A Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem

Ghosh, Santosh; Delvaux, Jeroen; Uhsadel, Leif; Verbauwhede, Ingrid

doi:10.1109/asap.2012.16

Cited by 25 publications

(17 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A McEliece co-processor was recently proposed for a Virtex5-LX110T FPGA [16]. Their design goal was to optimize the speed/area ratio while we aim for high performance.…”

Section: Fpga Resultsmentioning

confidence: 99%

“…This is particularly considered an issue for small and embedded systems where memory and processing power are a scarce resource. Nevertheless, it was shown that code-based cryptosystems such as the well-established proposals by McEliece and Niederreiter can significantly outperform classical asymmetric cryptosystems on embedded systems [13,16,20,32] -at the cost of very large keys (often more than 50 kByte). Therefore, current research is targeting alternative codes that allow more compact key representations but still preserve the security properties of the cryptosystem.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Heyse

Maurich

Güneysu

2013

Cryptographic Hardware and Embedded Systems - CHES 2013

View full text Add to dashboard Cite

Abstract. In the last years code-based cryptosystems were established as promising alternatives for asymmetric cryptography since they base their security on well-known NP-hard problems and still show decent performance on a wide range of computing platforms. The main drawback of code-based schemes, including the popular proposals by McEliece and Niederreiter, are the large keys whose size is inherently determined by the underlying code. In a very recent approach, Misoczki et al. proposed to use quasi-cyclic MDPC (QC-MDPC) codes that allow for a very compact key representation. In this work, we investigate novel implementations of the McEliece scheme using such QC-MDPC codes tailored for embedded devices, namely a Xilinx Virtex-6 FPGA and an 8-bit AVR microcontroller. In particular, we evaluate and improve different approaches to decode QC-MDPC codes. Besides competitive performance for encryption and decryption on the FPGA, we achieved a very compact implementation on the microcontroller using only 4,800 and 9,600 bits for the public and secret key at 80 bits of equivalent symmetric security.

show abstract

“…A McEliece co-processor was recently proposed for a Virtex5-LX110T FPGA [16]. Their design goal was to optimize the speed/area ratio while we aim for high performance.…”

Section: Fpga Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Heyse

Maurich

Güneysu

2013

Cryptographic Hardware and Embedded Systems - CHES 2013

View full text Add to dashboard Cite

show abstract

“…However, the private key size of Niederreiter scheme is a bottleneck in practice, and McEliece is one step ahead in that respect. There are few existing implementations available in the literature for computing McEliece cryptosystems with 80-bit and 103-bit security [4][5][6][7]. The only work [3] proposed a 128-bit secure McEliece cryptosystem, which has taken also into account the latest CCA2 security and the countermeasures against the state of the art sidechannel attacks on this scheme.…”

Section: Introductionmentioning

confidence: 99%

On the implementation of mceliece with CCA2 indeterminacy by SHA-3

Ghosh

2014

2014 IEEE International Symposium on Circuits and Systems (ISCAS)

Self Cite

View full text Add to dashboard Cite

This paper deals with the design and implementation of the post-quantum public-key algorithm McEliece. Seamless incorporation of a new error generator and new SHA-3 module provides higher indeterminacy and more randomization of the original McEliece algorithm and achieves CCA2 security standard. Due to the lightweight and high-speed implementation of SHA-3 module the proposed 128-bit secure McEliece architecture provides 6% higher performance in only 0.78 times area of the best known existing design.

show abstract

“…Indeed, the closest works on this subject are hardware implementations on generic Goppa codes [9] [10] [11] [12] which, albeit compatible with QD-Goppa codes, are unable to take full advantage of their specific structure. Aiming to assess these advantages of QD-Goppa codes over their generic counterparts, in this article we describe a flexible design and implementation of such codes for use in cryptographic schemes.…”

Section: Introductionmentioning

confidence: 99%

Scalable hardware implementation for Quasi-Dyadic Goppa encoder

Massolino

Margi

Barreto

et al. 2014

2014 IEEE 5th Latin American Symposium on Circuits and Systems

View full text Add to dashboard Cite

Error correcting codes are useful tools not only for increasing channel reliability in telecommunications systems, but also for the asymmetric encryption cryptographic schemes. Their operation consists basically in encoding messages into codewords for transmission; once received, these messages are decoded and the original message is recovered after the removal of all bit errors introduced either due to interferences in the medium or intentionally during the encryption process. Both encoding and decoding operations can be implemented as software libraries and/or hardware circuits, although the latter is sometimes preferable due to the higher throughput they provide. One particular type of error correcting code has particular interest in the field of cryptography: binary Quasi-Dyadic Goppa (QD-Goppa) codes, a subset of binary Goppa codes. Indeed, these codes were proposed as a replacement for generic binary Goppa codes in cryptographic applications, since their internal structure allows the optimization of execution time and storage requirements for public and private keys. Despite the interest of such codes, to the best of our knowledge the literature does not include hardware implementation and evaluation of such codes. Aiming to close this gap, in this paper we discuss our results when designing and simulating a scalable hardware architecture for the encoding operation of binary QD-Goppa codes. This architecture was described using VHDL and simulated in Synopsys tools for security levels of 80 to 256 bits, using a 90nm cell library. With this architecture, we obtained processing times from 95 ms to 12 μs and an area occupation from 850 GE to 42 kGE, which allow its utilization even in restricted-resource applications.

show abstract

A Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem

Cited by 25 publications

References 18 publications

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

On the implementation of mceliece with CCA2 indeterminacy by SHA-3

Scalable hardware implementation for Quasi-Dyadic Goppa encoder

Contact Info

Product

Resources

About