Abstract
The McEliece cryptosystem is one of the public-key cryptosystems that do not have known vulnerabilities to attacks using quantum computers. However, the McEliece cryptosystem has not been widely used for practical applications due to the large key size. We present an authenticated key exchange protocol based on the McEliece cryptosystem. We show that the proposed protocol is well suited for the G.709 Optical Transport Network (OTN) framework and satisfies a typical key refreshing rate used in industry. The proposed protocol addresses known weaknesses of the McEliece cryptosystem under a framework of the PACE protocol. The proposed protocol is implemented in software and demonstrated in a commercial optical communication system.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Alkim E, Ducas L, Pöppelmann T, Schwabe P (2015) Post-quantum key exchange—a new hope, Cryptology ePrint Archive, Report 2015/1092. http://eprint.iacr.org/2015/1092
Barker E (2016) Recommendation for key management, NIST SP 800-57, Part 1, Revision 4
Barker E, Chen L, Roginsky A, Smid M (2013) Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography, NIST Special Publication 800-56A, Revision 2
Bellare M, Rogaway P (1995) Optimal asymmetric encryption - how to encrypt with RSA, EUROCRYPT’94. Lecture Notes in Computer Science, vol. 950. Springer, pp 92–111
Bender J, Fischlin M, Kügler D (2009) Security analysis of the PACE key-agreement protocol information security. In: Information security conference (ISC). LNCS 5735:33–48
Berger T, Loidreau P (2005) How to mask the structure of codes for a cryptographic use. Des Codes Cryptogr 35(1):63–79
Bernstein D, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography. Cryptogr Hardw Embed Syst CHES. LNCS 8086:250–272
Bernstein D, Lange T (ed) (2017) eBACS: ECRYPT benchmarking of cryptographic systems. http://bench.cr.yp.to. Accessed 28 March 2017
Bernstein D, Lange T, Peters C (2008) Attacking and defending the McEliece cryptosystem, Cryptology ePrint Archive, Report 2008/318. http://eprint.iacr.org/2008/318
Berson T (1997) Failure of the McEliece public-key cryptosystem under message-resend and related-message attack. In: 17th Annual international cryptology conference on advances in cryptology—CRYPTO’97, pp 213–220
Canteaut A, Sendrier N (1998) Cryptanalysis of the original McEliece cryptosystem. In: Advances in cryptology—ASIACRYPT’98. Lecture Notes in Computer Science, vol. 1514. Springer, Heidelberg
Chou T (2016) QcBits: constant-time small-key code-based cryptography, pp 280–300
Augot D et al (2015) Initial recommendations of long-term secure post-quantum systems, PQCRYPTO. http://pqcrypto.eu.org/docs/initial-recommendations.pdf
Chen L et al (2016) Report on post-quantum cryptography, NISTIR vol. 8105. http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf
Finiasz M, Sendrier N (2009) Security bounds for the design of code-based cryptosystems, pp 88–105
Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: 19th annual international cryptology conference on advances in cryptology—CRYPTO’99, pp 537–554
Bundesamt fur Sicherheit in der Informationstechnik (BSI) (2015) Advanced security mechanisms for machine readable travel documents and eIDAS token, BSI Technical Report (TR-03110), Version 2.20
Gorshe S A tutorial on ITU-T G.709 optical transport networks (OTN)
Hall C, Goldberg I, Schneier B (1999) Reaction attacks against several public-key cryptosystem. In: Second international conference on information and communication security, ICICS’99. Springer, Heidelberg, pp 2–12
Janwa H, Moreno O (1996) McEliece public key cryptosystems using algebraic-geometric codes. Des Codes Cryptogr 8(3):293–307
Kobara K, Imai H (2001) Semantically secure McEliece public-key cryptosystems—conversions for McEliece PKC. In: Proceedings of the 4th international workshop on practice and theory in public key cryptography: public key cryptography, pp 19–35
Lee P, Brickell E (1988) An observation on the security of McEliece’s public-key cryptosystem. In: Advances in cryptology—EUROCRYPT’88 (Berlin, Heidelberg). Lecture Notes in Computer Science, vol 330. Springer, Heidelberg
Leon J (1988) A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans Inf Theory 34(5):1354–1359
Luykx A, Paterson K (2016) Limits on authenticated encryption use in TLS. www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf
McEliece RJ (1978) A public-key cryptosystem based on algebraic coding theory. Deep Space Netw Progr Rep 44:114–116
Misoczki R, Tillich JP, Sendrier N, Barreto PSLM (2013) MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: 2013 IEEE international symposium on information theory, pp 2069–2073
Mukherjee A, Fakoorian SAA, Huang J, Swindlehurst AL (2014) Principles of physical layer security in multiuser wireless networks: a survey. IEEE Commun Surv Tutor 16(3):1550–1573
NIST (2001) Advanced encryption standard (AES), FIPS PUB 197
NIST (2008) The keyed-hash message authentication code (HMAC), FIPS 198-1
Overbeck R, Sendrier N (2009) Code-based cryptography, Post-quantum cryptography. In: Bernstein D, Buchmann J, Dahmen E (eds). Springer, Oxford, pp 95–145
Persichetti E (2013) Secure and anonymous hybrid encryption from coding theory, post-quantum cryptography. In: 5th International workshop, PQCrypto (2013). Lecture Notes in Computer Science, vol. 7932. Springer, pp 174–187
Peters C (2009) Information-set decoding for linear codes over Fq, Cryptology ePrint Archive, Report 2009/589. http://eprint.iacr.org/2009/589
David Pointcheval (2000) Chosen-ciphertext security for any one-way cryptosystem, public key cryptography. In: Third international workshop on practice and theory in public key cryptosystems, PKC (2000). Springer, Heidelberg, pp 129–146
Shor PW (1994) Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th annual symposium on foundations of computer science, Nov 1994, pp 124–134
Stern J (1989) A method for finding codewords of small weight, coding theory and applications. Lecture Notes in Computer Science, vol. 388. Springer, Heidelberg
Tilburg J (1990) On the McEliece public-key cryptosystem. In: Advances in cryptology—CRYPTO’88. Lecture Notes in Computer Science, vol 403. Springer, New York
Wyner AD (1975) The wire-tap channel. Bell Syst Tech J 54(8):1355–1387
Acknowledgements
The authors would like to thank anonymous reviewers of WCS 2017 for very helpful feedback and comments. This work has been performed in the framework of the CELTIC EUREKA project SENDATE-Secure-DCI (Project ID C2015/3–4), and it is partly funded by the German BMBF (Project ID 16KIS0477K).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
This section describes the signal format of the OTN (Optical Transport Network) signal and the frame structure. Note that we present only partial information which is relevant to this paper. For details, we refer to [18]. There are four currently defined OTU (Optical Transport Unit) rates and five OPU (Optical Payload Unit) / ODU (Optical Data Unit) rates. An OPU, ODU, or OTU of a particular rate is referred to as an OPUk, ODUk, or ODUk with k = 0, 1, 2, 3, or 4. The OPU, ODU, and OTU frame structure is partially shown in Fig. 3. The ODU frame is structured as four rows by 3824 columns, regardless of the signal rate. The OPU payload area consists of columns 17-3824 for all four rows. The overhead information for the OPU is contained in the D and E areas of Fig. 3.
The ODUk overhead location is shown in Fig. 4. The ODU consists of the OPU and the ODU overhead. The ODU overhead is area C in Fig. 3. It contains the overhead for path performance monitoring (PM), fault type and fault location (FTFL), two generic communications channels (GCC), an automatic protection switching and protection communications channel (APS/PCC), six levels of tandem connection monitoring (TCM), and a set of bytes reserved for experimental purposes (RES).
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Cho, J.Y., Griesser, H., Rafique, D. (2018). A McEliece-Based Key Exchange Protocol for Optical Communication Systems. In: Baldi, M., Quaglia, E., Tomasin, S. (eds) Proceedings of the 2nd Workshop on Communication Security. WCS 2017. Lecture Notes in Electrical Engineering, vol 447. Springer, Cham. https://doi.org/10.1007/978-3-319-59265-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-59265-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59264-0
Online ISBN: 978-3-319-59265-7
eBook Packages: EngineeringEngineering (R0)