Skip to main content
SpringerLink
Log in
Book cover

International Worskhop on Communication Security

WCS 2017: Proceedings of the 2nd Workshop on Communication Security pp 109–123Cite as

A McEliece-Based Key Exchange Protocol for Optical Communication Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 447))

Abstract

The McEliece cryptosystem is one of the public-key cryptosystems that do not have known vulnerabilities to attacks using quantum computers. However, the McEliece cryptosystem has not been widely used for practical applications due to the large key size. We present an authenticated key exchange protocol based on the McEliece cryptosystem. We show that the proposed protocol is well suited for the G.709 Optical Transport Network (OTN) framework and satisfies a typical key refreshing rate used in industry. The proposed protocol addresses known weaknesses of the McEliece cryptosystem under a framework of the PACE protocol. The proposed protocol is implemented in software and demonstrated in a commercial optical communication system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    We refer to [24] for the limit of AES-GCM key usage.

  2. 2.

    A public key cryptosystem is indistinguishable in the CCA model if the attacker has no advantage in determining for a given ciphertext and two plaintexts which of them was encrypted [30].

References

  1. Alkim E, Ducas L, Pöppelmann T, Schwabe P (2015) Post-quantum key exchange—a new hope, Cryptology ePrint Archive, Report 2015/1092. http://eprint.iacr.org/2015/1092

  2. Barker E (2016) Recommendation for key management, NIST SP 800-57, Part 1, Revision 4

    Google Scholar 

  3. Barker E, Chen L, Roginsky A, Smid M (2013) Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography, NIST Special Publication 800-56A, Revision 2

    Google Scholar 

  4. Bellare M, Rogaway P (1995) Optimal asymmetric encryption - how to encrypt with RSA, EUROCRYPT’94. Lecture Notes in Computer Science, vol. 950. Springer, pp 92–111

    Google Scholar 

  5. Bender J, Fischlin M, Kügler D (2009) Security analysis of the PACE key-agreement protocol information security. In: Information security conference (ISC). LNCS 5735:33–48

    Google Scholar 

  6. Berger T, Loidreau P (2005) How to mask the structure of codes for a cryptographic use. Des Codes Cryptogr 35(1):63–79

    Google Scholar 

  7. Bernstein D, Chou T, Schwabe P (2013) McBits: fast constant-time code-based cryptography. Cryptogr Hardw Embed Syst CHES. LNCS 8086:250–272

    Google Scholar 

  8. Bernstein D, Lange T (ed) (2017) eBACS: ECRYPT benchmarking of cryptographic systems. http://bench.cr.yp.to. Accessed 28 March 2017

  9. Bernstein D, Lange T, Peters C (2008) Attacking and defending the McEliece cryptosystem, Cryptology ePrint Archive, Report 2008/318. http://eprint.iacr.org/2008/318

  10. Berson T (1997) Failure of the McEliece public-key cryptosystem under message-resend and related-message attack. In: 17th Annual international cryptology conference on advances in cryptology—CRYPTO’97, pp 213–220

    Google Scholar 

  11. Canteaut A, Sendrier N (1998) Cryptanalysis of the original McEliece cryptosystem. In: Advances in cryptology—ASIACRYPT’98. Lecture Notes in Computer Science, vol. 1514. Springer, Heidelberg

    Google Scholar 

  12. Chou T (2016) QcBits: constant-time small-key code-based cryptography, pp 280–300

    Google Scholar 

  13. Augot D et al (2015) Initial recommendations of long-term secure post-quantum systems, PQCRYPTO. http://pqcrypto.eu.org/docs/initial-recommendations.pdf

  14. Chen L et al (2016) Report on post-quantum cryptography, NISTIR vol. 8105. http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf

  15. Finiasz M, Sendrier N (2009) Security bounds for the design of code-based cryptosystems, pp 88–105

    Google Scholar 

  16. Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: 19th annual international cryptology conference on advances in cryptology—CRYPTO’99, pp 537–554

    Google Scholar 

  17. Bundesamt fur Sicherheit in der Informationstechnik (BSI) (2015) Advanced security mechanisms for machine readable travel documents and eIDAS token, BSI Technical Report (TR-03110), Version 2.20

    Google Scholar 

  18. Gorshe S A tutorial on ITU-T G.709 optical transport networks (OTN)

    Google Scholar 

  19. Hall C, Goldberg I, Schneier B (1999) Reaction attacks against several public-key cryptosystem. In: Second international conference on information and communication security, ICICS’99. Springer, Heidelberg, pp 2–12

    Google Scholar 

  20. Janwa H, Moreno O (1996) McEliece public key cryptosystems using algebraic-geometric codes. Des Codes Cryptogr 8(3):293–307

    Article  MathSciNet  MATH  Google Scholar 

  21. Kobara K, Imai H (2001) Semantically secure McEliece public-key cryptosystems—conversions for McEliece PKC. In: Proceedings of the 4th international workshop on practice and theory in public key cryptography: public key cryptography, pp 19–35

    Google Scholar 

  22. Lee P, Brickell E (1988) An observation on the security of McEliece’s public-key cryptosystem. In: Advances in cryptology—EUROCRYPT’88 (Berlin, Heidelberg). Lecture Notes in Computer Science, vol 330. Springer, Heidelberg

    Google Scholar 

  23. Leon J (1988) A probabilistic algorithm for computing minimum weights of large error-correcting codes. IEEE Trans Inf Theory 34(5):1354–1359

    Article  MathSciNet  MATH  Google Scholar 

  24. Luykx A, Paterson K (2016) Limits on authenticated encryption use in TLS. www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf

  25. McEliece RJ (1978) A public-key cryptosystem based on algebraic coding theory. Deep Space Netw Progr Rep 44:114–116

    Google Scholar 

  26. Misoczki R, Tillich JP, Sendrier N, Barreto PSLM (2013) MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: 2013 IEEE international symposium on information theory, pp 2069–2073

    Google Scholar 

  27. Mukherjee A, Fakoorian SAA, Huang J, Swindlehurst AL (2014) Principles of physical layer security in multiuser wireless networks: a survey. IEEE Commun Surv Tutor 16(3):1550–1573

    Article  Google Scholar 

  28. NIST (2001) Advanced encryption standard (AES), FIPS PUB 197

    Google Scholar 

  29. NIST (2008) The keyed-hash message authentication code (HMAC), FIPS 198-1

    Google Scholar 

  30. Overbeck R, Sendrier N (2009) Code-based cryptography, Post-quantum cryptography. In: Bernstein D, Buchmann J, Dahmen E (eds). Springer, Oxford, pp 95–145

    Google Scholar 

  31. Persichetti E (2013) Secure and anonymous hybrid encryption from coding theory, post-quantum cryptography. In: 5th International workshop, PQCrypto (2013). Lecture Notes in Computer Science, vol. 7932. Springer, pp 174–187

    Google Scholar 

  32. Peters C (2009) Information-set decoding for linear codes over Fq, Cryptology ePrint Archive, Report 2009/589. http://eprint.iacr.org/2009/589

  33. David Pointcheval (2000) Chosen-ciphertext security for any one-way cryptosystem, public key cryptography. In: Third international workshop on practice and theory in public key cryptosystems, PKC (2000). Springer, Heidelberg, pp 129–146

    Google Scholar 

  34. Shor PW (1994) Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th annual symposium on foundations of computer science, Nov 1994, pp 124–134

    Google Scholar 

  35. Stern J (1989) A method for finding codewords of small weight, coding theory and applications. Lecture Notes in Computer Science, vol. 388. Springer, Heidelberg

    Google Scholar 

  36. Tilburg J (1990) On the McEliece public-key cryptosystem. In: Advances in cryptology—CRYPTO’88. Lecture Notes in Computer Science, vol 403. Springer, New York

    Google Scholar 

  37. Wyner AD (1975) The wire-tap channel. Bell Syst Tech J 54(8):1355–1387

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The authors would like to thank anonymous reviewers of WCS 2017 for very helpful feedback and comments. This work has been performed in the framework of the CELTIC EUREKA project SENDATE-Secure-DCI (Project ID C2015/3–4), and it is partly funded by the German BMBF (Project ID 16KIS0477K).

Author information

Authors and Affiliations

  1. ADVA Optical Networking SE, Fraunhoferstrasse 9a, 82152, Martinsried, Germany

    Joo Yeon Cho, Helmut Griesser & Danish Rafique

Authors
  1. Joo Yeon Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Helmut Griesser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Danish Rafique
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joo Yeon Cho .

Editor information

Editors and Affiliations

  1. Università Politecnica delle Marche, Ancona, Italy

    Marco Baldi

  2. Royal Holloway, University of London, Egham, United Kingdom

    Elizabeth A. Quaglia

  3. University of Padova, Padova, Italy

    Stefano Tomasin

Appendix

Appendix

This section describes the signal format of the OTN (Optical Transport Network) signal and the frame structure. Note that we present only partial information which is relevant to this paper. For details, we refer to [18]. There are four currently defined OTU (Optical Transport Unit) rates and five OPU (Optical Payload Unit) / ODU (Optical Data Unit) rates. An OPU, ODU, or OTU of a particular rate is referred to as an OPUk, ODUk, or ODUk with k = 0, 1, 2, 3, or 4. The OPU, ODU, and OTU frame structure is partially shown in Fig. 3. The ODU frame is structured as four rows by 3824 columns, regardless of the signal rate. The OPU payload area consists of columns 17-3824 for all four rows. The overhead information for the OPU is contained in the D and E areas of Fig. 3.

Fig. 3
figure 3

G.709 OTN signal frame structure

Full size image

The ODUk overhead location is shown in Fig. 4. The ODU consists of the OPU and the ODU overhead. The ODU overhead is area C in Fig. 3. It contains the overhead for path performance monitoring (PM), fault type and fault location (FTFL), two generic communications channels (GCC), an automatic protection switching and protection communications channel (APS/PCC), six levels of tandem connection monitoring (TCM), and a set of bytes reserved for experimental purposes (RES).

Fig. 4
figure 4

G.709 ODUk overhead format

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Cho, J.Y., Griesser, H., Rafique, D. (2018). A McEliece-Based Key Exchange Protocol for Optical Communication Systems. In: Baldi, M., Quaglia, E., Tomasin, S. (eds) Proceedings of the 2nd Workshop on Communication Security. WCS 2017. Lecture Notes in Electrical Engineering, vol 447. Springer, Cham. https://doi.org/10.1007/978-3-319-59265-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59265-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59264-0

  • Online ISBN: 978-3-319-59265-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation