Classic McEliece on ARM M4

Rainer Urian

unread,

Mar 31, 2021, 10:30:04 AM3/31/21

to pqc-forum

Hello,

does there exist an ARM Cortex M4 implementation of Classic McEliece ?

Best Regards,
Rainer

Ruben Niederhagen

unread,

Mar 31, 2021, 11:21:15 AM3/31/21

to Rainer Urian, pqc-forum

Hi Rainer!

On 3/31/21 4:29 PM, 'Rainer Urian' via pqc-forum wrote:
> does there exist an ARM Cortex M4 implementation of Classic McEliece ?

I am not sure if the source code is publicly available - but this paper
discusses Classic McEliece on Cortex M4:

Roth J., Karatsiolis E., Krämer J.:
"Classic McEliece Implementation with Low Memory Footprint."
In: Liardet PY., Mentens N. (eds) Smart Card Research and Advanced
Applications. CARDIS 2020. Lecture Notes in Computer Science, vol
12609. Springer, Cham. https://doi.org/10.1007/978-3-030-68487-7_3
https://eprint.iacr.org/2021/138

Happy Easter!
Ruben

Rainer Urian

unread,

Mar 31, 2021, 11:27:58 AM3/31/21

to Ruben Niederhagen, pqc-forum

Hi Ruben,

Thank you.
I know this paper but I could not find the corresponding source code on the web.
This implemenation would be especially interesting, because the paper shows an improved key generation.

Best regards,
Rainer

Tung Chou

unread,

Mar 31, 2021, 6:20:01 PM3/31/21

to Rainer Urian, pqc-forum

Here is a newer paper written by Ming-Shing Chen and me:

https://tungchou.github.io/papers/cm-m4.pdf.

It does not have a link to our implementation at this moment because

we are working on code cleanup. We expect that a link will be included

in the paper in two weeks. Our implementation follows the round-3

specification.

Tung Chou

Johannes Roth

unread,

Apr 1, 2021, 3:37:39 AM4/1/21

to pqc-...@list.nist.gov

Hi Rainer, hi all,

the code is available at https://github.com/MTG-AG/streamingCME
Feel free to contact us should you have any questions.

Regards,
Johannes

--
MTG AG
Johannes Roth Telefon: +49 6151 8000-174
Telefax: +49 6151 8000-43
Dolivostrasse 11 Mail: jr...@mtg.de
D-64293 Darmstadt Web: http://www.mtg.de

MTG AG
Firmensitz: Dolivostr. 11, 64293 Darmstadt
Registergericht: Amtsgericht Darmstadt, HRB 8901
Vorstand: Jürgen Ruf (Vors.), Tamer Kemeroez
Aufsichtsratsvorsitzender: Dr. Thomas Milde

Rainer Urian

unread,

Apr 2, 2021, 8:28:15 AM4/2/21

to Tung Chou, pqc-forum

Hello Tung Chou,

I am very curious about your optimized Cortex M4 Implementation.

I have done a plain-vanilla port of the NIST submission to the ARM Cortex M3 Designstart MPS2+ board.

The decrypt function for the 348864 parameter set takes about 280 million cycles on that device.

According to your paper, your implementation should be roughly 100 times faster.

BR,

Rainer

Tung Chou

unread,

Apr 3, 2021, 10:46:35 PM4/3/21

to Rainer Urian, pqc-forum, Ming-Shing Chen

Hi Rainer,

I am also interested in knowing why decrypt(), as a subroutine of decapsulation,

takes so much time on your device. I guess this has something to do with details

about the "plain-vanilla port". We can discuss these details privately to see what

went wrong, and we (Ming-Shing and I) can see how our code can be ported to

M3. We should also discuss your idea about Goppa polynomial generation.

Best regards,

Tung Chou

Reply all

Reply to author

Forward