Paper 2021/138

Classic McEliece Implementation with Low Memory Footprint

Johannes Roth, Evangelos Karatsiolis, and Juliane Krämer


The Classic McEliece cryptosystem is one of the most trusted quantum-resistant cryptographic schemes. Deploying it in practical applications, however, is challenging due to the size of its public key. In this work, we bridge this gap. We present an implementation of Classic McEliece on an ARM Cortex-M4 processor, optimized to overcome memory constraints. To this end, we present an algorithm to retrieve the public key ad-hoc. This reduces memory and storage requirements and enables the generation of larger key pairs on the device. To further improve the implementation, we perform the public key operation by streaming the key to avoid storing it as a whole. This additionally reduces the risk of denial of service attacks. Finally, we use these results to implement and run TLS on the embedded device.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. CARDIS 2020: Smart Card Research and Advanced Applications
Post-Quantum CryptographyCode-Based CryptographyClassic McElieceLow Memory FootprintEmbedded ImplementationTLSARM Cortex-M4
Contact author(s)
jroth @ mtg de
ekaratsiolis @ mtg de
juliane @ qpc tu-darmstadt de
2021-02-10: received
Short URL
Creative Commons Attribution


      author = {Johannes Roth and Evangelos Karatsiolis and Juliane Krämer},
      title = {Classic McEliece Implementation with Low Memory Footprint},
      howpublished = {Cryptology ePrint Archive, Paper 2021/138},
      year = {2021},
      doi = {10.1007/978-3-030-68487-7_3},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.