skip to main content
research-article

Optimized and Scalable Co-Processor for McEliece with Binary Goppa Codes

Published: 21 April 2015 Publication History

Abstract

Asymmetric cryptographic primitives are essential to enable secure communications in public networks or public mediums. Such primitives can be deployed as software libraries or hardware co-processors, the latter being more commonly employed in systems on chip (SoC) scenarios, embedded devices, or application-specific servers. Unfortunately, the most commonly available solutions, based on RSA or elliptic curve cryptography (ECC), are highly processing intensive due to the underlying extended-precision modular arithmetic. Consequently, they are not available on highly constrained platforms. Aiming to tackle this issue, we here investigate an alternative asymmetric encryption scheme that relies on lightweight arithmetic: McEliece. This scheme is especially appealing because, being based on error correction codes, it displays a simpler arithmetic and leads to better performance when compared to RSA or ECC. To evaluate the implementation of this scheme in hardware, we propose and analyze a flexible architecture whose security level and time versus area usage characteristics can be reconfigured as desired. The proposed architecture is suitable to all usual security levels, ranging from 80 to 256 bits. It is also very efficient, being able to perform data decryption with binary Goppa codes in 56µs with 3,402 slices on a Xilinx Spartan-3AN FPGA, whereas the best-known result in the literature for the same FPGA is 115µs with 7,331 slices. Alternatively, the architecture can operate with quasi-dyadic Goppa (QD-Goppa) codes, which involves smaller keys than traditional binary Goppa codes. In the latter case, for an 80-bit security level, the decryption operation can take from 1.1ms with 1,129 slices to 68µs with 8,268 sices. By choosing a more hardware-friendly decoding algorithm, focusing hardware resources on most bottleneck operations and sharing hardware resource for two different algorithms, better results than the those in the literature were obtained.

References

[1]
F. Arguello. 2005. Binary GCD algorithm for computing error locator polynomials in Reed-Solomon decoding. Electronics Letters 41, 13, 754--755.
[2]
M. Barbier and P. S. L. M. Barreto. 2011. Key reduction of McEliece’s cryptosystem using list decoding. In Proceedings of the IEEE International Symposium on Information Theory (ISIT). IEEE, Los Alamitos, CA, 2681--2685. http://dx.doi.org/10.1109/ISIT.2011.6034058
[3]
E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid. 2012. Recommendation for Key Management—Part 1: General (Revision 3). Technical Report. National Institute of Standards and Technology, Gaithersburg, MD.
[4]
P. S. L. M. Barreto. 2011. Construção de Parãmetros e Algoritmos Eficiente para Criptossietmas Pós-Quânticos Baseados em Teoria dos Códigos.
[5]
P. S. L. M. Barreto, P.-L. Cayrel, R. Misoczki, and R. Niebuhr. 2011a. Quasi-dyadic CFS signatures. In Information Security and Cryptology. Lecture Notes in Computer Science, Vol. 6584. Springer, 336--349.
[6]
P. S. L. M. Barreto, R. Lindner, and R. Misoczki. 2011b. Monoidic codes in cryptography. In Post-Quantum Cryptography. Lecture Notes in Computer Science, Vol. 7071. Springer, 179--199. http://dx.doi.org/10.1007/978-3-642-25405-5_12
[7]
D. J. Bernstein, T. Chou, and P. Schwabe. 2013. McBits: Fast constant-time code-based cryptography. In Cryptographic Hardware and Embedded Systems—CHES 2013. Lecture Notes in Computer Science, Vol. 8086. Springer, 250--272. http://dx.doi.org/10.1007/978-3-642-40349-1_15
[8]
D. J. Bernstein, T. Lange, and C. Peters. 2008. Attacking and defending the McEliece cryptosystem. In Post-Quantum Cryptography. Lecture Notes in Computer Science, Vol. 5299. Springer, 31--46.
[9]
G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. 2013. Keccak. In Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, Vol. 7881. Springer, 313--314.
[10]
F. P. Biasi, P. S. L. M. Barreto, R. Misoczki, and W. V. Ruggiero. 2014. Scaling efficient code-based cryptosystems for embedded platforms. Journal of Cryptographic Engineering 4, 2, 123--134. http://dx.doi.org/10.1007/s13389-014-0070-1
[11]
B. Biswas and V. Herbert. 2009. Efficient root finding of polynomials over fields of characteristic 2. In Proceedings of the Western European Workshop on Research in Cryptology.
[12]
W. Bosma, J. Cannon, and C. Playoust. 1997. The Magma algebra system. I. The user language. Journal of Symbolic Computation 24, 3--4, 235--265. http://dx.doi.org/10.1006/jsco.1996.0125
[13]
K. Chang. 2012. I.B.M. Researchers Inch Toward Quantum Computer. Retrieved March 17, 2015, from http://www.nytimes.com/2012/02/28/technology/ibm-inch-closer-on-quantum-computer.html?_r=2&hpw&
[14]
W. L. Eastman. 1988. Euclidean Decoders for BCH codes. Technical Report. MITRE Corporation. http://www.dtic.mil/get-tr-doc/pdf?AD=ADA197242
[15]
T. Eisenbarth, T. Güneysu, S. Heyse, and C. Paar. 2009a. MicroEliece: McEliece for embedded devices. In Cryptographic Hardware and Embedded Systems—CHES 2009. Lecture Notes in Computer Science, Vol. 5747. Springer, 49--64. http://dx.doi.org/10.1007/978-3-642-04138-9_4
[16]
T. Eisenbarth, T. Güneysu, S. Heyse, and C. Paar. 2009b. MicroEliece: McEliece for Embedded Devices. In Proceedings of the Conference on Cryptographic Hardware and Embedded Systems (CHES). http://www.iacr.org/workshops/ches/ches2009/presentations/01_Session_1/CHES2009_heyse.pdf.
[17]
J.-C. Faugère, A. Otmani, L. Perret, F. de Portzamparc, and J.-P. Tillich. 2014a. Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups. Cryptology ePrint Archive: Report 2014/353. Available at http://eprint.iacr.org/.
[18]
J.-C. Faugère, A. Otmani, L. Perret, F. de Portzamparc, and J.-P. Tillich. 2014b. Structural Cryptanalysis of McEliece Schemes with Compact Keys. Cryptology ePrint Archive: Report 2014/210. Available at http://eprint.iacr.org/.
[19]
J.-C. Faugère, A. Otmani, L. Perret, and J.-P. Tilllich. 2010. Algebraic cryptanalysis of McEliece variants with compact keys. In Advances in Cryptology—EUROCRYPT 2010. Lecture Notes in Computer Science, Vol. 6110. Springer, 279--298.
[20]
R. G. Gallager. 1962. Low-density parity-check codes. IRE Transactions on Information Theory 8, 1, 21--28.
[21]
S. Ghosh. 2014. On the implementation of McEliece with CCA2 indeterminacy by SHA-3. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS). IEEE, Los Alamitos, CA, 2804--2807. http://dx.doi.org/10.1109/ISCAS.2014.6865756
[22]
S. Ghosh, J. Delvaux, L. Uhsadel, and I. Verbauwhede. 2012. A speed area optimized embedded co-processor for McEliece cryptosystem. In Proceedings of the 23rd IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP). IEEE, Los Alamitos, CA, 102--108.
[23]
S. Ghosh and I. Verbauwhede. 2014. BLAKE-512 based 128-bit CCA2 secure timing attack resistant McEliece cryptoprocessor. IEEE Transactions on Computers 63, 5, 1124--1133.
[24]
V. D. Goppa. 1970. A new class of linear error correcting codes. Problemy Peredachi Informatsii 6, 24--30.
[25]
N. Gura, A. Patel, A. Wander, H. Eberle, and S.-C. Shantz. 2004. Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Cryptographic Hardware and Embedded Systems—CHES 2004. Lecture Notes in Computer Science, Vol. 3156. Springer, 119--132. http://dx.doi.org/10.1007/978-3-540-28632-5_9
[26]
H. J. Helgert. 1977. Decoding of alternant codes (Corresp.). IEEE Transactions on Information Theory 23, 4, 513--514. http://dx.doi.org/10.1109/TIT.1977.1055730
[27]
S. Heyse and T. Güneysu. 2013. Code-based cryptography on reconfigurable hardware: Tweaking Niederreiter encryption for performance. Journal of Cryptographic Engineering 3, 1, 29--43. http://dx.doi.org/10.1007/s13389-013-0056-4
[28]
S. Heyse, I. von Maurich, and T. Güneysu. 2013. Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices. In Cryptographic Hardware and Embedded Systems—CHES 2013. Lecture Notes in Computer Science, Vol. 8086. Springer, 273--292. http://dx.doi.org/10.1007/978-3-642-40349-1_16
[29]
Y. X. Li, R. H. Deng, and X. M. Wang. 1994. On the equivalence of McEliece’s and Niederreiter’s public-key cryptosystems. IEEE Transactions on Information Theory 40, 1, 271--273. http://dx.doi.org/10.1109/18.272496
[30]
F. J. MacWilliams and N. J. A. Sloane. 1977. The Theory of Error-Correcting Codes. Vol. 16. North-Holland Mathematical Library
[31]
J. L. Massey. 1969. Shift-register synthesis and BCH decoding. IEEE Transactions on Information Theory 15, 1, 122--127.
[32]
P. M. C. Massolino, C. B. Margi, P. S. L. M. Barreto, and W. V. Ruggiero. 2014. Scalable hardware implementation for quasi-dyadic Goppa encoder. In Proceedings of the IEEE 5th Latin American Symposium on Circuits and Systems (LASCAS). IEEE, Los Alamitos, CA, 1--4. http://dx.doi.org/10.1109/LASCAS.2014.6820285
[33]
R. McEliece. 1978. A Public-Key Cryptosystem Based on Algebraic Coding Theory. Deep Space Network Progress Report, DSN PR 42--44. http://ipnpr.jpl.nasa.gov/progress report2/42-44/44N.PDF.
[34]
V. Miller. 1986. Use of elliptic curves in cryptography. In Advances in Cryptology—CRYPTO 85 Proceedings. Lecture Notes in Computer Science, Vol. 218. Springer, 417--426. http://dx.doi.org/10.1007/3-540-39799-X_31
[35]
R. Misoczki. 2010. Umafamília de códigos corretores de erro para criptossistemas eficientes baseados em decodificação de síndromes. Master’s thesis. Escola Politécnica, University of Sao Paulo. http://www.teses.usp.br/teses/disponiveis/3/3141/tde-30112010-154949/en.php.
[36]
R. Misoczki. 2013. Two Approaches for Achieving Efficient Code-Based Cryptosystems. Ph.D. Dissertation. Université Pierre et Marie Curie. https://tel.archives-ouvertes.fr/tel-00931811/.
[37]
R. Misoczki and P. S. L. M. Barreto. 2009. Compact McEliece keys from Goppa codes. In Selected Areas in Cryptography—SAC 2009. Lecture Notes in Computer Science, Vol. 5867. Springer, 276--392. http://dx.doi.org/10.1007/978-3-642-05445-7_24
[38]
R. Misoczki, N. Sendrier, J.-P. Tilllich, and P. S. L. M. Barreto. 2013. MDPC-McEliece: New McEliece variants from moderate density parity-check codes. In Proceedings of the EEE International Symposium on Information Theory (ISIT). IEEE, Los Alamitos, CA, 2069--2073.
[39]
R. Niebuhr, M. Meziani, S. Bulygin, and J. Buchmann. 2012. Selecting parameters for secure McEliece-based cryptosystems. International Journal of Information Security 11, 3, 137--147. http://dx.doi.org/10.1007/s10207-011-0153-2
[40]
H. Niederreiter. 1986. Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15, 2, 159--166.
[41]
N. J. Patterson. 1975. The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21, 2, 203--207.
[42]
W. W. Peterson. 1960. Encoding and error-correction procedures for the Bose-Chaudhuri codes. IRE Transactions on Information Theory 6, 4, 459--470. http://dx.doi.org/10.1109/TIT.1960.1057586
[43]
C. Rebeiro, S.-S. Roy, and D. Mukhopadhyay. 2012. Pushing the limits of high-speed GF(2m) elliptic curve scalar multiplication on FPGAs. In Cryptographic Hardware and Embedded Systems—CHES 2012. Lecture Notes in Computer Science, Vol. 7428. Springer, 494--511. http://dx.doi.org/10.1007/978-3-642-33027-8_29
[44]
R. L. Rivest, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 2, Article No. 2. http://doi.acm.org/10.1145/359340.359342
[45]
D. V. Sarwate. 1977. On the complexity of decoding Goppa codes (Corresp.). IEEE Transactions on Information Theory 23, 4, 515--516. http://dx.doi.org/10.1109/TIT.1977.1055732
[46]
P. W. Shor. 1999. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review 41, 2, 303--332.
[47]
A. Shoufan, T. Wink, H. G. Molter, S. A. Huss, and E. Kohnert. 2010. A novel cryptoprocessor architecture for the McEliece public-key cryptosystem. IEEE Transactions on Computers 59, 11, 1533--1546. http://dx.doi.org/10.1109/TC.2010.115
[48]
M. A. Simplício Jr., P. S. L. M. Barreto, C. B. Margi, and T. C. M. B. Carvalho. 2010. A survey on key management mechanisms for distributed wireless sensor networks. Computer Networks 54, 15, 2591--2612.
[49]
F. Strenzke. 2010. A timing attack against the secret permutation in the McEliece PKC. In Post-Quantum Cryptography—PQCrypto 2010. Lecture Notes in Computer Science, Vol. 6061. Springer, 95--107. http://dx.doi.org/10.1007/978-3-642-12929-2_8
[50]
F. Strenzke. 2011. Fast and Secure Root-Finding for Code-Based Cryptosystems. Retrieved March 17, 2015, from http://eprint.iacr.org/2011/672
[51]
F. Strenzke, E. Tews, H. G. Molter, R. Overbeck, and A. Shoufan. 2008. Side channels in the McEliece PKC. In Post-Quantum Cryptography. Lecture Notes in Computer Science, Vol. 5299. Springer, 216--229.
[52]
Y. Sugiyama, M. Kasahara, S. Hirasawa, and T. Namekawa. 1975. A method for solving key equation for decoding Goppa codes. Information and Control 27, 1, 87--99. http://www.sciencedirect.com/science/article/pii/S001999587590090X.
[53]
D. Suzuki and T. Matsumoto. 2011. How to maximize the potential of FPGA-based DSPs for modular exponentiation. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E94-A, 1, 211--222.
[54]
K. K. Tzeng and K. Zimmermann. 1975. On extending Goppa codes to cyclic codes. IEEE Transactions on Information Theory 21, 721--716.
[55]
I. von Maurich and T. Güneysu. 2014. Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices. In Proceedings of the Design, Automation, and Test in Europe Conference and Exhibition (DATE). IEEE, Los Alamitos, CA, 1--6.
[56]
C. S. Wallace. 1964. A suggestion for a fast multiplier. IEEE Transactions on Electronic Computers EC-13, 1, 14--17.
[57]
P. Zajac. 2014. A Note on CCA2-Protected McEliece Cryptosystem with a Systematic Public Key. Cryptology ePrint Archive: Report 2014/651. Available at http://eprint.iacr.org/2014/651.

Cited By

View all
  • (2024)A Safety-Critical, RISC-V SoC Integrated and ASIC-Ready Classic McEliece AcceleratorApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_20(282-295)Online publication date: 20-Mar-2024
  • (2023)A Decoder for a Lightweight McEliece Cryptosystem Based on Concatenated CodesIEEE Consumer Electronics Magazine10.1109/MCE.2022.319212612:5(60-67)Online publication date: 1-Sep-2023
  • (2023)Efficient Decryption Architecture for Classic McEliece2023 24th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED57927.2023.10129325(1-7)Online publication date: 5-Apr-2023
  • Show More Cited By

Index Terms

  1. Optimized and Scalable Co-Processor for McEliece with Binary Goppa Codes

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Transactions on Embedded Computing Systems
    ACM Transactions on Embedded Computing Systems  Volume 14, Issue 3
    Special Issue on Embedded Platforms for Crypto and Regular Papers
    May 2015
    515 pages
    ISSN:1539-9087
    EISSN:1558-3465
    DOI:10.1145/2764962
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Journal Family

    Publication History

    Published: 21 April 2015
    Accepted: 01 February 2015
    Revised: 01 November 2014
    Received: 01 July 2014
    Published in TECS Volume 14, Issue 3

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Code-based encryption
    2. FPGA
    3. Goppa codes
    4. McEliece
    5. hardware

    Qualifiers

    • Research-article
    • Research
    • Refereed

    Funding Sources

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)13
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Safety-Critical, RISC-V SoC Integrated and ASIC-Ready Classic McEliece AcceleratorApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_20(282-295)Online publication date: 20-Mar-2024
    • (2023)A Decoder for a Lightweight McEliece Cryptosystem Based on Concatenated CodesIEEE Consumer Electronics Magazine10.1109/MCE.2022.319212612:5(60-67)Online publication date: 1-Sep-2023
    • (2023)Efficient Decryption Architecture for Classic McEliece2023 24th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED57927.2023.10129325(1-7)Online publication date: 5-Apr-2023
    • (2023)Hardware Design of PQC Classic McEliece Finite Field Operations and Encryption Module2023 IEEE 17th International Conference on Anti-counterfeiting, Security, and Identification (ASID)10.1109/ASID60355.2023.10426507(67-71)Online publication date: 1-Dec-2023
    • (2022)Code-Based Cryptography With Generalized Concatenated Codes for Restricted Error ValuesIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.32063953(1528-1539)Online publication date: 2022
    • (2021)HLS-Based HW/SW Co-Design of the Post-Quantum Classic McEliece Cryptosystem2021 31st International Conference on Field-Programmable Logic and Applications (FPL)10.1109/FPL53798.2021.00017(52-59)Online publication date: Aug-2021
    • (2021)Post-Quantum Cryptosystem of Niederreiter, Algorithm and Encryption Scheme: Modification and OptimizationXIV International Scientific Conference “INTERAGROMASH 2021"10.1007/978-3-030-81619-3_19(173-183)Online publication date: 31-Oct-2021
    • (2020)Quantum-Proof Lightweight McEliece Cryptosystem Co-processor Design2020 IEEE 38th International Conference on Computer Design (ICCD)10.1109/ICCD50377.2020.00029(73-79)Online publication date: Oct-2020
    • (2019)Using Low-Density Parity-Check Codes to Improve the McEliece CryptosystemInformation Sciences10.1016/j.ins.2019.09.030Online publication date: Sep-2019
    • (2018)FPGA-Based Niederreiter Cryptosystem Using Binary Goppa CodesPost-Quantum Cryptography10.1007/978-3-319-79063-3_4(77-98)Online publication date: 1-Apr-2018
    • Show More Cited By

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media