Just Accepted
Leveraging HLS to Design a Versatile & High-Performance Classic McEliece Accelerator
Authors: 
Ioannis-Vatistas Kostalabros, Jordi Ribes, Xavier Carril, Oriol Farras, Carles Hernandez, 
Miquel MoretoAuthors Info & Claims
Ioannis-Vatistas Kostalabros, Jordi Ribes, Xavier Carril, Oriol Farras, Carles Hernandez, Miquel MoretoAuthors Info & ClaimsAccepted on 07 September 2024
Abstract
By harnessing fundamental quantum properties, a large-scale quantum computer could undermine currently deployed public-key algorithms. The post-quantum, code-based cryptosystem Classic McEliece (CM) addresses this security concern. However, its large public key size (up to 1.3MB) poses various hardware implementation challenges. In this paper, we focus on the high memory bandwidth requirements of the CM encoding function, in the context of heterogeneous CPU-FPGA devices. More concretely, we target the acceleration of public-key loading and processing from any globally-shared or accelerator-private memory system. We present a novel and constant-time accelerator eEnc that exploits the elevated parallelization potential of FPGA devices to yield high-performance results. Our accelerator implements the encoding and the random error vector generation functions, which comprise the main computational load of Encapsulation. Two accelerator design variants are introduced, providing different hardware tradeoffs. Regarding intra-accelerator data communication, and unlike other state-of-the-art (SOTA) works, we combine a streaming protocol with task-level parallelization to remove the need to store the public key in accelerator-private memories. Our proposed design shows new record execution times over its SOTA counterparts, ranging on average from 3.5 × up to 7.7 × across the five security level parameter sets. Our end-to-end implementation in a Zynq SoC shows an average speedup of 2.2 × compared to a 64-bit vectorized CM software-baseline. The elevated logic resource consumption, characteristic of HLS designs, can be readily adjusted with a performance tradeoff.
References
[1]
Rashmi Agrawal, Lake Bu, and Michel A Kinsy. 2020. Quantum-proof lightweight McEliece cryptosystem co-processor design. In 2020 IEEE 38th International Conference on Computer Design (ICCD). IEEE, 73–79.
[2]
Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafale Misoczki, Ruben Niederhangen, Kenneth G. Paterson, Edoardo Perischetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Can Jung Tjhai, Martin Tomlinson, and Wen Wang. 2020. Classic McEliece: conservative code-based cryptography.
[3]
Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafale Misoczki, Ruben Niederhangen, Kenneth G. Paterson, Edoardo Perischetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Can Jung Tjhai, Martin Tomlinson, and Wen Wang. 2022. Classic McEliece: conservative code-based cryptography.
[4]
Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafale Misoczki, Ruben Niederhangen, Kenneth G. Paterson, Edoardo Perischetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Can Jung Tjhai, Martin Tomlinson, and Wen Wang. Oct 2022. Classic McEliece: Source Code of Round 4 NIST Submission. [Online]. https://classic.mceliece.org/nist/mceliece-20221023.tar.gz.
[5]
Rosario Arjona, Paula López-González, Roberto Román, and Iluminada Baturone. 2023. Post-Quantum Biometric Authentication Based on Homomorphic Encryption and Classic McEliece. Applied Sciences 13, 2 (2023), 757.
[6]
Kanad Basu, Deepraj Soni, Mohammed Nabeel, and Ramesh Karri. 2019. NIST Post-Quantum Cryptography-A Hardware Evaluation Study.IACR Cryptol. ePrint Arch.(2019).
[7]
Daniel J Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, et al. 2017. Classic McEliece: conservative code-based cryptography. NIST submissions (2017).
[8]
Daniel J Bernstein, Tung Chou, and Peter Schwabe. 2013. McBits: fast constant-time code-based cryptography. In International Conference on Cryptographic Hardware and Embedded Systems. Springer.
[9]
BSI. 2023. BSI - Technical Guideline, Cryptographic Mechanisms: Recommendations and Key Lengths.
[10]
Davide Castelvecchi. 2017. IBM’s quantum cloud computer goes commercial. Nature News (2017).
[11]
Ming-Shing Chen and Tung Chou. 2021. Classic McEliece on the ARM Cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems (2021).
[12]
Po-Jen Chen, Tung Chou, Sanjay Deshpande, Norman Lahr, Ruben Niederhagen, Jakub Szefer, and Wen Wang. 2022. Complete and Improved FPGA Implementation of Classic McEliece. IACR Transactions on Cryptographic Hardware and Embedded Systems (2022).
[13]
Shaofen Chen, Haiyan Lin, Wenjin Huang, and Yihua Huang. 2022. Hardware Design and Implementation of Classic McEliece Post-Quantum Cryptosystem Based on FPGA. In 2022 IEEE High Performance Extreme Computing Conference (HPEC). IEEE, 1–6.
[14]
Charles Q Choi. 2023. IBM’s Quantum Leap: The Company Will Take Quantum Tech Past the 1,000-Qubit Mark in 2023. IEEE Spectrum 60, 1 (2023), 46–47.
[15]
Tung Chou. 2018. McBits revisited: toward a fast constant-time code-based KEM. Journal of Cryptographic Engineering(2018).
[16]
Jerry Chow, Oliver Dial, and Jay Gambetta. 2021. IBM Quantum breaks the 100-qubit processor barrier. IBM Research Blog (2021).
[17]
Bruno Couillard. 2022. NIST PQC mailing list.
[18]
Thomas Eisenbarth, Tim Güneysu, Stefan Heyse, and Christof Paar. 2009. MicroEliece: McEliece for embedded devices. In International Workshop on Cryptographic Hardware and Embedded Systems.
[19]
Daniel Fallnich, Shutao Zhang, and Tobias Gemmeke. 2022. Efficient ASIC Architectures for Low Latency Niederreiter Decryption. Cryptology ePrint Archive(2022).
[20]
Santosh Ghosh, Jeroen Delvaux, Leif Uhsadel, and Ingrid Verbauwhede. 2012. A speed area optimized embedded co-processor for McEliece cryptosystem. In 2012 IEEE 23rd International Conference on Application-Specific Systems, Architectures and Processors.
[21]
A Nico Habermann. 1972. Parallel neighbor-sort (or the glory of the induction principle). (1972).
[22]
Stefan Heyse. 2010. Low-reiter: Niederreiter encryption scheme for embedded microcontrollers. In International Workshop on Post-Quantum Cryptography.
[23]
Stefan Heyse and Tim Güneysu. 2013. Code-based cryptography on reconfigurable hardware: tweaking Niederreiter encryption for performance. Journal of Cryptographic Engineering(2013).
[24]
Jingwei Hu, Wangchen Dai, Liu Yao, and Ray CC Cheung. 2018. An application specific instruction set processor (ASIP) for the Niederreiter cryptosystem. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS). IEEE, 1–6.
[25]
Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R Zimmermann. 2021. Post-quantum WireGuard. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 304–321.
[26]
Vatistas Kostalabros, Jordi Ribes-González, Oriol Farràs, Miquel Moretó, and Carles Hernandez. 2021. HLS-Based HW/SW Co-Design of the Post-Quantum Classic McEliece Cryptosystem. In 2021 31st International Conference on Field-Programmable Logic and Applications (FPL).
[27]
Mariano López-García and Enrique Cantó-Navarro. 2020. Hardware-Software Implementation of a McEliece Cryptosystem for Post-quantum Cryptography. In Future of Information and Communication Conference.
[28]
Robert J McEliece. 1978. A public-key cryptosystem based on Algebraic Coding Theory. Coding Thv 4244(1978), 114–116.
[29]
MullVad VPN. 2022. Experimental post-quantum safe VPN tunnels.
[30]
Karthikeyan Nagarajan, Sina Sayyah Ensan, Swagata Mandal, Swaroop Ghosh, and Anupam Chattopadhyay. 2019. IMACE: In-memory acceleration of Classic McEliece encoder. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). IEEE, 513–518.
[31]
National Institute of Standards and Technology. Dec 2016. PQC – known answer tests and test vectors. [Online]. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/example-files/kat.pdf.
[32]
Harald Niederreiter. 1986. Knapsack-type cryptosystems and algebraic coding theory. Prob. Contr. Inform. Theory 15, 2 (1986), 157–166.
[33]
Cyrius Nugier and Vincent Migliore. 2023. Acceleration of Classic McEliece Post-Quantum Cryptosystem with Cache Processing. IEEE Micro (2023).
[34]
Sabine Pircher, J Geier, Alexander Zeh, and Daniel Mueller-Gritschneder. 2021. Exploring the RISC-V Vector Extension for the Classic McEliece Post-Quantum Cryptosystem. In 2021 22nd International Symposium on Quality Electronic Design (ISQED).
[35]
Salonik Resch and Ulya R Karpuzcu. 2019. Quantum computing: an overview across the system stack. arXiv preprint arXiv:1905.07240(2019).
[36]
Johannes Roth, Evangelos Karatsiolis, and Juliane Krämer. 2020. Classic McEliece implementation with low memory footprint. In International Conference on Smart Card Research and Advanced Applications.
[37]
Minjoo Sim, Siwoo Eum, Hyeokdong Kwon, Hyunjun Kim, and Hwajeong Seo. 2022. Optimized Implementation of Encapsulation and Decapsulation of Classic McEliece on ARMv8. Cryptology ePrint Archive(2022).
[38]
Michael Ekonde Sone. 2020. FPGA-based McEliece Cryptosystem using Non-linear Convolutional Codes. In ICETE (2). 64–75.
[39]
Falko Strenzke. 2010. A smart card implementation of the McEliece PKC. In IFIP International Workshop on Information Security Theory and Practices.
[40]
Johann-Philipp Thiers and Jürgen Freudenberger. 2022. A decoder for a lightweight McEliece cryptosystem based on concatenated codes. IEEE Consumer Electronics Magazine(2022).
[41]
Vatistas Kostalampros, Barcelona Supercomputing Center. Dec 2024. Classic McEliece HLS-based Extended Encyption Hardware Accelerator. [Online]. https://github.com/beatsnbytes/cm_eEnc.
[42]
Ingo von Maurich, Lukas Heberle, and Tim Güneysu. 2016. IND-CCA secure hybrid encryption from QC-MDPC Niederreiter. In Post-Quantum Cryptography.
[43]
Ingo von Maurich, Tobias Oder, and Tim Güneysu. 2015. Implementing QC-MDPC McEliece encryption. ACM Transactions on Embedded Computing Systems (TECS) 14, 3(2015), 1–27.
[44]
SHS Vries. 2016. Achieving 128-bit security against quantum attacks in OpenVPN. Master’s thesis. University of Twente.
[45]
Wen Wang, Jakub Szefer, and Ruben Niederhagen. 2017. FPGA-based key generator for the Niederreiter cryptosystem using binary Goppa codes. In International Conference on Cryptographic Hardware and Embedded Systems.
[46]
Wen Wang, Jakub Szefer, and Ruben Niederhagen. 2018. FPGA-based Niederreiter cryptosystem using binary Goppa codes. In International Conference on Post-Quantum Cryptography.
[47]
Xilinx Inc. 2020. UltraScale Architecture and Product Data Sheet: Overview. https://www.xilinx.com/support/documentation/data_sheets/ds890-ultrascale-overview.pdf
[48]
Jiaming Zhang, Dongsheng Liu, Jiahao Lu, Aobo Li, Changwen Mo, Jiye Tian, and Hai Li. 2022. Implementation of Classic McEliece key generation based on Goppa binary code. In 2022 IEEE 16th International Conference on Solid-State & Integrated Circuit Technology (ICSICT). IEEE, 1–3.
[49]
Yihong Zhu, Wenping Zhu, Chen Chen, Min Zhu, Zhengdong Li, Shaojun Wei, and Leibo Liu. 2022. Compact GF(2) systemizer and optimized constant-time hardware sorters for Key Generation in Classic McEliece. Cryptology ePrint Archive(2022).
[50]
Yihong Zhu, Wenping Zhu, Chen Chen, Min Zhu, Zhengdong Li, Shaojun Wei, and Leibo Liu. 2023. Mckeycutter: A High-throughput Key Generator of Classic McEliece on Hardware. In 2023 60th ACM/IEEE Design Automation Conference (DAC). IEEE, 1–6.
Index Terms
- Leveraging HLS to Design a Versatile & High-Performance Classic McEliece Accelerator
Recommendations
How to Backdoor (Classic) McEliece and How to Guard Against Backdoors
Post-Quantum CryptographyAbstractWe show how to backdoor the McEliece cryptosystem such that a backdoored public key is indistinguishable from a usual public key, but allows to efficiently retrieve the underlying secret key.
For good cryptographic reasons, McEliece uses a small ...
Chosen-ciphertext secure code-based threshold public key encryptions with short ciphertext
AbstractThreshold public-key encryption (threshold PKE) has various useful applications. A lot of threshold PKE schemes are proposed based on RSA, Diffie–Hellman and lattice, but to the best of our knowledge, code-based threshold PKEs have not been ...
Efficient Implementation of the Classic McEliece on ARMv8 Processors
Information Security ApplicationsAbstractClassic McEliece is a Code-based Key Encapsulation Mechanisms (KEM) and one of the candidate algorithms in the NIST PQC competition. Based on the McEliece cryptosystem developed in 1978, this system relies on the Niederreiter variant of McEliece. ...
Comments
Information & Contributors
Information
Published In
EISSN:1558-3465
Table of ContentsCopyright © 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Online AM: 02 October 2024
Accepted: 07 September 2024
Revised: 15 July 2024
Received: 13 February 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 24Total Downloads
- Downloads (Last 12 months)24
- Downloads (Last 6 weeks)24
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in