MicroEliece: McEliece for Embedded Devices

Most advanced security systems rely on public-key schemes based either on the factorization or the discrete logarithm problem. Since both problems are known to be closely related, a major breakthrough in cryptanalysis tackling one of those problems could render a large set of cryptosystems completely useless. The McEliece public-key scheme is based on the alternative security assumption that decoding unknown linear binary codes is NP-complete. In this work, we investigate the efficient implementation of the McEliece scheme on embedded systems what was --- up to date --- considered a challenge due to the required storage of its large keys. To the best of our knowledge, this is the first time that the McEliece encryption scheme is implemented on a low-cost 8-bit AVR microprocessor and a Xilinx Spartan-3AN FPGA.

[1]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[2]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[3]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[4]  Joos Vandewalle,et al.  A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM , 1992 .

[5]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[6]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[7]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[8]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[9]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[10]  Christof Paar,et al.  Comparison of innovative signature algorithms for WSNs , 2008, WiSec '08.

[11]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[12]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[13]  Elwyn R. Berlekamp,et al.  Goppa Codes , 2022 .

[14]  Maureen Smerdon Security Solutions Using Spartan-3 Generation FPGAs , 2008 .

[15]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[16]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[17]  Daniel J. Bernstein List Decoding for Binary Goppa Codes , 2011, IWCC.

[18]  Arnaud Tisserand,et al.  FPGA Implementation of a Recently Published Signature Scheme , 2004 .

[19]  Christian Rechberger,et al.  ECRYPT Yearly Report on Algorithms and Keysizes (2007-2008) , 2008 .

[20]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[21]  Joseph H. Silverman,et al.  NTRU in Constrained Devices , 2001, CHES.

[22]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[23]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[24]  K. Huber NOTE ON DECODING BINARY GOPPA CODES , 1996 .

[25]  Tim Güneysu,et al.  Special-Purpose Hardware for Solving the Elliptic Curve Discrete Logarithm Problem , 2008, TRETS.

[26]  Andrey Bogdanov,et al.  Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? , 2008, IACR Cryptol. ePrint Arch..

[27]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[28]  Masao Kasahara,et al.  A Method for Solving Key Equation for Decoding Goppa Codes , 1975, Inf. Control..

[29]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.