论文信息 - Lightweight Key Encapsulation Using LDPC Codes on FPGAs

Lightweight Key Encapsulation Using LDPC Codes on FPGAs

In this paper, we present a lightweight hardware design for a recently proposed quantum-safe key encapsulation mechanism based on QC-LDPC codes called LEDAkem, which has been admitted as a round-2 candidate to the NIST post-quantum standardization project. Existing implementations focus on high speed while few of them take into account area or power efficiency, which are particularly decisive for low-cost or power constrained IoT applications. The solution we propose aims at maximizing the metric of area efficiency by rotating the QC-LDPC code representations amongst the block RAMs in digit level. Moreover, optimized parallelized computing techniques, lazy accumulation and block partition are exploited to improve key decapsulation in terms of area and timing efficiency. We show for instance that our area-optimized implementation for 128-bit security requires <inline-formula><tex-math notation="LaTeX">$6.82\times 10^5$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>6</mml:mn><mml:mo>.</mml:mo><mml:mn>82</mml:mn><mml:mo>×</mml:mo><mml:msup><mml:mn>10</mml:mn><mml:mn>5</mml:mn></mml:msup></mml:mrow></mml:math><inline-graphic xlink:href="hu-ieq1-2948323.gif"/></alternatives></inline-formula> cycles and <inline-formula><tex-math notation="LaTeX">$2.26\times 10^6$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>2</mml:mn><mml:mo>.</mml:mo><mml:mn>26</mml:mn><mml:mo>×</mml:mo><mml:msup><mml:mn>10</mml:mn><mml:mn>6</mml:mn></mml:msup></mml:mrow></mml:math><inline-graphic xlink:href="hu-ieq2-2948323.gif"/></alternatives></inline-formula> cycles to encapsulate and decapsulate a shared secret, respectively. The area-optimized design uses only 39 slices (3 percent of the available logic) and 809 slices (39 percent of the available logic) for key encapsulation and key decapsulation respectively, on a small-size low-end Xilinx Spartan-6 FPGA.

[1] Paulo S. L. M. Barreto,et al. Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[2] Marco Baldi,et al. Analysis of reaction and timing attacks against cryptosystems based on sparse parity-check codes , 2019, CBC.

[3] Paulo S. L. M. Barreto,et al. Optimized and Scalable Co-Processor for McEliece with Binary Goppa Codes , 2015, ACM Trans. Embed. Comput. Syst..

[4] Thomas Johansson,et al. A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors , 2016, ASIACRYPT.

[5] Jeroen Delvaux,et al. A Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem , 2012, 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors.

[6] Tim Güneysu,et al. MicroEliece: McEliece for Embedded Devices , 2009, CHES.

[7] Thomas Johansson,et al. A New Version of McEliece PKC Based on Convolutional Codes , 2012, ICICS.

[8] Alexander Nilsson,et al. Error Amplification in Code-based Cryptography , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[9] Tim Güneysu,et al. Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware , 2012, CHES.

[10] Ayoub Otmani,et al. Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes , 2008, Math. Comput. Sci..

[11] J. Rosenthal,et al. Using low density parity check codes in the McEliece cryptosystem , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[12] Robert H. Deng,et al. On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[13] Abdulhadi Shoufan,et al. A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem , 2010, IEEE Transactions on Computers.

[14] Paulo S. L. M. Barreto,et al. CAKE: Code-Based Algorithm for Key Encapsulation , 2017, IMACC.

[15] Ayoub Otmani,et al. Polynomial-time key recovery attack on the Faure–Loidreau scheme based on Gabidulin codes , 2018, Des. Codes Cryptogr..

[16] Ray C. C. Cheung,et al. Toward Practical Code-Based Signature: Implementing Fast and Compact QC-LDGM Signature Scheme on Embedded Hardware , 2017, IEEE Transactions on Circuits and Systems I: Regular Papers.

[17] Tim Güneysu,et al. Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[18] Paulo S. L. M. Barreto,et al. MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[19] Daniel J. Bernstein,et al. conservative code-based cryptography , 2017 .

[20] Daniel Smith-Tone,et al. Report on Post-Quantum Cryptography , 2016 .

[21] Jakub Szefer,et al. FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes , 2018, IACR Cryptol. ePrint Arch..

[22] Joachim Rosenthal,et al. Enhanced Public Key Security for the McEliece Cryptosystem , 2014, Journal of Cryptology.

[23] Pavol Zajac,et al. A Reaction Attack on the QC-LDPC McEliece Cryptosystem , 2017, PQCrypto.

[24] Pierre Loidreau,et al. A New Rank Metric Codes Based Encryption Scheme , 2017, PQCrypto.

[25] Marco Baldi,et al. Optimization of the parity-check matrix density in QC-LDPC code-based McEliece cryptosystems , 2013, 2013 IEEE International Conference on Communications Workshops (ICC).

[26] Marco Baldi,et al. A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes , 2008, SCN.

[27] Jakub Szefer,et al. FPGA-based Key Generator for the Niederreiter Cryptosystem Using Binary Goppa Codes , 2017, CHES.

[28] Tim Güneysu,et al. Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[29] Alessandro Barenghi,et al. LEDAkem: a post-quantum key encapsulation mechanism based on QC-LDPC codes , 2018, PQCrypto.

[30] Alessandro Barenghi,et al. LEDAcrypt: Low-dEnsity parity-check coDe-bAsed cryptographic systems , 2019 .

[31] Peter W. Shor,et al. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[32] Ray C. C. Cheung,et al. Area-Time Efficient Computation of Niederreiter Encryption on QC-MDPC Codes for Embedded Hardware , 2017, IEEE Transactions on Computers.