McEliece Key Exchange Mechanism
[Node.js Home][Home]
McEliece is a post-quantum key exchange mechanism, and a finalist for the NIST PQC competition. This page uses various methods including mceliece348864, mceliece460896, mceliece6688128, mceliece6960119 and mceliece8192128. In McEliece methods, we have three main parameters: \(m\), \(n\) and \(t\). With mceliece348864, we have a Level 1 security level with a public key size of 261,120 bytes, a private key size of 6,492 bytes, and a cipher text size of 128 bytes. mceliece460896 has a Level 3 security level with a public key size of 524,160 bytes, a private key size of 13,608 bytes, and a cipher text size of 188 bytes. mceliece460896 has a Level 5 security level with a public key size of 1,0454,992 bytes, a private key size of 13,932 bytes, and a cipher text size of 240 bytes. [Kyber KEM]
[SABER KEM]
[NTRU KEM]
[McEliece KEM]
|
Outline
The following is the derived key size and cipher text (in bytes) of each of the core methods [1]:
m n t level | public key secret key ciphertext -------------------------------------------------------------------------- mceliece348864 12 3,488 64 1 | 261,120 6,492 128 mceliece460896 13 4,608 94 3 | 524,160 13,608 188 mceliece6688128 13 6,688 128 5 | 1,044,992 13,932 240 mceliece6960119 13 6,960 119 5 | 1,047,319 13,948 226 mceliece8192128 13 8,192 128 5 | 1,357,824 14,120 240
The following defines the key sizes for Kyber, SABER, NTRU and McEliece:
Type Public key size (B) Secret key size (B) Ciphertext size (B) ------------------------------------------------------------------------ Kyber512 800 1,632 768 Kyber738 1,184 2,400 1,088 Kyber1024 1,568 3,168 1,568 LightSABER 672 1,568 736 SABER 992 2,304 1,088 FireSABER 1,312 3,040 1,472 McEliece348864 261,120 6,452 128 McEliece460896 524,160 13,568 188 McEliece6688128 1,044,992 13,892 240 McEliece6960119 1,047,319 13,948 226 McEliece8192128 1,357,824 14,120 240 NTRUhps2048509 699 935 699 NTRUhps2048677 930 1,234 930 NTRUhps4096821 1,230 1,590 1,230
Note: LightSABER has a security level of AES-128, SABER maps to AES-192, and FireSABER to AES-256. Kyber512 has a security level of AES-128, Kyber738 maps to AES-192, and Keyber1024 to AES-256. NTRUhps2048509 has a security level of AES-128, NTRUhps2048677 maps to AES-192, and NTRUhps4096821 to AES-256.
In terms of performance on an ARM Cortex-M4 (32-bit RISC processor), the following is the number of cycles taken for various operations for key generation, key encapulation and key decapsulation [1]:
scheme (implementation) level key generation encapsulation decapsulation ---------------------------------------------------------------------------- frodokem640aes (m4) 1 48,348,105 47,130 922 46,594,383 kyber512 (m4) 1 463,343 566,744 525,141 kyber768 (m4) 3 763,979 923,856 862,176 lightsaber (m4f) 1 361,687 513,581 498,590 saber (m4f) 3 654,407 862,856 835,122 ntruhps2048509 (m4f) 1 79,658,656 564,411 537,473 ntruhps2048677 (m4f) 3 143,734,184 821,524 815,516 sikep434 (m4) 1 48,264,129 78,911,465 84,276,911 sikep610 (m4) 3 119,480,622 219,632,058 221,029,700 mceliece348864f 1 1,430,811,294 582,199 2,706,681 mceliece348864 1 2,146,932,033 582,199 2,706,681
We can see that McEliece has the slowest key generation speed, but is one of the fastest for encapsulation, and is faster than SIKE for decapsulation. Generally, though, Kyber and SABER have the best all round tests.
The following is the code:
const { McEliece } = require('mceliece-nist'); meth='mceliece348864' var args = process.argv; if (args.length>1) method=args[2]; const kem = new McEliece(meth); const { publicKey, privateKey } = kem.keypair(); pub=(publicKey.toString('hex') ) priv=(privateKey.toString('hex') ) console.log('Public key (Bytes)', pub.length/2); console.log('Public key (first 16 bytes)', pub.slice(0,32)); console.log(`Private key size (Bytes): ${kem.publicKeySize}`); console.log('Private key (Bytes)', priv.length/2); console.log('Private key (first 16 bytes)', priv.slice(0,32)); console.log(`Private key size (Bytes): ${kem.privateKeySize}`); const { key, encryptedKey } = kem.generateKey(publicKey); console.log(`\nBob sends encrypted key: ${encryptedKey.toString('hex') }`); console.log(`Encrypted key size (Bytes): ${kem.encryptedKeySize}`); console.log(`\nBob key: ${key.toString('hex')}`); const receivedKey = kem.decryptKey(privateKey, encryptedKey); console.log(`Alice decrypts key: ${receivedKey.toString('hex')}`);
In the same run, Alice generates a public key and a private key. Bob encrypts a shared key for her, and she decrypts with her private key:
Type: mceliece348864 Public key (Bytes) 261120 Public key (first 32 bytes) 7a85c0e46bad023b001f3b846c310fca2c82390304a1a989f68a1f7e7aabe20a Private key size (Bytes): 261120 Private key (Bytes) 6452 Private key (first 32 bytes) af77ca39045954ebab244f0cd1b91a5a2b3ed379027aa430bd58f90dee4f8bda Private key size (Bytes): 6452 Bob sends encrypted key: d68e8c189218e6811bc7c1649c4ac56b6116dceaa5e227155d711857bd4fc142aea38d06967e7dc364710f9b4d0674bd4b697cdd83e84c93df893b15a7dd9297eed9db785a06358a283f1d2c55f710e7dedb8fa4ec661514dc248250f4ca0cec9c2e711769f56986f0116e443607099473bbe3db1a37bc1199028025b9f5efb0 Encrypted key size (Bytes): 128 Bob key: 7da562dcbb7b4fef190bb0bd0eca87fd1b77951e452a89ff8eda18e616faca49 Alice decrypts key: 7da562dcbb7b4fef190bb0bd0eca87fd1b77951e452a89ff8eda18e616faca49
Reference
[1] Chen, M. S., & Chou, T. Classic McEliece on the ARM Cortex-M4 [here].