Abstract
QC-MDPC McEliece attracted significant attention as promising alternative public-key encryption scheme believed to be resistant against quantum computing attacks. Compared to binary Goppa codes, it achieves practical key sizes and was shown to perform well on constrained platforms such as embedded microcontrollers and FPGAs.
However, so far none of the published QC-MDPC McEliece/Niederreiter implementations provide indistinguishability under chosen plaintext or chosen ciphertext attacks. Common ways for the McEliece and Niederreiter encryption schemes to achieve IND-CPA/IND-CCA security are surrounding constructions that convert them into secured schemes. In this work we take a slightly different approach presenting (1) an efficient implementation of QC-MDPC Niederreiter for ARM Cortex-M4 microcontrollers and (2) the first implementation of Persichetti’s IND-CCA hybrid encryption scheme from PQCrypto’13 instantiated with QC-MDPC Niederreiter for key encapsulation and AES-CBC/AES-CMAC for data encapsulation. Both implementations achieve practical performance for embedded microcontrollers, at 80-bit security hybrid encryption takes 16.5 ms, decryption 111 ms and key-generation 386.4 ms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See NSA announcement published at https://www.nsa.gov/ia/programs/suiteb_cryptography/.
- 2.
80-bit: \(d_v=45\), 128-bit: \(d_v=71\). Note that \(n_0=2\) and w is even for the parameters used in this paper.
- 3.
The bit-flipping thresholds used in Algorithm 1 are precomputed from the code parameters as proposed in [7].
- 4.
In [20], the DEM is simply assumed to be a fixed length one-time pad of the size of m combined with a standardized MAC. Hence, \(\text {Enc}^\text {SE}_{k_1}(m)=m\,\oplus \,k_1\) and \(\text {Dec}^\text {SE}_{k_1}(T)=T\,\oplus \,k_1\) with \(m,T,k_1\) having the same fixed length.
- 5.
We do not implement constant weight encoding since it is not needed in the hybrid encryption scheme. Encrypting a message \(m \in \mathbb {Z}/\left( {\begin{array}{c}n\\ t\end{array}}\right) \mathbb {Z}\) requires to encode it into an error-vector \(e \in \mathbb {F}_2^n\) of weight \({{\mathrm{wt}}}(e) = t\) and to reverse the encoding after decryption.
- 6.
- 7.
16 bit are sufficient to store the position for both 80-bit and 128-bit security.
References
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, 19–22 October 1997, Miami Beach, Florida, USA, pp. 394–403. IEEE Computer Society (1997)
Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theor. 24(3), 384–386 (1978)
Biasi, F., Barreto, P., Misoczki, R., Ruggiero, W.: Scaling efficient code-based cryptosystems for embedded platforms. J. Crypt. Eng. 4, 1–12 (2014)
Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient implementation of a CCA2-secure variant of McEliece using generalized Srivastava codes. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 138–155. Springer, Heidelberg (2012)
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)
Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for embedded devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)
Gallager, R.: Low-density parity-check codes. IRE Trans. Inf. Theor. 8(1), 21–28 (1962)
Heyse, S.: Implementation of McEliece based on quasi-dyadic Goppa codes for embedded devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)
Heyse, S., von Maurich, I., Güneysu, T.: Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 273–292. Springer, Heidelberg (2013)
Huffman, W.C., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2010)
Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems-Conversions for McEliece. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)
von Maurich, I., Güneysu, T.: Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices. In: DATE, pp. 1–6. IEEE (2014)
von Maurich, I., Güneysu, T.: Towards side-channel resistant implementations of QC-MDPC McEliece encryption on constrained devices. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 266–282. Springer, Heidelberg (2014)
von Maurich, I., Oder, T., Güneysu, T.: Implementing QC-MDPC McEliece encryption. ACM Trans. Embedded Comput. Syst. 14(3), 1–27 (2015)
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114–116 (1978)
Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: ISIT, pp. 2069–2073. IEEE (2013)
Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theor./Problemy Upravlen. Teor Inform. 15(2), 159–166 (1986)
Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the McEliece cryptosystem without random oracles. Des. Codes Crypt. 49(1–3), 289–305 (2008)
Perlner, R.: Optimizing information set decoding algorithms to attack cyclosymmetric MDPC codes. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 220–228. Springer, Heidelberg (2014)
Persichetti, E.: Secure and anonymous hybrid encryption from coding theory. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 174–187. Springer, Heidelberg (2013)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
STMicroelectronics: STM32F417VG High-performance foundation line, ARM Cortex-M4 core with DSP and FPU, 1 Mbyte Flash, 168 MHz CPU, ART Accelerator, Ethernet, FSMC, HW crypto - STMicroelectronics (2015). http://www.st.com/web/en/catalog/mmc/FM141/SC1169/SS1577/LN11/PF252139
Xu, N., Zhu, J., Lu, D., Zhou, X., Peng, X., Du, J.: Quantum factorization of 143 on a dipolar-coupling nuclear magnetic resonance system. Phys. Rev. Lett. 108, 130–501 (2012)
Acknowledgments
This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 645622 (PQCRYPTO). The authors would like to thank Rafael Misoczki for helpful feedback and comments when starting this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
von Maurich, I., Heberle, L., Güneysu, T. (2016). IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter. In: Takagi, T. (eds) Post-Quantum Cryptography. PQCrypto 2016. Lecture Notes in Computer Science(), vol 9606. Springer, Cham. https://doi.org/10.1007/978-3-319-29360-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-29360-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29359-2
Online ISBN: 978-3-319-29360-8
eBook Packages: Computer ScienceComputer Science (R0)