MicroEliece: McEliece for Embedded Devices

  • Thomas Eisenbarth
  • Tim Güneysu
  • Stefan Heyse
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)


Most advanced security systems rely on public-key schemes based either on the factorization or the discrete logarithm problem. Since both problems are known to be closely related, a major breakthrough in cryptanalysis tackling one of those problems could render a large set of cryptosystems completely useless. The McEliece public-key scheme is based on the alternative security assumption that decoding unknown linear binary codes is NP-complete. In this work, we investigate the efficient implementation of the McEliece scheme on embedded systems what was – up to date – considered a challenge due to the required storage of its large keys. To the best of our knowledge, this is the first time that the McEliece encryption scheme is implemented on a low-cost 8-bit AVR microprocessor and a Xilinx Spartan-3AN FPGA.


Embed System Flash Memory Security Parameter Discrete Logarithm Problem Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    ECRYPT. Yearly Report on Algorithms and Keysizes (2007-2008). Technical report, D.SPA.28 Rev. 1.1, IST-2002-507932 ECRYPT (July 2008)Google Scholar
  2. 2.
    Atmel Corp. 8-bit XMEGA A Microcontroller. User Guide (February 2009),
  3. 3.
    Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Berlekamp, E.R.: Goppa codes. IEEE Trans. Information Theory IT-19(3), 590–592 (1973)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems. IEEE Trans. Information Theory 24(3), 384–386 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Bernstein, D.J.: List Decoding for Binary Goppa Codes. Technical report (2008),
  7. 7.
    Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems, February 17 (2009),
  8. 8.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Beuchat, J.-L., Sendrier, N., Tisserand, A., Villard, G.: FPGA Implementation of a Recently Published Signature Scheme. Technical report, INRIA - Institut National de Recherche en Informatique et en Automatique (2004),
  10. 10.
    Biswas, B., Sendrier, N.: McEliece crypto-system: A reference implementation,
  11. 11.
    Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves? In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 45–61. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Driessen, B., Poschmann, A., Paar, C.: Comparison of Innovative Signature Algorithms for WSNs. In: Proceedings of ACM WiSec 2008. ACM, New York (2008)Google Scholar
  14. 14.
    Engelbert, D., Overbeck, R., Schmidt, A.: A summary of mceliece-type cryptosystems and their security (2007)Google Scholar
  15. 15.
    Freenet and Entropy. Open-Source P2P Network Applications (2009), and
  16. 16.
    Güneysu, T., Paar, C., Pelzl, J.: Special-Purpose Hardware for Solving the Elliptic Curve Discrete Logarithm Problem. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 1(2), 1–21 (2008)CrossRefGoogle Scholar
  17. 17.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 925–943. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Helion Technology Inc. Modular Exponentiation Core Family for Xilinx FPGA. Data Sheet (October 2008),
  19. 19.
    Huber, K.: Note on decoding binary Goppa codes. Electronics Letters 32, 102–103 (1996)CrossRefGoogle Scholar
  20. 20.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smartcards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  22. 22.
    McEliece, R.J.: A Public-Key Cryptosystem Based On Algebraic Coding Theory. Deep Space Network Progress Report 44, 114–116 (1978)Google Scholar
  23. 23.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, New York (1996)CrossRefzbMATHGoogle Scholar
  24. 24.
    Patterson, N.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21, 203–207 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: A Software Implementation of the McEliece Public-Key Cryptosystem. In: Proceedings of the 13th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatie en Communicatietheorie, pp. 119–126. Springer, Heidelberg (1992)Google Scholar
  26. 26.
    Prometheus. Implementation of McEliece Cryptosystem for 32-bit microprocessors (c-source) (2009),
  27. 27.
    Smerdon, M.: Security Solutions Using Spartan-3 Generation FPGAs. Whitepaper (April 2008),
  28. 28.
    Strenzke, F., Tews, E., Molter, H., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A Method for Solving Key Equation for Decoding Goppa Codes. IEEE Transactions on Information and Control 27, 87–99 (1975)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Thomas Eisenbarth
    • 1
  • Tim Güneysu
    • 1
  • Stefan Heyse
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumBochumGermany

Personalised recommendations