A Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem

This paper describes the systematic design methods of an embedded co-processor for a post quantum secure McEliece cryptosystem. A hardware/software co-design has been targeted for the realization of McEliece in practice on low-cost embedded platforms. Design optimizations take place when choosing system parameters, algorithm transformations, architecture choices, and arithmetic primitives. The final architecture consists of an 8-bit PicoBlaze softcore for flexibility and several parallel acceleration units for throughput optimization. A prototype of the co-processor is implemented on a Spartan-3an xc3s1400an FPGA, using less than 30% of its resources. On this FPGA, one McEliece decryption of an 80-bit security level takes less than 100K clock cycles corresponding to only 1 ms at a clock frequency of 92 MHz. This is 10 times faster and 3.8 times smaller than the existing design.

[1]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[2]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[3]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[4]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[5]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[6]  Francisco Rodríguez-Henríquez,et al.  Cryptographic Algorithms on Reconfigurable Hardware (Signals and Communication Technology) , 2006 .

[7]  Abdulhadi Shoufan,et al.  A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem , 2010, IEEE Transactions on Computers.

[8]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[9]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[10]  Robert T. Chien,et al.  Cyclic decoding procedures for Bose- Chaudhuri-Hocquenghem codes , 1964, IEEE Trans. Inf. Theory.

[11]  Guillermo Morales-Luna,et al.  Low-Complexity Bit-Parallel Square Root Computation over GF(2^{m}) for All Trinomials , 2008, IEEE Transactions on Computers.

[12]  W. G. Horner,et al.  A new method of solving numerical equations of all orders, by continuous approximation , 1815 .

[13]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Huapeng Wu,et al.  Bit-Parallel Polynomial Basis Multiplier for New Classes of Finite Fields , 2008, IEEE Transactions on Computers.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Tim Güneysu,et al.  Special-Purpose Hardware for Solving the Elliptic Curve Discrete Logarithm Problem , 2008, TRETS.

[18]  Tim Güneysu,et al.  MicroEliece: McEliece for Embedded Devices , 2009, CHES.