Cryptography Reference
In-Depth Information
To decrypt a ciphertext the KIC-
γ
first stores the first two bytes of the
ciphertext in
y
5
. Then it calls the McEliece decryption function which returns
the encrypted plaintext
y
3
and the error vector
δ
j
=
i
j
−
1where
i
r
de-
note the error positions. To obtain part
y
4
from the error vector constant weight
decoding function is used. Now (
y
2
||
i
j−
1
−
y
1
)=(
y
5
||
y
4
||
y
3
) is known and the message
m
can be obtained.
5R su s
This section presents the results of our implementation of the McEliece variant
based on [2304, 1280, 129] quasi-dyadic Goppa codes providing an 80-bit security
level for the 8-bits AVR microcontroller. As we use a systematic generator matrix
for the Goppa code, we also implemented Kobara-Imai's specific conversion
γ
developed for CCA2-secure McEliece variants. Due to the parameters chosen for
KIC-
γ
the actual length of the message to be encrypted increases to 1288 bytes
while the ciphertext length increases to 2312 bytes. Table 3 summarizes the sizes
of all parameters being precomputed and used for the encryption and decryption
algorithms.
Table 3.
Sizes of tables and values in memory
Parameter
Size
QD-McEliece en-
cryption
K
pub
2560 bytes
log table for
F
2
8
256 bytes
antilog table for
F
2
8
256 bytes
Goppa polynomial
G
(
x
)
16 bytes
QD-McEliece
decryption
Polynomial
W
(
x
)
14 bytes
Support sequence
L
∗
4608 bytes
Array with elements 1
/G
(
L
i
)
72 bytes
Matrix
S
131072 bytse
KIC-
γ
Public constant
Const
20 bytes
Except for the matrix
S
which is used only within the syndrome computation
method with precomputation, all precomputed values can be copied into the
faster SRAM of the microcontroller at startup time resulting in faster encryption
and decryption. The performance results of our implementation were obtained
from AVR Studio in version 4.18. Table 4 summarizes the clock cycles needed
for specific operations and sub-operations for the conversion and encryption of
a message. Note that we used fixed random values for the implementation of
KIC-
γ
. The encryption of a 1288 bits message requires 6,358,952 cycles. Hence,
when running at 32 MHz, the encryption takes about 0.1987 seconds while the
throughput is 6482 bits/second.
