BLAKE-512-Based 128-Bit CCA2 Secure Timing Attack Resistant McEliece Cryptoprocessor

This paper presents a 128-bit CCA2-secure McEliece cryptoprocessor. The existing side-channel vulnerabilities in this regard are also taken care during the implementation of such a post-quantum immune code-based cryptosystem. In order to achieve CCA2 security on original McEliece algorithm, we incorporate a SHA-3 finalist, BLAKE-512 module into the architecture. A complete binary-XGCD algorithm for Goppa field is introduced. The final design on a Virtex-6 FPGA performs an encryption in 4.74 μs and a decryption in 0.92 ms. To the best of our knowledge, this is the first hardware design of McEliece with the above mentioned advanced security features which is also resistant against existing timing attacks.

[1]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[4]  Abdulhadi Shoufan,et al.  A Timing Attack against Patterson Algorithm in the McEliece PKC , 2009, ICISC.

[5]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[6]  Abdulhadi Shoufan,et al.  A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem , 2010, IEEE Transactions on Computers.

[7]  Elwyn R. Berlekamp,et al.  On the inherent intractability of certain coding problems (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[8]  Atul Luykx,et al.  Provable Security of BLAKE with Non-ideal Compression Function , 2012, Selected Areas in Cryptography.

[9]  Falko Strenzke A Smart Card Implementation of the McEliece PKC , 2010, WISTP.

[10]  Jeroen Delvaux,et al.  A Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem , 2012, 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors.

[11]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[12]  K. Huber NOTE ON DECODING BINARY GOPPA CODES , 1996 .

[13]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[14]  Morgan Barbier,et al.  Key reduction of McEliece's cryptosystem using list decoding , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[15]  Falko Strenzke A Timing Attack against the Secret Permutation in the McEliece PKC , 2010, PQCrypto.

[16]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[17]  Daniel J. Bernstein,et al.  Grover vs. McEliece , 2010, PQCrypto.

[18]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[19]  Roberto Maria Avanzi,et al.  Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems , 2011, Journal of Cryptographic Engineering.

[20]  Stefan Heyse,et al.  Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers , 2010, PQCrypto.

[21]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[22]  Christof Paar,et al.  Practical Power Analysis Attacks on Software Implementations of McEliece , 2010, PQCrypto.

[23]  Tim Güneysu,et al.  MicroEliece: McEliece for Embedded Devices , 2009, CHES.

[24]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[25]  Francisco Argüello Binary GCD algorithm for computing error locator polynomials in Reed-Solomon decoding , 2005 .

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Tim Güneysu,et al.  Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware , 2012, CHES.