Optimized and Scalable Co-Processor for McEliece with Binary Goppa Codes

Autor: Pedro Maat C. Massolino, Paulo S. L. M. Barreto, Wilson Vicente Ruggiero
Rok vydání: 2015
Předmět:
Zdroj: ACM Transactions on Embedded Computing Systems. 14:1-32
ISSN: 1558-3465
1539-9087
DOI: 10.1145/2736284
Popis: Asymmetric cryptographic primitives are essential to enable secure communications in public networks or public mediums. Such primitives can be deployed as software libraries or hardware co-processors, the latter being more commonly employed in systems on chip (SoC) scenarios, embedded devices, or application-specific servers. Unfortunately, the most commonly available solutions, based on RSA or elliptic curve cryptography (ECC), are highly processing intensive due to the underlying extended-precision modular arithmetic. Consequently, they are not available on highly constrained platforms. Aiming to tackle this issue, we here investigate an alternative asymmetric encryption scheme that relies on lightweight arithmetic: McEliece. This scheme is especially appealing because, being based on error correction codes, it displays a simpler arithmetic and leads to better performance when compared to RSA or ECC. To evaluate the implementation of this scheme in hardware, we propose and analyze a flexible architecture whose security level and time versus area usage characteristics can be reconfigured as desired. The proposed architecture is suitable to all usual security levels, ranging from 80 to 256 bits. It is also very efficient, being able to perform data decryption with binary Goppa codes in 56µs with 3,402 slices on a Xilinx Spartan-3AN FPGA, whereas the best-known result in the literature for the same FPGA is 115µs with 7,331 slices. Alternatively, the architecture can operate with quasi-dyadic Goppa (QD-Goppa) codes, which involves smaller keys than traditional binary Goppa codes. In the latter case, for an 80-bit security level, the decryption operation can take from 1.1ms with 1,129 slices to 68µs with 8,268 sices. By choosing a more hardware-friendly decoding algorithm, focusing hardware resources on most bottleneck operations and sharing hardware resource for two different algorithms, better results than the those in the literature were obtained.
Databáze: OpenAIRE