Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance
- PDF / 458,058 Bytes
- 15 Pages / 595.276 x 790.866 pts Page_size
- 7 Downloads / 176 Views
CHES 2012
Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance Stefan Heyse · Tim Güneysu
Received: 16 November 2012 / Accepted: 28 January 2013 © Springer-Verlag Berlin Heidelberg 2013
Abstract Today’s public-key schemes that are either based on the factorization or the discrete logarithm problem. Since both problems are closely related, a major breakthrough in cryptanalysis (e.g., with the advent of quantum computing will render nearly all currently employed security system useless. Code-based public-key schemes rely on the alternative security assumption that decoding generic linear binary codes is NP-complete. Two code-based schemes for publickey encryption are available due to McEliece and Niederreiter. Although most researchers analyzed and implemented McEliece’s cryptosystem, we show in this work that the scheme by Niederreiter has some important advantages, such as smaller keys, more practical plain and ciphertext sizes and less computation complexity. In particular, we propose an efficient FPGA implementation of Niederreiter’s scheme that can encrypt more than 1.5 million plaintexts per seconds on a Xilinx Virtex-6 FPGA—outperforming all known implementations of other popular public-key cryptosystems so far. Keywords Code-based · Goppa · McEliece · Niederreiter · Embedded · FPGA 1 Introduction Public-key cryptosystems build the foundation for virtually all advanced cryptographic requirements, such as asymmetric encryption, key exchange and digital signatures. But all S. Heyse (B) · T. Güneysu Horst Görtz Institute for IT-Security, Ruhr-Universitä Bochum, 44780 Bochum, Germany e-mail: [email protected] T. Güneysu e-mail: [email protected]
established cryptosystems rely on two classes of fundamental problems, namely the factoring problem and the (elliptic curve) discrete logarithm problem. Since both are related, a cryptanalytical breakthrough will turn a large number of currently employed security systems to be completely insecure overnight. This threat is further nourished by upcoming generations of powerful quantum computers that have been shown to be very effective in computing solutions to the problems mentioned above [58]. Recently, IBM announced two improvements in quantum computing [16] so that such practical systems might already become available even in the next 15 years. Obviously, we need a larger diversification of public-key primitives that can maintain long-term security even in and beyond the era of quantum computers. Therefore, some alternative cryptosystems have gathered much attention in the last years, such as multivariatequadratic (MQ-), lattice-based and code-based schemes. A major drawback of these constructions have been their low efficiency and practicability due to large key sizes or complex computations compared to classical RSA and ECC cryptosystems. This was particularly considered as an issue for small and embedded systems where memory and computational resources are scarce. Nevertheless, thanks to many improvements in t
Data Loading...
