Paper 2019/1274

Rank-metric Encryption on Arm-Cortex M0

Ameirah al Abdouli, Emanuele Bellini, Florian Caullery, Marc Manzano, and Victor Mateu


Since its invention by McEliece in 1978, cryptography based on Error Correcting Codes (ECC) has suffered from the reputation of not being suitable for constrained devices. Indeed, McEliece's scheme and its variants have large public keys and relatively long ciphertexts. Recent works on these downsides explored the possible use of ECC based on rank metric instead of Hamming metric. These codes were introduced in the late 80's to eliminate errors with repeating patterns, regardless of their Hamming weight. Numerous proposals for the NIST Post-Quantum Cryptography (PQC) competition rely on these codes. It has been proven that lattice-based cryptography and even hash-based signatures can run on lightweight devices, but the question remains for code-based cryptography. In this work, we demonstrate that this is actually possible for rank metric: we have implemented the encryption operation of 5 schemes based on ECC in rank metric and made them run on an Arm Cortex-M0 processor, the smallest Arm processor available. We describe the technical difficulties of porting rank-based cryptography to a resource-constrained device while maintaining decent performance and a suitable level of security against side-channel attacks, especially timing attacks.

Available format(s)
Publication info
Published elsewhere. Proceedings of the 6th on ASIA Public-Key Cryptography Workshop
Post-quantum cryptographyCode-based cryptographyRank metricLightweight cryptographyCortex M0
Contact author(s)
eemanuele bellini @ gmail com
2019-11-05: received
Short URL
Creative Commons Attribution


      author = {Ameirah al Abdouli and Emanuele Bellini and Florian Caullery and Marc Manzano and Victor Mateu},
      title = {Rank-metric Encryption on Arm-Cortex M0},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1274},
      year = {2019},
      doi = {10.1145/3327958.3329544},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.