Cryptology ePrint Archive: Report 2017/1180

FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes

Wen Wang and Jakub Szefer and Ruben Niederhagen

Abstract: This paper presents an FPGA implementation of the Niederreiter cryptosystem using binary Goppa codes, including modules for encryption, decryption, and key generation. We improve over previous implementations in terms of efficiency (time-area product and raw performance) and security level. Our implementation is constant time in order to protect against timing side-channel analysis. The design is fully parameterized, using code-generation scripts, in order to support a wide range of parameter choices for security, including binary field size, the degree of the Goppa polynomial, and the code length. The parameterized design allows us to choose design parameters for time-area trade-offs in order to support a wide variety of applications ranging from smart cards to server accelerators. For parameters that are considered to provide ‘’128-bit post-quantum security’‘, our time-optimized implementation requires 966,400 cycles for the generation of both public and private portions of a key and 14,291 cycles to decrypt a ciphertext. The time-optimized design uses only 121,806 ALMs (52~% of the available logic) and 961 RAM blocks (38~% of the available memory), and results in a design that runs at about 250~MHz on a medium-size Stratix V FPGA.

Category / Keywords: post-quantum cryptography, code-based cryptography, Niederreiter cryptosystem, FPGA, hardware implementation.

Original Publication (with minor differences): IACR-CHES-2017

Date: received 4 Dec 2017, last revised 18 May 2018

Contact author: wen wang ww349 at yale edu

Available format(s): PDF | BibTeX Citation

Version: 20180518:195805 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]