i, j) Nous avons donc dû utiliser une procédure probabiliste basée sur le problème du collectionneur de coupons (ou coupon collector problem) : la recherche de mots de poids minimal n'est arrêtée qu'à partir du moment où nous avons trouvé N mots de poids minimal et que chaque mot apparaît environ ? ln N fois (avec ? 1). Pour s'assurer d'avoir une bonne probabilité d'obtenir tous les mots de poids minimal, nous avons choisi d'utiliser cette approche avec ? = 3. Afin d'accélérer la recherche de ces mots de poids minimal

. En, nécessite environ 227 heures de calcul, tandis que le coût total de l'attaque est d'environ 280 heures. Cependant, nous avons de bonnes raisons de penser que le

M. Alekhnovich, More on Average Case vs Approximation Complexity, computational complexity, vol.64, issue.6, pp.755-786, 2011.
DOI : 10.1016/S0020-0190(97)00190-7

E. Arikan, Channel Polarization: A Method for Constructing Capacity-Achieving Codes for Symmetric Binary-Input Memoryless Channels, IEEE Transactions on Information Theory, vol.55, issue.7, pp.3051-3073, 2009.
DOI : 10.1109/TIT.2009.2021379

URL : http://arxiv.org/pdf/0807.3917

M. Baldi, M. Bodrato, and F. Chiaraluce, A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes, Proceedings of the 6th international conference on Security and Cryptography for Networks, SCN '08, pp.246-262, 2008.
DOI : 10.1007/978-3-540-85855-3_17

M. Baldi and F. Chiaraluce, Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC Codes, 2007 IEEE International Symposium on Information Theory, pp.2591-2595, 2007.
DOI : 10.1109/ISIT.2007.4557609

M. Bardet, J. Chaulet, V. Dragoi, A. Otmani, and J. Tillich, Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes, Post- Quantum Cryptography 2016, pp.118-143, 2016.
DOI : 10.1007/978-3-319-29360-8_9

URL : https://hal.archives-ouvertes.fr/hal-01240856

M. Baldi, F. Chiaraluce, and R. Garello, On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem, 2006 First International Conference on Communications and Electronics, pp.305-310, 2006.
DOI : 10.1109/CCE.2006.350824

M. Baldi, F. Chiaraluce, R. Garello, and F. Mininni, Quasi-cyclic low-density parity-check codes in the McEliece cryptosystem, Communications, 2007. ICC '07. IEEE International Conference on, pp.951-956, 2007.

P. Thierry, P. Berger, P. Cayrel, A. Gaborit, and . Otmani, Reducing key length of the McEliece cryptosystem, Progress in Cryptology -AFRICACRYPT 2009, pp.77-97, 2009.

D. J. Bernstein, T. Chou, and P. Schwabe, Mcbits : Fast constant-time codebased cryptography, Cryptographic Hardware and Embedded Systems -CHES 2013, pp.250-272
DOI : 10.1007/978-3-642-40349-1_15

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Bardet, V. Dragoi, A. Otmani, and J. Tillich, Algebraic properties of polar codes from a new polynomial formalism, 2016 IEEE International Symposium on Information Theory (ISIT), pp.230-234, 2016.
DOI : 10.1109/ISIT.2016.7541295

URL : https://hal.archives-ouvertes.fr/hal-01410210

J. Daniel and . Bernstein, Grover vs. McEliece, Lecture Notes in Comput. Sci, vol.6061, pp.73-80

A. Becker, A. Joux, A. May, and A. Meurer, Decoding Random Binary Linear Codes in 2 n/20: How 1???+???1???=???0 Improves Information Set Decoding, Advances in Cryptology -EUROCRYPT 2012, Lecture Notes in Comput. Sci, 2012.
DOI : 10.1007/978-3-642-29011-4_31

E. Berlekamp, R. Mceliece, and H. Van-tilborg, On the inherent intractability of certain coding problems (Corresp.), IEEE Transactions on Information Theory, vol.24, issue.3, pp.384-386, 1978.
DOI : 10.1109/TIT.1978.1055873

M. Bellare and P. Rogaway, Optimal asymetric encryption, Advances in Cryptology -EUROCRYPT '94, pp.92-111

C. Chen, T. Eisenbarth, R. Ingo-von-maurich, and . Steinwandt, Differential Power Analysis of a McEliece Cryptosystem, Applied Cryptography and Network Security -13th International Conference, ACNS 2015, pp.538-556, 2015.
DOI : 10.1007/978-3-319-28166-7_26

T. Chou, QcBits: Constant-Time Small-Key Code-Based Cryptography, Cryptographic Hardware and Embedded Systems -CHES 2016 -18th International Conference Proceedings, pp.280-300, 2016.
DOI : 10.1007/978-3-319-21476-4_10

A. Couvreur, I. Márquez-corbella, and R. Pellikaan, A polynomial time attack against algebraic geometry code based public key cryptosystems, 2014 IEEE International Symposium on Information Theory, pp.1446-1450, 2014.
DOI : 10.1109/ISIT.2014.6875072

URL : https://hal.archives-ouvertes.fr/hal-00937476

A. Canteaut and N. Sendrier, Cryptanalysis of the Original McEliece Cryptosystem, Advances in Cryptology -ASIACRYPT 1998, pp.187-199, 1998.
DOI : 10.1007/3-540-49649-1_16

J. Chaulet and N. Sendrier, Worst case QC-MDPC decoder for McEliece cryptosystem, 2016 IEEE International Symposium on Information Theory (ISIT), pp.1366-1370, 2016.
DOI : 10.1109/ISIT.2016.7541522

URL : https://hal.archives-ouvertes.fr/hal-01408633

M. Thomas, J. A. Cover, and . Thomas, Information Theory, 1991.
URL : https://hal.archives-ouvertes.fr/hal-00756546

[. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Dumer, On minimum distance decoding of linear codes, Proc. 5th Joint Soviet- Swedish Int. Workshop Inform. Theory, pp.50-52, 1991.

V. Jean-charles-faugère, A. Gauthier, L. Otmani, J. Perret, and . Tillich, A distinguisher for high rate McEliece cryptosystems, Proc. IEEE Inf, pp.282-286, 2011.

P. Fouque and G. Leurent, Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes, Proceedings, pp.19-35, 2008.
DOI : 10.1007/978-3-540-79263-5_2

URL : https://hal.archives-ouvertes.fr/inria-00556689

[. Faure and L. Minder, Cryptanalysis of the McEliece cryptosystem over hyperelliptic curves, Proceedings of the eleventh International Workshop on Algebraic and Combinatorial Coding Theory, pp.99-107, 2008.

E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern, RSA-OAEP Is Secure under the RSA Assumption, Journal of Cryptology, vol.17, issue.2, pp.81-104, 2004.
DOI : 10.1007/s00145-002-0204-y

J. Faugère, A. Otmani, L. Perret, and J. Tillich, Algebraic Cryptanalysis of McEliece Variants with Compact Keys, Advances in Cryptology - EUROCRYPT 2010, pp.279-298, 2010.
DOI : 10.1007/978-3-642-13190-5_14

P. Gaborit, Shorter keys for code based cryptography, Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), pp.81-91, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00078726

R. G. Gallager, Low Density Parity Check Codes. M.I, 1963.

[. Guo, T. Johansson, and P. Stankovski, A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors, IACR Cryptology ePrint Archive, vol.60, issue.1, p.858, 2016.
DOI : 10.1109/SFCS.1994.365700

K. Lov and . Grover, A fast quantum mechanical algorithm for database search, Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC '96, pp.212-219, 1996.

[. Hooshmand, . Shooshtari, M. Eghlidos, and . Aref, Reducing the key length of mceliece cryptosystem using polar codes, 2014 11th International ISC Conference on Information Security and Cryptology, pp.104-108, 2014.
DOI : 10.1109/ISCISC.2014.6994031

S. Heyse, T. Ingo-von-maurich, and . Güneysu, Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices, Cryptographic Hardware and Embedded Systems -CHES 2013, pp.273-292
DOI : 10.1007/978-3-642-40349-1_16

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Abdulrahman and . Jabri, A statistical decoding algorithm for general linear block codes, Proceedings of the 8 th IMA International Conference, pp.1-8, 2001.

H. Janwa and O. Moreno, McEliece public key cryptosystems using algebraicgeometric codes, Designs, Codes and Cryptography, vol.8, issue.3, pp.293-307, 1996.
DOI : 10.1023/A:1027351723034

G. Kachigar, Étude et conception d'algorithmes quantiques pour le décodage de codes linéaires, 2016.

J. Pil, E. F. Lee, and . Brickell, An observation on the security of McEliece's public-key cryptosystem, Advances in Cryptology -EUROCRYPT'88, pp.275-280, 1988.

R. H. Yuan-xing-li, X. Deng, and . Wang, On the equivalence of McEliece's and Niederreiter's public-key cryptosystems, IEEE Transactions on Information Theory, vol.40, issue.1, pp.271-273, 1994.
DOI : 10.1109/18.272496

C. Löndahl and T. Johansson, A New Version of McEliece PKC Based on Convolutional Codes, Information and Communications Security, pp.461-470, 2012.
DOI : 10.1007/978-3-642-34129-8_45

C. Löndahl, T. Johansson, M. Koochak-shooshtari, M. Ahmadian-attari, and M. R. Aref, Squaring attacks on McEliece public-key cryptosystems using quasi-cyclic codes of even dimension, Designs, Codes and Cryptography, vol.80, issue.2, pp.359-377, 2016.
DOI : 10.1007/BFb0019850

G. Landais and J. Tillich, An Efficient Attack of a McEliece Cryptosystem Variant Based on Convolutional Codes, LNCS, vol.7932, pp.102-117, 2013.
DOI : 10.1007/978-3-642-38616-9_7

URL : https://hal.archives-ouvertes.fr/hal-00880654

J. C. David and . Mackay, Good codes based on very sparse matrices, Cryptography and Coding Proceedings, pp.100-111, 1995.

R. Misoczki and P. Barreto, Compact McEliece Keys from Goppa Codes, Selected Areas in Cryptography, 2009.
DOI : 10.1007/978-3-642-05445-7_24

URL : https://hal.archives-ouvertes.fr/hal-00870932

R. J. Mceliece, A Public-Key System Based on Algebraic Coding Theory, pp.114-116, 1978.

[. May, A. Meurer, and E. Thomae, Decoding random linear codes in O(2 0.054n ), Advances in Cryptology - ASIACRYPT 2011, pp.107-124, 2011.

A. May and I. Ozerov, On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes, Advances in Cryptology -EUROCRYPT 2015, pp.203-228, 2015.
DOI : 10.1007/978-3-662-46800-5_9

T. Ingo-von-maurich, T. Oder, and . Güneysu, Implementing QC-MDPC McEliece encryption, ACM Trans. Embed. Comput. Syst, vol.1444, issue.3, pp.1-4427, 2015.

C. Monico, J. Rosenthal, and A. A. Shokrollahi, Using low density parity check codes in the McEliece cryptosystem, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060), p.215, 2000.
DOI : 10.1109/ISIT.2000.866513

L. Minder and A. Shokrollahi, Cryptanalysis of the Sidelnikov Cryptosystem, Advances in Cryptology -EUROCRYPT 2007, pp.347-360, 2007.
DOI : 10.1007/978-3-540-72540-4_20

R. Misoczki, J. Tillich, N. Sendrier, and P. S. Barreto, MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes, 2013 IEEE International Symposium on Information Theory, 2012.
DOI : 10.1109/ISIT.2013.6620590

URL : https://hal.archives-ouvertes.fr/hal-00870929

H. Niederreiter, Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory, pp.159-166, 1986.

A. Otmani, J. Tillich, and L. Dallot, Cryptanalysis of McEliece cryptosystem based on quasi-cyclic LDPC codes, Proceedings of First International Conference on Symbolic Computation and Cryptography, pp.69-81, 2008.

R. Overbeck, Statistical Decoding Revisited, ACISP Lecture Notes in Comput. Sci, vol.4058, pp.283-294, 2006.
DOI : 10.1007/11780656_24

[. Petrank and R. Roth, Is code equivalence easy to decide?, IEEE Transactions on Information Theory, vol.43, issue.5, pp.1602-1604, 1997.
DOI : 10.1109/18.623157

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

E. Prange, The use of information sets in decoding cyclic codes, IEEE Transactions on Information Theory, vol.8, issue.5, pp.5-9, 1962.
DOI : 10.1109/TIT.1962.1057777

R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.
DOI : 10.1145/359340.359342

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

]. J. Sch72, M. Pieter, and . Schalkwijk, An algorithm for source coding, IEEE Trans. Information Theory, vol.18, issue.3, pp.395-399, 1972.

[. Sendrier, On the Dimension of the Hull, SIAM Journal on Discrete Mathematics, vol.10, issue.2, pp.282-293, 1997.
DOI : 10.1137/S0895480195294027

URL : https://hal.archives-ouvertes.fr/inria-00074009

[. Sendrier, Finding the permutation between equivalent linear codes: the support splitting algorithm, IEEE Transactions on Information Theory, vol.46, issue.4, pp.1193-1203, 2000.
DOI : 10.1109/18.850662

[. Sendrier, Encoding information into constant weight words, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005., pp.435-438, 2005.
DOI : 10.1109/ISIT.2005.1523371

[. Sendrier, On the use of structured codes in code based cryptography The Royal Flemish Academy of Belgium for Science and the Arts, Coding Theory and Cryptography III, pp.59-68, 2010.

[. Sendrier, Decoding One Out of Many, In Post-Quantum Cryptography Lecture Notes in Comput. Sci, vol.8, issue.1, pp.51-67, 2011.
DOI : 10.1007/3-540-45708-9_19

]. P. Sho94 and . Shor, Algorithms for quantum computation : Discrete logarithms and factoring, FOCS, pp.124-134, 1994.

[. Sidelnikov, A public-key cryptosytem based on Reed-Muller codes, Discrete Math. Appl, vol.4, issue.3, pp.191-207, 1994.

R. Sk14-]-sujan, Y. Shrestha, and . Kim, New McEliece cryptosystem based on polar codes as a candidate for post-quantum cryptography, 2014 14th International Symposium on Communications and Information Technologies (ISCIT), pp.368-372, 2014.

[. Stern, A method for finding codewords of small weight, Coding Theory and Applications, pp.106-113, 1988.
DOI : 10.1007/BFb0019850

R. Canto, T. , and N. Sendrier, Analysis of information set decoding for a sub-linear error weight, Post-Quantum Cryptography -7th International Workshop Proceedings, pp.144-161, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01244886

M. Ingo-von and T. Güneysu, Lightweight code-based cryptography : QC-MDPC McEliece encryption on reconfigurable devices, Design, Automation & Test in Europe Conference & Exhibition, pp.1-6, 2014.

M. Ingo-von and T. Güneysu, Towards side-channel resistant implementations of QC-MDPC mceliece encryption on constrained devices, Post-Quantum Cryptography 2014, pp.266-282, 2014.