Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8086)


In the last years code-based cryptosystems were established as promising alternatives for asymmetric cryptography since they base their security on well-known NP-hard problems and still show decent performance on a wide range of computing platforms. The main drawback of code-based schemes, including the popular proposals by McEliece and Niederreiter, are the large keys whose size is inherently determined by the underlying code. In a very recent approach, Misoczki et al. proposed to use quasi-cyclic MDPC (QC-MDPC) codes that allow for a very compact key representation. In this work, we investigate novel implementations of the McEliece scheme using such QC-MDPC codes tailored for embedded devices, namely a Xilinx Virtex-6 FPGA and an 8-bit AVR microcontroller. In particular, we evaluate and improve different approaches to decode QC-MDPC codes. Besides competitive performance for encryption and decryption on the FPGA, we achieved a very compact implementation on the microcontroller using only 4,800 and 9,600 bits for the public and secret key at 80 bits of equivalent symmetric security.


MDPC LDPC FPGA microcontroller McEliece code-based public key cryptography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baldi, M., Bodrato, M., Chiaraluce, F.: A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes. In: Ostrovsky, R., Prisco, R.D., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 246–262. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Baldi, M., Chiaraluce, F.: Cryptanalysis of a New Instance of McEliece Cryptosystem Based on QC-LDPC Codes. In: IEEE International Symposium on Information Theory, ISIT 2007, pp. 2591–2595 (June 2007)Google Scholar
  3. 3.
    Baldi, M., Chiaraluce, F., Garello, R.: On the Usage of Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem. In: First International Conference on Communications and Electronics, ICCE 2006, pp. 305–310 (October 2006)Google Scholar
  4. 4.
    Baldi, M., Chiaraluce, F., Garello, R., Mininni, F.: Quasi-Cyclic Low-Density Parity-Check Codes in the McEliece Cryptosystem. In: IEEE International Conference on Communications, ICC 2007, pp. 951–956 (June 2007)Google Scholar
  5. 5.
    Becker, A., Joux, A., May, A., Meurer, A.: Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 520–536. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing Key Length of the McEliece Cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the Inherent Intractability of Certain Coding Problems (Corresp.). IEEE Transactions on Information Theory 24(3), 384–386 (1978)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bernstein, D.J., Lange, T., Peters, C.: Attacking and Defending the McEliece Cryptosystem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Biswas, B., Sendrier, N.: McEliece Crypto-system: A Reference Implementation,
  10. 10.
    Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient Implementation of a CCA2-Secure Variant of McEliece using Generalized Srivastava Codes. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 138–155. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Chang, K.: I.B.M. Researchers Inch Toward Quantum Computer. New York Times Article (February 28, 2012),
  12. 12.
    Dimitrov, V.S., Järvinen, K.U., Jacobson Jr., M.J., Chan, W.F., Huang, Z.: FPGA Implementation of Point Multiplication on Koblitz Curves Using Kleinian Integers. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 445–459. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for Embedded Devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic Cryptanalysis of McEliece Variants with Compact Keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Gallager, R.: Low-density Parity-check Codes. IRE Transactions on Information Theory 8(1), 21–28 (1962)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Ghosh, S., Delvaux, J., Uhsadel, L., Verbauwhede, I.: Speed Area Optimized Embedded Co-processor for McEliece Cryptosystem. In: 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors (ASAP), pp. 102–108 (July 2012)Google Scholar
  17. 17.
    Göttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.A.: On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes. In: Prouff, Schaumont (eds.) [33], pp. 512–529CrossRefGoogle Scholar
  18. 18.
    Güneysu, T., Paar, C.: Ultra High Performance ECC over NIST Primes on Commercial FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 62–78. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Heyse, S.: Implementation of McEliece Based on Quasi-dyadic Goppa Codes for Embedded Devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Heyse, S., Güneysu, T.: Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 340–355. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Huffman, W.C., Pless, V.: Fundamentals of Error-Correcting Codes (2010)Google Scholar
  23. 23.
    Kamal, A.A., Youssef, A.M.: An FPGA implementation of the NTRUEncrypt cryptosystem. In: 2009 International Conference on Microelectronics (ICM), pp. 209–212. IEEE (2009)Google Scholar
  24. 24.
    Kobara, K., Imai, H.: Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  25. 25.
    Li, Y.X., Deng, R.H., Wang, X.M.: On the Equivalence of McEliece’s and Niederreiter’s Public-key Cryptosystems. IEEE Trans. Inf. Theor. 40(1), 271–273 (2006)MathSciNetzbMATHGoogle Scholar
  26. 26.
    Minder, L.: Cryptography Based on Error Correcting Codes. PhD thesis, Ècole Polytechnique Fédérale de Lausanne (July 2007)Google Scholar
  27. 27.
    Misoczki, R., Barreto, P.S.L.M.: Compact McEliece Keys From Goppa Codes. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 376–392. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: New McEliece Variants from Moderate Density Parity-Check Codes. Cryptology ePrint Archive, Report 2012/409 (2012),
  29. 29.
    Monico, C., Rosenthal, J., Shokrollahi, A.: Using Low Density Parity Check Codes in the McEliece Cryptosystem. In: Proceedings of the IEEE International Symposium on Information Theory, p. 215 (2000)Google Scholar
  30. 30.
    Otmani, A., Tillich, J.-P., Dallot, L.: Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes. Mathematics in Computer Science 3(2), 129–140 (2010)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Overbeck, R., Sendrier, N.: Code-based Cryptography. In: Bernstein, D.J., et al. (eds.) First International Workshop on Post-quantum Cryptography, PQCrypto 2006, Leuven, The Netherland, May 23–26, 2006. Selected papers, pp. 95–145. Springer, Berlin (2009)zbMATHGoogle Scholar
  32. 32.
    Persichetti, E.: Compact McEliece Keys based on Quasi-Dyadic Srivastava Codes. IACR Cryptology ePrint Archive 2011:179 (2011)Google Scholar
  33. 33.
    Prouff, E., Schaumont, P. (eds.): CHES 2012. LNCS, vol. 7428. Springer, Heidelberg (2012)zbMATHGoogle Scholar
  34. 34.
    Rebeiro, C., Roy, S.S., Mukhopadhyay, D.: Pushing the Limits of High-Speed GF(2m) Elliptic Curve Scalar Multiplication on FPGAs. In: Prouff, Schaumont (eds.) [33], pp. 494–511Google Scholar
  35. 35.
    Roy, S.S., Rebeiro, C., Mukhopadhyay, D.: A Parallel Architecture for Koblitz Curve Scalar Multiplications on FPGA Platforms. In: DSD, pp. 553–559. IEEE (2012)Google Scholar
  36. 36.
    Sendrier, N.: Decoding One Out of Many. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 51–67. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  37. 37.
    Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms On a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Shoufan, A., Wink, T., Molter, H.G., Huss, S.A., Kohnert, E.: A Novel Cryptoprocessor Architecture for the McEliece Public-Key Cryptosystem. IEEE Trans. Computers 59(11), 1533–1546 (2010)MathSciNetCrossRefGoogle Scholar
  39. 39.
    Shoufan, A., Wink, T., Molter, H.G., Huss, S.A., Strenzke, F.: A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms. In: 20th IEEE International Conference on Application-specific Systems, Architectures and Processors (July 2009)Google Scholar
  40. 40.
    Strenzke, F.: Solutions for the Storage Problem of McEliece Public and Private Keys on Memory-Constrained Platforms. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 120–135. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  41. 41.
    Suzuki, D.: How to Maximize the Potential of FPGA Resources for Modular Exponentiation. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 272–288. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  42. 42.
    Suzuki, D., Matsumoto, T.: How to Maximize the Potential of FPGA-Based DSPs for Modular Exponentiation. IEICE Transactions 94-A(1), 211–222 (2011)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations