Efficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes

  • Pierre-Louis Cayrel
  • Gerhard Hoffmann
  • Edoardo Persichetti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7293)


In this paper we present efficient implementations of McEliece variants using quasi-dyadic codes. We provide secure parameters for a classical McEliece encryption scheme based on quasi-dyadic generalized Srivastava codes, and successively convert our scheme to a CCA2-secure protocol in the random oracle model applying the Fujisaki-Okamoto transform. In contrast with all other CCA2-secure code-based cryptosystems that work in the random oracle model, our conversion does not require a constant weight encoding function. We present results for both 128-bit and 80-bit security level, and for the latter we also feature an implementation for an embedded device.


Encryption Scheme Linear Code Random Oracle Model Embed Device Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Atmel Corporation, “AVR Studio 5.0”,
  2. 2.
    Barreto, P.S.L.M., Cayrel, P.-L., Misoczki, R., Niebuhr, R.: Quasi-Dyadic CFS Signatures. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 336–349. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Barreto, P.S.L.M., Misoczki, R., Villas Boas, L.B.: SBCRYPT - Syndrome-Based Cryptography LibraryGoogle Scholar
  4. 4.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing Key Length of the McEliece Cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Berger, T.P., Loidreau, P.: How to mask the structure of codes for a cryptographic use. Design, Codes and Cryptography 35, 63–79 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Berlekamp, E.R.: Factoring polynomials over finite fields. Bell System Technical Journal 46, 1853–1859 (1967)MathSciNetGoogle Scholar
  7. 7.
    Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24, 384–386 (1978)zbMATHCrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Bernstein, D.J., Lange, T., Peters, C., van Tilborg, H.C.A.: Explicit bounds for generic decoding algorithms for code-based cryptography. In: Pre-proceedings of WCC 2009, pp. 168–180 (2009)Google Scholar
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak sponge function family,
  11. 11.
    Biswas, B., Sendrier, N.: McEliece Cryptosystem Implementation: Theory and Practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47–62. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Dowsley, R., Müller-Quade, J., Nascimento, A.C.A.: A CCA2 Secure Public Key Encryption Scheme Based on the McEliece Assumptions in the Standard Model. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 240–251. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic Cryptanalysis of McEliece Variants with Compact Keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Faugère, J.C., Otmani, A., Perret, L., Tillich, J.P.: Algebraic Cryptanalysis of Compact McEliece’s Variants - Toward a Complexity Analysis. In: International Conference on Symbolic Computation and Cryptography, SCC 2010, pp. 45–56 (2010)Google Scholar
  16. 16.
    Fleischmann, E., Forler, C., Gorski, M.: Classification of the SHA-3 Candidates,
  17. 17.
    Fujisaki, E., Okamoto, T.: Secure Integration of Asymmetric and Symmetric Encryption Schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Heyse, S.: Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 165–181. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Heyse, S.: Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Kobara, K., Imai, H.: Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    MacWilliams, F.J., Sloane, N.J.: The theory of error-correcting codes. North Holland, Amsterdam (1977)zbMATHGoogle Scholar
  22. 22.
    Mandell Freeman, D., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More Constructions of Lossy and Correlation-Secure Trapdoor Functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    McEliece, R.J.: A Public-Key System Based on Algebraic Coding Theory. In: DSN Progress Report 44, pp. 114–116. Jet Propulsion Lab (1978)Google Scholar
  24. 24.
    Micciancio, D.: Improving Lattice Based Cryptosystems Using the Hermite Normal Form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece Keys from Goppa Codes. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Niederreiter, H.: A Public-Key Cryptosystem Based on Shift Register Sequences. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 35–39. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  27. 27.
    Persichetti, E.: Compact McEliece keys based on Quasi-Dyadic Srivastava codes. IACR Cryptology ePrint Archive, (2011) (preprint) Google Scholar
  28. 28.
    Peters, C.: Information-Set Decoding for Linear Codes over \({\mathbb F}_q\). In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 81–94. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: A software implementation of the McEliece public-key cryptosystem. In: Proceedings of the 13th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatieen Communicatietheorie, pp. 119–126. Springer (1992)Google Scholar
  30. 30.
    Prometheus. Implementation of McEliece cryptosystem for 32-bit microprocessors (c-source),
  31. 31.
    Schechter, S.: On the inversion of certain matrices. Mathematical Tables and Other Aids to Computation 13(66), 73–77 (1959)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Sendrier, N.: Encoding information into constant weight words. In: IEEE Conference, ISIT 2005, pp. 435–438 (September 2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Pierre-Louis Cayrel
    • 1
  • Gerhard Hoffmann
    • 2
  • Edoardo Persichetti
    • 3
  1. 1.Université Jean MonnetSaint-EtienneFrance
  2. 2.Technische Universität DarmstadtGermany
  3. 3.University of AucklandNew Zealand

Personalised recommendations