Abstract
This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.
Chapter PDF
References
AFIPS conference proceedings, volume 32: 1968 Spring Joint Computer Conference, Reston, Virginia. Thompson Book Company (1968)
Ajtai, M., Komlós, J., Szemerédi, E.: An O(n log n) sorting network. In: STOC 1983 [38], pp. 1–9 (1983)
Batcher, K.E.: Sorting networks and their applications. In: [1], pp. 307–314 (1968)
Beneŝ, V.E.: Mathematical theory of connecting networks and telephone traffic. Academic Press (1965)
Berlekamp, E.R.: Algebraic coding theory. McGraw-Hill (1968)
Berlekamp, E.R.: Factoring polynomials over large finite fields. Mathematics of Computation 24, 713–715 (1970)
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: FSE 2005 [34], pp. 32–49 (2005)
Bernstein, D.J.: qhasm software package (2007), http://cr.yp.to/qhasm.html
Bernstein, D.J.: The Salsa20 family of stream ciphers. In: [59], pp. 84–97 (2008)
Bernstein, D.J.: Batch binary Edwards. In: Crypto 2009 [35], pp. 317–336 (2009)
Bernstein, D.J.: Simplified high-speed high-distance list decoding for alternant codes. In: PQCrypto 2011 [67], pp. 200–216 (2011)
Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-quantum cryptography. Springer (2009)
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed highsecurity signatures. In: CHES 2011 [57] (2011)
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems. accessed 10 June 2013 (2013), http://bench.cr.yp.to
Bernstein, D.J., Lange, T., Peters, C.: Attacking and defending the McEliece cryptosystem. In: PQCrypto 2008 [23], pp. 31–46 (2008)
Bernstein, D.J., Schwabe, P.: NEON crypto. In: CHES 2012 [58], pp. 320–339 (2012)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak and the SHA-3 standardization(2013), http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf
Biryukov, A., Gong, G., Stinson, D.R. (eds.): Selected areas in cryptography–7th international workshop, SAC 2010, Waterloo, Ontario, Canada, August 12-13, 2010, revised selected papers. LNCS, vol. 6544. Springer (2011)
Biswas, B., Sendrier, N.: McEliece cryptosystem implementation: theory and practice. In: [23], pp. 47–62 (2008)
Bordewijk, J.L.: Inter-reciprocity applied to electrical networks. Applied Scientific Research B: Electrophysics, Acoustics, Optics, Mathematical Methods 6, 1–74 (1956)
Borodin, A., Moenck, R.T.: Fast modular transforms. Journal of Computer and System Sciences 8, 366–386 (1974); older version, not a subset, in [48]. ISSN 0022-0000
Boyd, C. (ed.): Advances in cryptology–ASIACRYPT 2001, proceedings of the 7th international conference on the theory and application of cryptology and information security held on the Gold Coast, December 9-13, 2001. LNCS, vol. 2248. Springer (2001)
Buchmann, J., Ding, J. (eds.): Post-quantum cryptography, second international workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17-19, 2008, proceedings. LNCS, vol. 5299. Springer (2008)
Cantor, D.G.: On arithmetical algorithms over finite fields. Journal of Combinatorial Theory, Series A 50, 285–300 (1989)
Courtois, N., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Asiacrypt 2001 [22], pp. 157–174 (2001)
De Feo, L., Schost, É.: transalpyne: a language for automatic transposition (2010), http://www.prism.uvsq.fr/~dfl/talks/plmms-08-07-10.pdf
Engeler, E., Caviness, B.F., Lakshman, Y.N. (eds.): Proceedings of the 1996 international symposium on symbolic and algebraic computation, ISSAC ’96, Zurich, Switzerland, July 24-26, 1996. Association for Computing Machinery (1996)
Fiduccia, C.M.: On obtaining upper bounds on the complexity of matrix multiplication. In: [47], pp. 31–40 (1972)
Fiduccia, C.M.: On the algebraic complexity of matrix multiplication. Ph.D. thesis. Brown University (1973)
Finiasz, M.: Parallel-CFS–strengthening the CFS McEliece-based signature scheme. In: SAC 2010 [18], pp. 159–170 (2011)
Galbraith, S., Nandi, M. (eds.): Progress in cryptology–Indocrypt 2012–13th international conference on cryptology in India, Kolkata, India, December 9-12, 2012, proceedings. LNCS, vol. 7668. Springer (2012)
Gao, S., Mateer, T.: Additive fast Fourier transforms over finite fields. IEEE Transactions on Information Theory 56, 6265–6272 (2010)
von zur Gathen, J., Gerhard, J.: Arithmetic and factorization of polynomials over F2 (extended abstract). In: ISSAC ’96 [27], pp. 1–9 (1996)
Gilbert, H., Handschuh, H. (eds.): Fast software encryption: 12th international workshop, FSE 2005, Paris, France, February 21-23, 2005, revised selected papers. LNCS, vol. 3557. Springer (2005)
Halevi, S. (ed.): Advances in cryptology–CRYPTO 2009, 29th annual international cryptology conference, Santa Barbara, CA, USA, August 16-20, 2009, proceedings. LNCS, vol. 5677. Springer (2009)
Hermans, J., Vercauteren, F., Preneel, B.: Speed records for NTRU. In: CT-RSA 2010 [55], pp. 73–88 (2010)
Heyse, S., Güneysu, T.: Towards one cycle per bit asymmetric encryption: codebased cryptography on reconfigurable hardware. In: CHES 2012 [58], pp. 340–355 (2012)
Johnson, D.S., Fagin, R., Fredman, M.L., Harel, D., Karp, R.M., Lynch, N.A.,Papadimitriou, C.H., Rivest, R.L., Ruzzo, W.L., Seiferas, J.I. (eds.): Proceedings of the 15th annual ACM symposium on theory of computing, 25-27 April, 1983,Boston Massachusetts, USA. Association for Computing Machinery (1983)
Karp, R.M. (chairman): 13th annual symposium on switching and automata theory.IEEE Computer Society (1972)
Kim, K. (ed.): Public key cryptography: proceedings of the 4th internationalworkshop on practice and theory in public key cryptosystems (PKC 2001) held on Cheju Island, February 13-15, 2001. LNCS, vol. 1992. Springer (2001)
Knuth, D.E.: The art of computer programming, volume 2: seminumerical algorithms,3rd edn. Addison-Wesley (1997)
Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems–conversions for McEliece PKC. In: PKC 2001 [40], pp. 19–35 (2001)
Landais, G., Sendrier, N.: CFS software implementation (2012); see also newer version [44]
Landais, G., Sendrier, N.: Implementing CFS. In: Indocrypt 2012 [31], pp. 474–488 (2012); see also older version [43]
Lupanov, O.B.: On rectifier and contact-rectifier circuits. Doklady Akademii Nauk SSSR 111, 1171–1174 (1956). ISSN 0002-3264
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. JPLDSN Progress Report, pp. 114–116 (1978)
Miller, R.E., Thatcher, J.W. (eds.): Complexity of computer computations.Plenum Press(1972)
Moenck, R.T., Borodin, A.: Fast modular transforms via division. In: [39], pp.90–96 (1972); newer version, not a superset, in [21]
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Problemsof Control and Information Theory 15, 159–166 (1986)
Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Two is the fastest prime (2013), http://eprint.iacr.org/2013/131
Overbeck, R., Sendrier, N.: Code-based cryptography. In: [12], pp. 95–145 (2009)
Patterson, N.J.: The algebraic decoding of Goppa codes. IEEE Transactions on Information Theory 21, 203–207 (1975)
Persichetti, E.: Improving the efficiency of code-based cryptography. Ph.D. thesis.University of Auckland (2012)
Peters, C.: Information-set decoding for linear codes over Fq. In: PQCrypto 2010 [60], pp. 81–94 (2010)
Pieprzyk, J. (ed.): Topics in cryptology–CT-RSA 2010, the cryptographers’ track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010, proceedings. LNCS, vol. 5985. Springer (2010)
Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.): Cryptology and network security–11th international conference, CANS 2012, Darmstadt, Germany, December12-14, 2012, proceedings. LNCS, vol. 7712. Springer (2012)
Preneel, B., Takagi, T. (eds.): Cryptographic hardware and embedded systems–CHES 2011, 13th international workshop, Nara, Japan, September 28-October1, 2011, proceedings. LNCS. Springer (2011)
[58] Prouff, E., Schaumont, P. (eds.): Cryptographic hardware and embeddedsystems–CHES 2012–14th international workshop, Leuven, Belgium, September9-12, 2012, proceedings. LNCS, vol. 7428. Springer (2012)
Robshaw, M., Billet, O. (eds.): New stream cipher designs. LNCS, vol. 4986.Springer (2008)
Sendrier, N. (ed.): Post-quantum cryptography, third international workshop,PQCrypto, Darmstadt, Germany, May 25-28, 2010. LNCS, vol. 6061. Springer(2010)
Shell, D.L.: A high-speed sorting procedure. Communications of the ACM 2, 30–32 (1959)
Shoup, V.: A proposal for an ISO standard for public key encryption (version 2.1)(2001), http://www.shoup.net/papers
Strenzke, F.: A timing attack against the secret permutation in the McEliece PKC. In: PQCrypto 2010 [60], pp. 95–107 (2010)
Strenzke, F.: Timing attacks against the syndrome inversion in code-based cryptosystems (2011), http://eprint.iacr.org/2011/683.pdf
Strenzke, F.: Fast and secure root finding for code-based cryptosystems. In: CANS 2012 [56], pp. 232–246 (2012)
Wang, Y., Zhu, X.: A fast algorithm for Fourier transform over finite fields andits VLSI implementation. IEEE Journal on Selected Areas in Communications 6, 572–577 (1988)
Yang, B.-Y. (ed.): Post-quantum cryptography, fourth international workshop,PQCrypto, Taipei, Taiwan, November 29-December 02, 2011. LNCS, vol. 7071.Springer (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 International Association for Cryptologic Research
About this paper
Cite this paper
Bernstein, D.J., Chou, T., Schwabe, P. (2013). McBits: Fast Constant-Time Code-Based Cryptography. In: Bertoni, G., Coron, JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40349-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-40349-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40348-4
Online ISBN: 978-3-642-40349-1
eBook Packages: Computer ScienceComputer Science (R0)