Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware

  • Stefan Heyse
  • Tim Güneysu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7428)


Most advanced security systems rely on public-key schemes based either on the factorization or the discrete logarithm problem. Since both problems are known to be closely related, a major breakthrough in cryptanalysis tackling one of those problems could render a large set of cryptosystems completely useless.

Code-based public-key schemes are based on the alternative security assumption that decoding generic linear binary codes is NP-complete. In the past, most researchers focused on the McEliece cryptosystem, neglecting the fact that the scheme by Niederreiter has some important advantages. Smaller keys, more practical plain and ciphertext sizes and less computations. In this work we describe a novel FPGA implementation of the Niederreiter scheme, showing that its advantages can result a very efficient design for an asymmetric cryptosystem that can encrypt more than 1.5 million plaintexts per seconds on a Xilinx Virtex-6 FPGA, outperforming all other popular public key cryptosystems by far.


Parity Check Matrix Discrete Logarithm Problem Elliptic Curve Discrete Logarithm Problem Goppa Code Asymmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in Constrained Devices. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing Key Length of the McEliece Cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Berlekamp, E.R.: Goppa codes. IEEE Trans. Information Theory IT-19(3), 590–592 (1973)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J., Lange, T.: ebacs: Ecrypt benchmarking of cryptographic systems (February 17, 2009),
  5. 5.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Biswas, B., Herbert, V.: Efficient root finding of polynomials over fields of characteristic 2. In: WEWoRC 2009, July 7-9 (2009)Google Scholar
  7. 7.
    Biswas, B., Sendrier, N.: McEliece crypto-system: A reference implementation,
  8. 8.
    Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-Area Optimized Public-Key Engines: \(\mathcal{MQ}\)-Cryptosystems as Replacement for Elliptic Curves? In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 45–61. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Chang, K.: I.B.M. Researchers Inch Toward Quantum Computer. New York Times Article (February 28, 2012),
  10. 10.
    Chien, R.: Cyclic decoding procedure for the bose-chaudhuri-hocquenghem codes. IEEE Trans. Information Theory IT-10(10), 357–363 (1964)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Cover, T.: Enumerative source encoding 19(1), 73–77 (1973)Google Scholar
  12. 12.
    Dinh, H., Moore, C., Russell, A.: McEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 761–779. Springer, Heidelberg (2011)Google Scholar
  13. 13.
    ECRYPT. Yearly report on algorithms and keysizes (2007-2008). Technical report, D.SPA.28 Rev. 1.1 (July 2008),
  14. 14.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Faugere, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of mceliece variants with compact keys (2009)Google Scholar
  16. 16.
    Fischer, J.-B., Stern, J.: An Efficient Pseudo-random Generator Provably as Secure as Syndrome Decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Güneysu, T., Paar, C., Pelzl, J.: Special-purpose hardware for solving the elliptic curve discrete logarithm problem. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 1(2), 1–21 (2008)CrossRefGoogle Scholar
  18. 18.
    Helion Technology Inc. Modular Exponentiation Core Family for Xilinx FPGA. Data Sheet (October 2008),
  19. 19.
    Heyse, S.: Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 165–181. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Heyse, S.: Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Heyse, S., Moradi, A., Paar, C.: Practical Power Analysis Attacks on Software Implementations of McEliece. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 108–125. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Horner, W.G.: A new method of solving numerical equations of all orders, by continuous approximation. Philosophical Transactions of the Royal Society of London 109, 308–335 (1819)Google Scholar
  23. 23.
    Huber, K.: Note on decoding binary Goppa codes. Electronics Letters 32, 102–103 (1996)CrossRefGoogle Scholar
  24. 24.
    Kobara, K., Imai, H.: Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    McEliece, R.J.: A Public-Key Cryptosystem Based On Algebraic Coding Theory. Deep Space Network Progress Report 44, 114–116 (1978)Google Scholar
  26. 26.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece Keys from Goppa Codes. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Molter, H., Stöttinger, M., Shoufan, A., Strenzke, F.: A simple power analysis attack on a McEliece cryptoprocessor. Journal of Cryptographic Engineering 1, 29–36 (2011), doi:10.1007/s13389-011-0001-3CrossRefGoogle Scholar
  28. 28.
    Moradi, A., Kasper, M., Paar, C.: Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 1–18. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  29. 29.
    Niederreiter, H.: Knapsack-Type Cryptosystems and Algebraic Coding Theory. Problems of Control and Information Theory 15, 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  30. 30.
    Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the McEliece cryptosystem without random oracles. Des. Codes Cryptography 49(1-3), 289–305 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  31. 31.
    Patterson, N.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21, 203–207 (1975)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Persichetti, E.: Compact McEliece keys based on quasi-dyadic srivastava codes. Cryptology ePrint Archive, Report 2011/179 (2011),
  33. 33.
    Cayrel, P.-L.: Code-based cryptosystems: implementations,
  34. 34.
    Sendrier, N.: Efficient Generation of Binary Words of Given Weight. In: Boyd, C. (ed.) Cryptography and Coding 1995. LNCS, vol. 1025, pp. 184–187. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  35. 35.
    Sendrier, N.: Encoding information into constant weight words. In: Proc. International Symposium on Information Theory, ISIT 2005, September 4-9, pp. 435–438 (2005)Google Scholar
  36. 36.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  37. 37.
    Shoufan, A., Strenzke, F., Gregor Molter, H., Stöttinger, M.: A Timing Attack against Patterson Algorithm in the McEliece PKC. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 161–175. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  38. 38.
    Shoufan, A., Wink, T., Molter, H.G., Huss, S.A., Strenzke, F.: A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms. In: 20th IEEE International Conference on Application-specific Systems, Architectures and Processors (July 2009)Google Scholar
  39. 39.
    Strenzke, F.: A Timing Attack against the Secret Permutation in the McEliece PKC. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 95–107. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  40. 40.
    Strenzke, F., Tews, E., Gregor Molter, H., Overbeck, R., Shoufan, A.: Side Channels in the McEliece PKC. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  41. 41.
    Sugiyama, Y., Kasahara, M., Hirasawa, S., Namekawa, T.: An erasures-and-errors decoding algorithm for goppa codes (corresp.). IEEE Transactions on Information Theory 22, 238–241 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  42. 42.
    van Tilborg, H.C.: Fundamentals of Cryptology. Kluwer Academic Publishers (2000)Google Scholar
  43. 43.
    Xilinx Inc. Advanced Security Schemes for Spartan-3A/3AN/3A DSP FPGAs,
  44. 44.
    Xilinx Inc. Data Sheets and Product Information for Xilinx Spartan and Virtex FPGAs,

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Stefan Heyse
    • 1
  • Tim Güneysu
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations