Abstract
Today’s public-key schemes that are either based on the factorization or the discrete logarithm problem. Since both problems are closely related, a major breakthrough in cryptanalysis (e.g., with the advent of quantum computing will render nearly all currently employed security system useless. Code-based public-key schemes rely on the alternative security assumption that decoding generic linear binary codes is NP-complete. Two code-based schemes for public-key encryption are available due to McEliece and Niederreiter. Although most researchers analyzed and implemented McEliece’s cryptosystem, we show in this work that the scheme by Niederreiter has some important advantages, such as smaller keys, more practical plain and ciphertext sizes and less computation complexity. In particular, we propose an efficient FPGA implementation of Niederreiter’s scheme that can encrypt more than 1.5 million plaintexts per seconds on a Xilinx Virtex-6 FPGA—outperforming all known implementations of other popular public-key cryptosystems so far.
Similar content being viewed by others
Notes
This work does not provide performance results for encryption.
Special thanks to N. Sendrier for pointing this out.
According to [21], RSA-1248 actually corresponds to 80-bit symmetric security. However, no implementation results for embedded systems are available for this key size.
References
Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Cryptographic Hardware and Embedded Systems—CHES 2001. LNCS, vol. 2162, pp. 262–272 (2001)
Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology, AFRICACRYPT ’09, pp. 77–97. Springer, Berlin (2009)
Berlekamp, B.: Nonbinary BCH decoding. IEEE Trans Inf Theory 14(2), 242 (1968)
Berlekamp, E.: Goppa Codes. IEEE Trans. Inf. Theory IT-19(5) (1973)
Berlekamp, E.R.: A survey of coding theory. J. R. Stat. Soc. Ser. A (General) 135(1) (1972)
Bernstein, D.J.: List decoding for binary Goppa codes. In: Proceedings of the Third International Conference on Coding and Cryptology, IWCC’11, pp. 62–80. Springer, Berlin (2011)
Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009). http://bench.cr.yp.to
Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Proceedings of the International Workshop on Post-Quantum Cryptography-PQCrypto ’08. LNCS, vol. 5299, pp. 31–46. Springer, Berlin (2008)
Biswas, B., Herbert, V.: Efficient root finding of polynomials over fields of characteristic 2. In: WEWoRC 2009 (2009)
Biswas, B., Sendrier, N.: McEliece crypto-system: a reference implementation
Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: MQ-cryptosystems as replacement for elliptic curves? In: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems-CHES 2008, vol. 5154. LNCS, pp. 45–61. Springer (2008)
Bouyukliev, I.G.: About the code equivalence. World Scientific, Hackensack, pp. 126–151 (2007)
Bras-Amors, M., O’Sullivan, M.E.: The Berlekamp-Massey algorithm and the Euclidean algorithm: A closer link. In: CoRR, Vol. abs/0908.2198 (2009)
Canteaut, A., Chabaud, F.: Improvements of the attacks on cryptosystems based on error-correcting codes (1995)
Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient implementation of a CCA2-secure variant of McEliece using generalized srivastava codes. In: Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography, PKC’12, pp. 138–155. Springer, Berlin (2012)
Chang, K.: I.B.M. Researchers Inch Toward Quantum Computer. New York Times Article (2012).http://www.nytimes.com/2012/02/28/technology/ibm-inch-closer-on-quantum-computer.html?_r=1&hpw
Chien, R.: Cyclic decoding procedures for Bose-Chaudhuri-Hocquenghem codes. IEEE Trans. Inf. Theor. 10(4), 357–363 (2006)
Cover, T.: Enumerative source encoding 19(1), 73–77 (1973)
Dinh, H., Moore, C., Russell, A.: McEliece and Niederreiter cryptosystems that resist quantum fourier sampling attacks. In: Proceedings of the 31st Annual Conference on Advances in Cryptology, CRYPTO’11, pp. 761–779. Springer, Berlin (2011)
Dornstetter, J.-L.: On the equivalence between Berlekamp’s and Euclid’s algorithms. IEEE Trans. Inf. Theory 33(3), 428–431 (1987)
ECRYPT: Yearly report on algorithms and keysizes (2007–2008). Technical Report, D.SPA.28 Rev. 1.1, July 2008. http://www.ecrypt.eu.org/documents/D.SPA.10-1.1.pdf
Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: Microeliece: McEliece for embedded devices. In: CHES ’09: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, pp. 49–64. Springer, Berlin (2009)
Engelbert, D., Overbeck, R., Schmidt, A.: A summary of McEliece-type cryptosystems and their security. IACR Cryptol. ePrint Arch. 2006, 162 (2006)
Faugere, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys (2009)
Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Advances in Cryptology EUROCRYPT 96, vol. 1070. Lecture Notes in Computer Science, pp. 245–255. Springer, Berlin (1996)
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: CRYPTO ’99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pp. 537–554. Springer, London (1999)
Ghosh, S., Delvaux, J., Uhsadel, L., Verbauwhede, I.: A speed area optimized embedded co-processor for McEliece cryptosystem. In: 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors (ASAP), pp. 102–108 (2012)
Goppa, V.: A new class of linear correcting codes. Probl. Peredachi Inf. 6(3), 24–30 (1969)
Gorenstein, D., Peterson, W.W., Zierler, N.: Two-error correcting Bose-Chaudhuri codes are quasi-perfect. Inf. Comput. 3(3), 291–294 (1960)
Güneysu, T., Paar, C., Pelzl, J.: Special-purpose hardware for solving the elliptic curve discrete logarithm problem. ACM Trans. Reconfig. Technol. Syst. (TRETS) 1(2), 1–21 (2008)
Helion Technology Inc.: Modular Exponentiation Core Family for Xilinx FPGA. Data Sheet, October 2008. http://www.heliontech.com/downloads/modexp_xilinx_datasheet.pdf
Heyse, S.: Low-Reiter: Niederreiter encryption scheme for embedded microcontrollers. In : Sendrier, N. (ed.) Post-Quantum Cryptography, Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25–28, 2010. Proceedings, vol. 6061. Lecture Notes in Computer Science, pp. 165–181. Springer, Berlin (2010)
Heyse, S.: Implementation of McEliece based on quasi-dyadic Goppa codes for embedded devices. In: Yang, B.-Y. (ed.) Post-Quantum Cryptography, volume 7071 of Lecture Notes in Computer Science, pp. 143–162. Springer, Berlin (2011)
Heyse, S., Güneysu, T.: Towards one cycle per bit asymmetric encryption: code-based cryptography on reconfigurable hardware. In: Prouff, E., Schaumont, P. (eds.) CHES, vol. 7428. Lecture Notes in Computer Science, pp. 340–355. Springer, Berlin (2012)
Heyse, S., Moradi, A., Paar, C.: Practical power analysis attacks on software implementations of McEliece. In: Sendrier, N. (ed.) Post-Quantum Cryptography, vol. 6061. Lecture Notes in Computer Science, pp. 108–125. Springer, Berlin (2010). doi:10.1007/978-3-642-12929-29
Hoffmann, G.: Implementation of McEliece using quasi-dyadic Goppa Codes. Bachelor thesis, TU Darmstadt (2011) http://www.cdc.informatik.tu-darmstadt.de/reports/reports/Gerhard_Hoffmann.bachelor.pdf
Horner, W.G.: A new method of solving numerical equations of all orders, by continuous approximation. Philosophical Transactions of the Royal Society of London 109, 308–335 (1819)
Huber, K.: Note on decoding binary Goppa codes. Electron. Lett. 32(2), 102–103 (1996)
Huffman, C.W., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2003)
Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems-conversions for McEliece. In: Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, PKC ’01, pp. 19–35, London, UK. Springer, Berlin (2001)
Lee, K.: Interpolation-based decoding of alternant codes. In: CoRR, vol. abs/cs/0702118 (2007)
Li, Y.X., Deng, R.H., wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans. Inf. Theor. 40(1), 271–273 (2006)
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep. 42(44), 114–116 (1978)
Minder, L.: Cryptography based on error correcting codes. PhD Thesis, Ècole Polytechnique Fédérale de Lausanne (2007)
Misoczki, R., Barreto, P.S.: Compact McEliece keys from Goppa codes. In: Selected Areas in Cryptography: 16th Annual International Workshop (SAC 2009), pp. 376–392. Springer, Berlin (2009)
Misoczki, R., Barreto, P.S.: Selected areas in cryptography. In: Chapter Compact McEliece Keys from Goppa Codes, pp. 376–392. Springer, Berlin (2009)
Molter, H., Stöttinger, M., Shoufan, A., Strenzke, F.: A simple power analysis attack on a mceliece cryptoprocessor. J. Cryptogr. Eng. 1(29–36) (2011). doi:10.1007/s13389-011-0001-3
Niebuhr, R., Cayrel, P.-L.: Broadcast attacks against code-based schemes. In: Armknecht, F., Lucks, S. (eds) WEWoRC, vol. 7242. Lecture Notes in Computer Science, pp. 1–17. Springer, Berlin (2011)
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory/Problemy Upravlen. Teor Inf. 15(2), 159–166 (1986)
Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, Daniel J., et al. (ed.) Post-Quantum Cryptography. First International Workshop PQCrypto 2006, Leuven, The Netherland, May 23–26, 2006, pp. 95–145. Selected Papers. Springer, Berlin (2009)
Patterson, N.: The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21(2), 203–207 (1975)
Persichetti, E.: Compact McEliece keys based on Quasi-Dyadic Srivastava codes. IACR Cryptol. ePrint Arch. 2011, 179 (2011)
Peterson, W.: Encoding and error-correction procedures for the Bose-Chaudhuri codes. IRE Trans. Inf. Theory 6(4), 459–470 (1960)
Pierre-Louis Cayrel: Code-based cryptosystems: implementations. http://www.cayrel.net/research/code-based-cryptography/code-based-cryptosystems/
Pointcheval, D.: Chosen-Ciphertext security for any one-way cryptosystem. In: Imai, H., Zheng, Y. (eds.) Workshop on Practice and Theory in Public-Key Cryptography (PKC ’00), vol. 1751. Lecture Notes in Computer ScienceSpringer, pp. 129–146. Melbourne, Australia (2000)
Sendrier, N.: Efficient generation of binary words of given weight. In: Cryptography and Coding, vol. 1025. Lecture Notes in Computer Science, pp. 184–187. Springer, Berlin (1995)
Sendrier, N.: Encoding information into constant weight words. In: Proceedings of International Symposium on Information Theory ISIT 2005, pp. 435–438 (2005)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Shoufan, A., Strenzke, F., Molter, H., Stöttinger, M.: A timing attack against Patterson algorithm in the McEliece PKC. In: Lee, D., Hong, S. (eds.) Information, Security and Cryptology ICISC 2009, vol. 5984. Lecture Notes in Computer Science, pp. 161–175. Springer, Berlin (2010). doi:10.1007/978-3-642-14423-312
Shoufan, A., Wink, T., Molter, H.G., Huss, S.A., Strenzke. F.: A Novel processor architecture for McEliece cryptosystem and FPGA platforms. In: 20th IEEE International Conference on Application-specific Systems, Architectures and Processors (2009)
Strenzke, F.: A timing attack against the secret permutation in the McEliece PKC. In: Sendrier, N. (ed.) Post-Quantum Cryptography, vol. 6061. Lecture Notes in Computer Science, pp. 95–107. Springer, Berlin (2010). doi:10.1007/978-3-642-12929-28
Strenzke, F., Tews, E., Molter, H., Overbeck, R., Shoufan, A.: Side channels in the McEliece PKC. In: 2nd workshop on post-quantum cryptography, pp. 216–229. Springer, Berlin (2008)
Sudan, M.: List decoding: algorithms and applications. SIGACT News 31(1), 16–27 (2000)
Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A method for solving key equation for decoding goppa codes. Inf. Control 27(1), 87–99 (1975)
Sutter, G., Deschamps, J., Imana., J.: Efficient elliptic curve point multiplication using digit-serial binary field operations. IEEE Trans. Ind. Electron. 60(1), 217–225 (2013)
Xilinx Inc.: Data Sheets and Product Information for Xilinx Spartan and Virtex FPGAs. http://www.xilinx.com/support/
Acknowledgments
The work described in this paper has been supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II. This work has been also been supported in part by the Ministry of Economic Affairs and Energy of the State of North Rhine-Westphalia (Grant 315-43-02/2-005-WFBO-009).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Heyse, S., Güneysu, T. Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance. J Cryptogr Eng 3, 29–43 (2013). https://doi.org/10.1007/s13389-013-0056-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-013-0056-4