Cryptology ePrint Archive: Report 2019/1274

Rank-metric Encryption on Arm-Cortex M0

Ameirah al Abdouli and Emanuele Bellini and Florian Caullery and Marc Manzano and Victor Mateu

Abstract: Since its invention by McEliece in 1978, cryptography based on Error Correcting Codes (ECC) has suffered from the reputation of not being suitable for constrained devices. Indeed, McEliece's scheme and its variants have large public keys and relatively long ciphertexts. Recent works on these downsides explored the possible use of ECC based on rank metric instead of Hamming metric. These codes were introduced in the late 80's to eliminate errors with repeating patterns, regardless of their Hamming weight. Numerous proposals for the NIST Post-Quantum Cryptography (PQC) competition rely on these codes. It has been proven that lattice-based cryptography and even hash-based signatures can run on lightweight devices, but the question remains for code-based cryptography. In this work, we demonstrate that this is actually possible for rank metric: we have implemented the encryption operation of 5 schemes based on ECC in rank metric and made them run on an Arm Cortex-M0 processor, the smallest Arm processor available. We describe the technical difficulties of porting rank-based cryptography to a resource-constrained device while maintaining decent performance and a suitable level of security against side-channel attacks, especially timing attacks.

Category / Keywords: implementation / Post-quantum cryptography, Code-based cryptography, Rank metric, Lightweight cryptography, Cortex M0

Original Publication (in the same form): Proceedings of the 6th on ASIA Public-Key Cryptography Workshop
DOI:
10.1145/3327958.3329544

Date: received 3 Nov 2019

Contact author: eemanuele bellini at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20191105:082312 (All versions of this report)

Short URL: ia.cr/2019/1274


[ Cryptology ePrint archive ]