Efficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes

Cayrel, Pierre-Louis; Hoffmann, Gerhard; Persichetti, Edoardo

doi:10.1007/978-3-642-30057-8_9

Cited by 28 publications

(30 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use the cycles/byte metric to compare our results to other implementations that handle different plaintext/ciphertext sizes. Our iterative encoder outperforms the encoders of [CHP12] and [EGHP09]. Our unrolled version is nearly as fast as [Hey11] with only half the amount of flash memory and six times less SRAM.…”

Section: Microcontroller Resultsmentioning

confidence: 90%

Post-Quantum Cryptography

Μονογιός¹

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Microcontroller Resultsmentioning

confidence: 90%

Post-Quantum Cryptography

Μονογιός¹

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Our iterative encoder outperforms the encoders of [10] and [13]. Our unrolled version is nearly as fast as [20] with only half the amount of flash memory and six times less SRAM.…”

Section: Microcontroller Resultsmentioning

confidence: 90%

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Heyse

Maurich

Güneysu

2013

Cryptographic Hardware and Embedded Systems - CHES 2013

View full text Add to dashboard Cite

Abstract. In the last years code-based cryptosystems were established as promising alternatives for asymmetric cryptography since they base their security on well-known NP-hard problems and still show decent performance on a wide range of computing platforms. The main drawback of code-based schemes, including the popular proposals by McEliece and Niederreiter, are the large keys whose size is inherently determined by the underlying code. In a very recent approach, Misoczki et al. proposed to use quasi-cyclic MDPC (QC-MDPC) codes that allow for a very compact key representation. In this work, we investigate novel implementations of the McEliece scheme using such QC-MDPC codes tailored for embedded devices, namely a Xilinx Virtex-6 FPGA and an 8-bit AVR microcontroller. In particular, we evaluate and improve different approaches to decode QC-MDPC codes. Besides competitive performance for encryption and decryption on the FPGA, we achieved a very compact implementation on the microcontroller using only 4,800 and 9,600 bits for the public and secret key at 80 bits of equivalent symmetric security.

show abstract

“…Since the key is huge, there are several attempts to reduce the size of keys. Cayrel et al [14] reported an implementation result based on very structured code in [48].…”

Section: Instantiations From Codesmentioning

confidence: 99%

“…If we adapt the scheme in [14] with parameter set in [48, Table 3] 2 , then we obtain an AKE protocol with communication costs about |ek| + 3 |C| = 52.32 kbits. If we adopt the IND-CCA secure PKE scheme in [18] with parameter set in [48, Table 3] and a onetime signature scheme whose verification key and signature are of length 128 bits, then the communication costs results in approximately |ek| + |C| + 2 · 128 · |C| ≈ 1.31 Mbits.…”

Section: Instantiations From Codesmentioning

confidence: 99%

Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism

Fujioka

Suzuki

Xagawa

et al. 2013

Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

This paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK + security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction from IND-CCA secure key encapsulation mechanisms (KEMs) in the standard model. However, when it is instantiated with existing IND-CCA secure post-quantum KEMs, resultant AKE protocols are far from practical in communication complexity. We propose a generic construction of AKE protocols from OW-CCA secure KEMs and prove CK + security of the protocols in the random oracle model. We exploit the random oracle and instantiate AKE protocols from various assumptions; DDH, gap DH, CDH, factoring, RSA, DCR, (ring-)LWE, McEliece one-way, NTRU one-way, subset sum, multi-variate quadratic systems, and more. For example, communication costs of our lattice-based scheme is approximately 14 times lower than the previous instantiation (for 128-bit security). Also, in the case of code-based scheme, it is approximately 25 times lower.

show abstract

Efficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes

Cited by 28 publications

References 24 publications

Post-Quantum Cryptography

Post-Quantum Cryptography

Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices

Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism

Contact Info

Product

Resources

About