Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers

  • Stefan Heyse
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6061)


Most modern security systems rely on public-key schemes based either on the factorization or the discrete logarithm problem. Since both problems are known to be closely related, a major breakthrough in cryptanalysis affecting one of those problems could render a large set of cryptosystems completely useless. Coding based public-key schemes are based on the alternative security assumption that decoding unknown linear binary codes is NP-complete. There exist two basic schemes of this type, namely McEliece and the Niederreiter variant, whereas the security of both schemes are equivalent. The latter has the advantage of smaller public keys, but the disadvantage of a computationally expensive mapping, which slows down encryption and decryption.

In this work, we investigate the efficient implementation of the Niederreiter scheme on very constrained micro controllers. We adopt existing algorithms to the limited abilities of the target platform and finally compare the implementation to widely used schemes and also to other alternative public schemes.


Embed System Flash Memory Security Parameter Parity Check Matrix Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berlekamp, E.R.: Goppa Codes. IEEE Trans. on Information Theory 19(3), 590–592 (1973)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems. IEEE Trans. Information Theory 24(3), 384–386 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Bernstein, D.J.: List decoding for binary codes. Technical report, University of Illinois at Chicago (2008),
  4. 4.
    Bernstein, D.J., Lange, T.: ebacs: Ecrypt benchmarking of cryptographic systems (February 17, 2009),
  5. 5.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008), CrossRefGoogle Scholar
  6. 6.
    Biswas, B., Herbert, V.: Efficient Root Finding of Polynomials over Fields of Characteristic 2. In: WEWoRC 2009. LNCS. Springer, Heidelberg (2009) (to appear)Google Scholar
  7. 7.
    Biswas, B., Sendrier, N.: Mceliece crypto-system: A reference implementation,
  8. 8.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Chien, R.T.: Cyclic decoding procedure for the bose-chaudhuri-hocquenghem codes. IEEE Trans. Information Theory IT-10(10), 357–363 (1964)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Corp, A.: 8-bit xmega a microcontroller. User Guide (February 2009),
  11. 11.
    Cover, T.: Enumerative source encoding 19(1), 73–77 (1973)Google Scholar
  12. 12.
    Driessen, B., Poschmann, A., Paar, C.: Comparison of Innovative Signature Algorithms for WSNs. In: Proceedings of ACM WiSec 2008. ACM, New York (2008)Google Scholar
  13. 13.
    ECRYPT. Yearly report on algorithms and keysizes (2007-2008). Technical report, D.SPA.28 Rev. 1.1 (July 2008),
  14. 14.
    Eisenbarth, T., Gneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Fischer, J.-B., Stern, J.: An Efficient Pseudo-Random Generator Provably As Secure As Syndrome Decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Freenet and Entropy. Open-source p2p network applications (2009),,
  17. 17.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and rsa on 8-bit cpus. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Horner, W.G.: A new method of solving numerical equations of all orders, by continuous approximation. Philosophical Transactions of the Royal Society of London, 308–335 (1819)Google Scholar
  19. 19.
    Huber, K.: Note on decoding binary goppa codes. Electronics Letters 32, 102–103 (1996)CrossRefGoogle Scholar
  20. 20.
    Kocher, P.C.: Timing Attacks On Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smartcards. Springer, Heidelberg (2007)Google Scholar
  22. 22.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 44, 114–116 (1978)Google Scholar
  23. 23.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, New York (1996)Google Scholar
  24. 24.
    Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory 15, 159–166 (1986)zbMATHMathSciNetGoogle Scholar
  25. 25.
    Patterson, N.: The Algebraic Decoding of Goppa Codes. IEEE Transactions on Information Theory 21, 203–207 (1975)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: A Software Implementation of the McEliece Public-Key Cryptosystem. In: Proceedings of the 13th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatie en Communicatietheorie, pp. 119–126. Springer, Heidelberg (1992)Google Scholar
  27. 27.
    Prometheus. Implementation of McEliece Cryptosystem for 32-bit microprocessors, c-source (2009),
  28. 28.
    Sendrier, N.: Efficient generation of binary words of given weight. In: Boyd, C. (ed.) Cryptography and Coding 1995. LNCS, vol. 1025, pp. 184–187. Springer, Heidelberg (1995)Google Scholar
  29. 29.
    Sendrier, N.: Encoding information into constant weight words. In: Proc. International Symposium on Information Theory ISIT 2005, September 4-9, pp. 435–438 (2005)Google Scholar
  30. 30.
    Strenzke, F., Tews, E., Molter, H., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: A Method for Solving Key Equation for Decoding Goppa Codes. IEEE Transactions on Information and Control 27, 87–99 (1975)zbMATHMathSciNetGoogle Scholar
  32. 32.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: An erasures-and-errors decoding algorithm for goppa codes (corresp.). IEEE Transactions on Information Theory 22, 238–241 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  33. 33.
    Turley, J.: The two percent solution (December 2002),
  34. 34.
    van Tilborg, H.C.: Fundamentals of Cryptology. Kluwer Academic Publishers, Dordrecht (2000)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Stefan Heyse
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumBochumGermany

Personalised recommendations