Abstract

At Crypt'97, Berson showed the McEliece public-key cryptosystem suffers from two weaknesses¡G(1) failure to protect any message which is encrypted more than once, (2) failure to protect any messages which have a known linear relation to one another. In this paper, we propose some variants of the McEliece scheme which can prevent from these attacks. These variants will not reduce the information rate in the original scheme. In addition, to improve the information rate, we also propose some variants of the McEliece scheme which can prevent from Berson-like attacks.