Efficient ASIC Architecture for Low Latency Classic McEliece Decoding

Authors

  • Daniel Fallnich RWTH Aachen University, Aachen, Germany; now with IBM, Böblingen, Germany
  • Christian Lanius RWTH Aachen University, Aachen, Germany
  • Shutao Zhang RWTH Aachen University, Aachen, Germany
  • Tobias Gemmeke RWTH Aachen University, Aachen, Germany

DOI:

https://doi.org/10.46586/tches.v2024.i2.403-425

Keywords:

Application-Specific Architecture, Post-Quantum Cryptography, Classic McEliece, Niederreiter Cryptosystem, Hardware Implementation

Abstract

Post-quantum cryptography addresses the increasing threat that quantum computing poses to modern communication systems. Among the available “quantum-resistant” systems, the Classic McEliece key encapsulation mechanism (KEM) is positioned as a conservative choice with strong security guarantees. Building upon the code-based Niederreiter cryptosystem, this KEM enables high performance encapsulation and decapsulation and is thus ideally suited for applications such as the acceleration of server workloads. However, until now, no ASIC architecture is available for low latency computation of Classic McEliece operations. Therefore, the present work targets the design, implementation and optimization of a tailored ASIC architecture for low latency Classic McEliece decoding. An efficient ASIC design is proposed, which was implemented and manufactured in a 22 nm FDSOI CMOS technology node. We also introduce a novel inversionless architecture for the computation of error-locator polynomials as well as a systolic array for combined syndrome computation and polynomial evaluation. With these approaches, the associated optimized architecture improves the latency of computing error-locator polynomials by 47% and the overall decoding latency by 27% compared to a state-of-the-art reference, while requiring only 25% of the area.

Downloads

Published

2024-03-12

Issue

Section

Articles

How to Cite

Efficient ASIC Architecture for Low Latency Classic McEliece Decoding. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 403-425. https://doi.org/10.46586/tches.v2024.i2.403-425