Top

Published in:

2016 | OriginalPaper | Chapter

IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter

Authors : Ingo von Maurich, Lukas Heberle, Tim Güneysu

Published in: Post-Quantum Cryptography

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

QC-MDPC McEliece attracted significant attention as promising alternative public-key encryption scheme believed to be resistant against quantum computing attacks. Compared to binary Goppa codes, it achieves practical key sizes and was shown to perform well on constrained platforms such as embedded microcontrollers and FPGAs.

However, so far none of the published QC-MDPC McEliece/Niederreiter implementations provide indistinguishability under chosen plaintext or chosen ciphertext attacks. Common ways for the McEliece and Niederreiter encryption schemes to achieve IND-CPA/IND-CCA security are surrounding constructions that convert them into secured schemes. In this work we take a slightly different approach presenting (1) an efficient implementation of QC-MDPC Niederreiter for ARM Cortex-M4 microcontrollers and (2) the first implementation of Persichetti’s IND-CCA hybrid encryption scheme from PQCrypto’13 instantiated with QC-MDPC Niederreiter for key encapsulation and AES-CBC/AES-CMAC for data encapsulation. Both implementations achieve practical performance for embedded microcontrollers, at 80-bit security hybrid encryption takes 16.5 ms, decryption 111 ms and key-generation 386.4 ms.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter RankSynd a PRNG Based on Rank Metric

Available only for authorised users

See NSA announcement published at https://www.nsa.gov/ia/programs/suiteb_cryptography/.

80-bit: \(d_v=45\), 128-bit: \(d_v=71\). Note that \(n_0=2\) and w is even for the parameters used in this paper.

The bit-flipping thresholds used in Algorithm 1 are precomputed from the code parameters as proposed in [7].

In [20], the DEM is simply assumed to be a fixed length one-time pad of the size of m combined with a standardized MAC. Hence, \(\text {Enc}^\text {SE}_{k_1}(m)=m\,\oplus \,k_1\) and \(\text {Dec}^\text {SE}_{k_1}(T)=T\,\oplus \,k_1\) with \(m,T,k_1\) having the same fixed length.

We do not implement constant weight encoding since it is not needed in the hybrid encryption scheme. Encrypting a message \(m \in \mathbb {Z}/\left( {\begin{array}{c}n\\ t\end{array}}\right) \mathbb {Z}\) requires to encode it into an error-vector \(e \in \mathbb {F}_2^n\) of weight \({{\mathrm{wt}}}(e) = t\) and to reverse the encoding after decryption.

We found the number of iterations experimentally and set it to five, in line with iteration counts reported in [13, 14].

16 bit are sufficient to store the position for both 80-bit and 128-bit security.

Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, 19–22 October 1997, Miami Beach, Florida, USA, pp. 394–403. IEEE Computer Society (1997)

Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theor. 24(3), 384–386 (1978)CrossRefMATH

Biasi, F., Barreto, P., Misoczki, R., Ruggiero, W.: Scaling efficient code-based cryptosystems for embedded platforms. J. Crypt. Eng. 4, 1–12 (2014)CrossRef

Cayrel, P.-L., Hoffmann, G., Persichetti, E.: Efficient implementation of a CCA2-secure variant of McEliece using generalized Srivastava codes. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 138–155. Springer, Heidelberg (2012)CrossRef

Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)CrossRefMathSciNetMATH

Eisenbarth, T., Güneysu, T., Heyse, S., Paar, C.: MicroEliece: McEliece for embedded devices. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 49–64. Springer, Heidelberg (2009)CrossRef

Gallager, R.: Low-density parity-check codes. IRE Trans. Inf. Theor. 8(1), 21–28 (1962)CrossRefMathSciNetMATH

Heyse, S.: Implementation of McEliece based on quasi-dyadic Goppa codes for embedded devices. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 143–162. Springer, Heidelberg (2011)CrossRef

Heyse, S., von Maurich, I., Güneysu, T.: Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 273–292. Springer, Heidelberg (2013)CrossRef

10.

Huffman, W.C., Pless, V.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2010)MATH

11.

Kobara, K., Imai, H.: Semantically secure McEliece public-key cryptosystems-Conversions for McEliece. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRef

12.

von Maurich, I., Güneysu, T.: Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices. In: DATE, pp. 1–6. IEEE (2014)

13.

von Maurich, I., Güneysu, T.: Towards side-channel resistant implementations of QC-MDPC McEliece encryption on constrained devices. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 266–282. Springer, Heidelberg (2014)

14.

von Maurich, I., Oder, T., Güneysu, T.: Implementing QC-MDPC McEliece encryption. ACM Trans. Embedded Comput. Syst. 14(3), 1–27 (2015)CrossRef

15.

McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Netw. Prog. Rep. 44, 114–116 (1978)

16.

Misoczki, R., Tillich, J.-P., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: ISIT, pp. 2069–2073. IEEE (2013)

17.

Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theor./Problemy Upravlen. Teor Inform. 15(2), 159–166 (1986)MathSciNetMATH

18.

Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the McEliece cryptosystem without random oracles. Des. Codes Crypt. 49(1–3), 289–305 (2008)CrossRefMathSciNetMATH

19.

Perlner, R.: Optimizing information set decoding algorithms to attack cyclosymmetric MDPC codes. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 220–228. Springer, Heidelberg (2014)

20.

Persichetti, E.: Secure and anonymous hybrid encryption from coding theory. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 174–187. Springer, Heidelberg (2013)CrossRef

21.

Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)CrossRefMathSciNetMATH

22.

STMicroelectronics: STM32F417VG High-performance foundation line, ARM Cortex-M4 core with DSP and FPU, 1 Mbyte Flash, 168 MHz CPU, ART Accelerator, Ethernet, FSMC, HW crypto - STMicroelectronics (2015). http://www.st.com/web/en/catalog/mmc/FM141/SC1169/SS1577/LN11/PF252139

23.

Xu, N., Zhu, J., Lu, D., Zhou, X., Peng, X., Du, J.: Quantum factorization of 143 on a dipolar-coupling nuclear magnetic resonance system. Phys. Rev. Lett. 108, 130–501 (2012)

Title: IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter
Authors: Ingo von Maurich
Lukas Heberle
Tim Güneysu
Publisher: Springer International Publishing
Book: Post-Quantum Cryptography
Print ISBN: 978-3-319-29359-2

Electronic ISBN: 978-3-319-29360-8

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-29360-8_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner