Paper 2017/1180

FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes

Wen Wang, Jakub Szefer, and Ruben Niederhagen


This paper presents an FPGA implementation of the Niederreiter cryptosystem using binary Goppa codes, including modules for encryption, decryption, and key generation. We improve over previous implementations in terms of efficiency (time-area product and raw performance) and security level. Our implementation is constant time in order to protect against timing side-channel analysis. The design is fully parameterized, using code-generation scripts, in order to support a wide range of parameter choices for security, including binary field size, the degree of the Goppa polynomial, and the code length. The parameterized design allows us to choose design parameters for time-area trade-offs in order to support a wide variety of applications ranging from smart cards to server accelerators. For parameters that are considered to provide ‘’128-bit post-quantum security’‘, our time-optimized implementation requires 966,400 cycles for the generation of both public and private portions of a key and 14,291 cycles to decrypt a ciphertext. The time-optimized design uses only 121,806 ALMs (52% of the available logic) and 961 RAM blocks (38% of the available memory), and results in a design that runs at about 250MHz on a medium-size Stratix V FPGA.

Available format(s)
Publication info
Published elsewhere. MINOR revision.PQCrypto 2018
post-quantum cryptographycode-based cryptographyNiederreiter cryptosystemFPGAhardware implementation.
Contact author(s)
wen wang ww349 @ yale edu
2018-08-16: last of 3 revisions
2017-12-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Wen Wang and Jakub Szefer and Ruben Niederhagen},
      title = {FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1180},
      year = {2017},
      doi = {10.1007/978-3-319-79063-3_4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.