Skip to main content
SpringerLink
Log in

Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance

  • CHES 2012
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Today’s public-key schemes that are either based on the factorization or the discrete logarithm problem. Since both problems are closely related, a major breakthrough in cryptanalysis (e.g., with the advent of quantum computing will render nearly all currently employed security system useless. Code-based public-key schemes rely on the alternative security assumption that decoding generic linear binary codes is NP-complete. Two code-based schemes for public-key encryption are available due to McEliece and Niederreiter. Although most researchers analyzed and implemented McEliece’s cryptosystem, we show in this work that the scheme by Niederreiter has some important advantages, such as smaller keys, more practical plain and ciphertext sizes and less computation complexity. In particular, we propose an efficient FPGA implementation of Niederreiter’s scheme that can encrypt more than 1.5 million plaintexts per seconds on a Xilinx Virtex-6 FPGA—outperforming all known implementations of other popular public-key cryptosystems so far.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. This work does not provide performance results for encryption.

  2. Special thanks to N. Sendrier for pointing this out.

  3. According to [21], RSA-1248 actually corresponds to 80-bit symmetric security. However, no implementation results for embedded systems are available for this key size.

References

  1. Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Cryptographic Hardware and Embedded Systems—CHES 2001. LNCS, vol. 2162, pp. 262–272 (2001)

  2. Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology, AFRICACRYPT ’09, pp. 77–97. Springer, Berlin (2009)

  3. Berlekamp, B.: Nonbinary BCH decoding. IEEE Trans Inf Theory 14(2), 242 (1968)

    Article  Google Scholar 

  4. Berlekamp, E.: Goppa Codes. IEEE Trans. Inf. Theory IT-19(5) (1973)

  5. Berlekamp, E.R.: A survey of coding theory. J. R. Stat. Soc. Ser. A (General) 135(1) (1972)

  6. Bernstein, D.J.: List decoding for binary Goppa codes. In: Proceedings of the Third International Conference on Coding and Cryptology, IWCC’11, pp. 62–80. Springer, Berlin (2011)

  7. Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems (2009). http://bench.cr.yp.to

  8. Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: Proceedings of the International Workshop on Post-Quantum Cryptography-PQCrypto ’08. LNCS, vol. 5299, pp. 31–46. Springer, Berlin (2008)

  9. Biswas, B., Herbert, V.: Efficient root finding of polynomials over fields of characteristic 2. In: WEWoRC 2009 (2009)

  10. Biswas, B., Sendrier, N.: McEliece crypto-system: a reference implementation

  11. Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: MQ-cryptosystems as replacement for elliptic curves? In: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems-CHES 2008, vol. 5154. LNCS, pp. 45–61. Springer (2008)

  12. Bouyukliev, I.G.: About the code equivalence. World Scientific, Hackensack, pp. 126–151 (2007)

  13. Bras-Amors, M., O’Sullivan, M.E.: The Berlekamp-Massey algorithm and the Euclidean algorithm: A closer link. In: CoRR, Vol. abs/0908.2198 (2009)

  14. Canteaut, A., Chabaud, F.: Improvements of the attacks on cryptosystems based on error-correcting codes (1995)

  15. Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient implementation of a CCA2-secure variant of McEliece using generalized srivastava codes. In: Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography, PKC’12, pp. 138–155. Springer, Berlin (2012)

  16. Chang, K.: I.B.M. Researchers Inch Toward Quantum Computer. New York Times Article (2012).http://www.nytimes.com/2012/02/28/technology/ibm-inch-closer-on-quantum-computer.html?_r=1&hpw

  17. Chien, R.: Cyclic decoding procedures for Bose-Chaudhuri-Hocquenghem codes. IEEE Trans. Inf. Theor. 10(4), 357–363 (2006)

    Article  Google Scholar 

  18. Cover, T.: Enumerative source encoding 19(1), 73–77 (1973)

  19. Dinh, H., Moore, C., Russell, A.: McEliece and Niederreiter cryptosystems that resist quantum fourier sampling attacks. In: Proceedings of the 31st Annual Conference on Advances in Cryptology, CRYPTO’11, pp. 761–779. Springer, Berlin (2011)

  20. Dornstetter, J.-L.: On the equivalence between Berlekamp’s and Euclid’s algorithms. IEEE Trans. Inf. Theory 33(3), 428–431 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  21. ECRYPT: Yearly report on algorithms and keysizes (2007–2008). Technical Report, D.SPA.28 Rev. 1.1, July 2008. http://www.ecrypt.eu.org/documents/D.SPA.10-1.1.pdf

  22. Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: Microeliece: McEliece for embedded devices. In: CHES ’09: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems, pp. 49–64. Springer, Berlin (2009)

  23. Engelbert, D., Overbeck, R., Schmidt, A.: A summary of McEliece-type cryptosystems and their security. IACR Cryptol. ePrint Arch. 2006, 162 (2006)

    Google Scholar 

  24. Faugere, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys (2009)

  25. Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Advances in Cryptology EUROCRYPT 96, vol. 1070. Lecture Notes in Computer Science, pp. 245–255. Springer, Berlin (1996)

  26. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: CRYPTO ’99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pp. 537–554. Springer, London (1999)

  27. Ghosh, S., Delvaux, J., Uhsadel, L., Verbauwhede, I.: A speed area optimized embedded co-processor for McEliece cryptosystem. In: 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors (ASAP), pp. 102–108 (2012)

  28. Goppa, V.: A new class of linear correcting codes. Probl. Peredachi Inf. 6(3), 24–30 (1969)

    MathSciNet  Google Scholar 

  29. Gorenstein, D., Peterson, W.W., Zierler, N.: Two-error correcting Bose-Chaudhuri codes are quasi-perfect. Inf. Comput. 3(3), 291–294 (1960)

    MathSciNet  MATH  Google Scholar 

  30. Güneysu, T., Paar, C., Pelzl, J.: Special-purpose hardware for solving the elliptic curve discrete logarithm problem. ACM Trans. Reconfig. Technol. Syst. (TRETS) 1(2), 1–21 (2008)

    Article  Google Scholar 

  31. Helion Technology Inc.: Modular Exponentiation Core Family for Xilinx FPGA. Data Sheet, October 2008. http://www.heliontech.com/downloads/modexp_xilinx_datasheet.pdf

  32. Heyse, S.: Low-Reiter: Niederreiter encryption scheme for embedded microcontrollers. In : Sendrier, N. (ed.) Post-Quantum Cryptography, Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25–28, 2010. Proceedings, vol. 6061. Lecture Notes in Computer Science, pp. 165–181. Springer, Berlin (2010)

  33. Heyse, S.: Implementation of McEliece based on quasi-dyadic Goppa codes for embedded devices. In: Yang, B.-Y. (ed.) Post-Quantum Cryptography, volume 7071 of Lecture Notes in Computer Science, pp. 143–162. Springer, Berlin (2011)

  34. Heyse, S., Güneysu, T.: Towards one cycle per bit asymmetric encryption: code-based cryptography on reconfigurable hardware. In: Prouff, E., Schaumont, P. (eds.) CHES, vol. 7428. Lecture Notes in Computer Science, pp. 340–355. Springer, Berlin (2012)

  35. Heyse, S., Moradi, A., Paar, C.: Practical power analysis attacks on software implementations of McEliece. In: Sendrier, N. (ed.) Post-Quantum Cryptography, vol. 6061. Lecture Notes in Computer Science, pp. 108–125. Springer, Berlin (2010). doi:10.1007/978-3-642-12929-29

  36. Hoffmann, G.: Implementation of McEliece using quasi-dyadic Goppa Codes. Bachelor thesis, TU Darmstadt (2011) http://www.cdc.informatik.tu-darmstadt.de/reports/reports/Gerhard_Hoffmann.bachelor.pdf

  37. Horner, W.G.: A new method of solving numerical equations of all orders, by continuous approximation. Philosophical Transactions of the Royal Society of London 109, 308–335 (1819)

    Article  Google Scholar 

  38. Huber, K.: Note on decoding binary Goppa codes. Electron. Lett. 32(2), 102–103 (1996)

    Article  Google Scholar 

  39. Huffman, C.W., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2003)

    Book  MATH  Google Scholar 

  40. Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems-conversions for McEliece. In: Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, PKC ’01, pp. 19–35, London, UK. Springer, Berlin (2001)

  41. Lee, K.: Interpolation-based decoding of alternant codes. In: CoRR, vol. abs/cs/0702118 (2007)

  42. Li, Y.X., Deng, R.H., wang, X.M.: On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Trans. Inf. Theor. 40(1), 271–273 (2006)

    MathSciNet  Google Scholar 

  43. McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. DSN Prog. Rep. 42(44), 114–116 (1978)

    Google Scholar 

  44. Minder, L.: Cryptography based on error correcting codes. PhD Thesis, Ècole Polytechnique Fédérale de Lausanne (2007)

  45. Misoczki, R., Barreto, P.S.: Compact McEliece keys from Goppa codes. In: Selected Areas in Cryptography: 16th Annual International Workshop (SAC 2009), pp. 376–392. Springer, Berlin (2009)

  46. Misoczki, R., Barreto, P.S.: Selected areas in cryptography. In: Chapter Compact McEliece Keys from Goppa Codes, pp. 376–392. Springer, Berlin (2009)

  47. Molter, H., Stöttinger, M., Shoufan, A., Strenzke, F.: A simple power analysis attack on a mceliece cryptoprocessor. J. Cryptogr. Eng. 1(29–36) (2011). doi:10.1007/s13389-011-0001-3

  48. Niebuhr, R., Cayrel, P.-L.: Broadcast attacks against code-based schemes. In: Armknecht, F., Lucks, S. (eds) WEWoRC, vol. 7242. Lecture Notes in Computer Science, pp. 1–17. Springer, Berlin (2011)

  49. Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory/Problemy Upravlen. Teor Inf. 15(2), 159–166 (1986)

    Google Scholar 

  50. Overbeck, R., Sendrier, N.: Code-based cryptography. In: Bernstein, Daniel J., et al. (ed.) Post-Quantum Cryptography. First International Workshop PQCrypto 2006, Leuven, The Netherland, May 23–26, 2006, pp. 95–145. Selected Papers. Springer, Berlin (2009)

  51. Patterson, N.: The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21(2), 203–207 (1975)

    Google Scholar 

  52. Persichetti, E.: Compact McEliece keys based on Quasi-Dyadic Srivastava codes. IACR Cryptol. ePrint Arch. 2011, 179 (2011)

    Google Scholar 

  53. Peterson, W.: Encoding and error-correction procedures for the Bose-Chaudhuri codes. IRE Trans. Inf. Theory 6(4), 459–470 (1960)

    Article  Google Scholar 

  54. Pierre-Louis Cayrel: Code-based cryptosystems: implementations. http://www.cayrel.net/research/code-based-cryptography/code-based-cryptosystems/

  55. Pointcheval, D.: Chosen-Ciphertext security for any one-way cryptosystem. In: Imai, H., Zheng, Y. (eds.) Workshop on Practice and Theory in Public-Key Cryptography (PKC ’00), vol. 1751. Lecture Notes in Computer ScienceSpringer, pp. 129–146. Melbourne, Australia (2000)

  56. Sendrier, N.: Efficient generation of binary words of given weight. In: Cryptography and Coding, vol. 1025. Lecture Notes in Computer Science, pp. 184–187. Springer, Berlin (1995)

  57. Sendrier, N.: Encoding information into constant weight words. In: Proceedings of International Symposium on Information Theory ISIT 2005, pp. 435–438 (2005)

  58. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  59. Shoufan, A., Strenzke, F., Molter, H., Stöttinger, M.: A timing attack against Patterson algorithm in the McEliece PKC. In: Lee, D., Hong, S. (eds.) Information, Security and Cryptology ICISC 2009, vol. 5984. Lecture Notes in Computer Science, pp. 161–175. Springer, Berlin (2010). doi:10.1007/978-3-642-14423-312

  60. Shoufan, A., Wink, T., Molter, H.G., Huss, S.A., Strenzke. F.: A Novel processor architecture for McEliece cryptosystem and FPGA platforms. In: 20th IEEE International Conference on Application-specific Systems, Architectures and Processors (2009)

  61. Strenzke, F.: A timing attack against the secret permutation in the McEliece PKC. In: Sendrier, N. (ed.) Post-Quantum Cryptography, vol. 6061. Lecture Notes in Computer Science, pp. 95–107. Springer, Berlin (2010). doi:10.1007/978-3-642-12929-28

  62. Strenzke, F., Tews, E., Molter, H., Overbeck, R., Shoufan, A.: Side channels in the McEliece PKC. In: 2nd workshop on post-quantum cryptography, pp. 216–229. Springer, Berlin (2008)

  63. Sudan, M.: List decoding: algorithms and applications. SIGACT News 31(1), 16–27 (2000)

    Article  Google Scholar 

  64. Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A method for solving key equation for decoding goppa codes. Inf. Control 27(1), 87–99 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  65. Sutter, G., Deschamps, J., Imana., J.: Efficient elliptic curve point multiplication using digit-serial binary field operations. IEEE Trans. Ind. Electron. 60(1), 217–225 (2013)

    Article  Google Scholar 

  66. Xilinx Inc.: Data Sheets and Product Information for Xilinx Spartan and Virtex FPGAs. http://www.xilinx.com/support/

Download references

Acknowledgments

The work described in this paper has been supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II. This work has been also been supported in part by the Ministry of Economic Affairs and Energy of the State of North Rhine-Westphalia (Grant 315-43-02/2-005-WFBO-009).

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-Universitä Bochum, 44780 , Bochum, Germany

    Stefan Heyse & Tim Güneysu

Authors
  1. Stefan Heyse
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tim Güneysu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Heyse.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Heyse, S., Güneysu, T. Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance. J Cryptogr Eng 3, 29–43 (2013). https://doi.org/10.1007/s13389-013-0056-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-013-0056-4

Keywords

Search

Navigation