A complete implementation of the McEliece system in its original form and CCA2-secure versions
These files implement the Classic McEliece PKC as well as conversions of it to IND-CCA2 security using the Fujisaki-Okamoto transform and Kobara-Imai alpha transform. Along the way it implements algorithms to convert binary strings to vectors of length n and weight t (also called error vectors for their use in (n,t)-error correcting codes).
Python3
For a general overview of McEliece-based cryptosystems, click here
This file implements Classic McEliece. Decoding of the underlying Goppa code is done with code in bernstein.py, sourced from https://cr.yp.to/papers/goppadecoding-20220816.pdf (auto-converted from Sage to Python).
This file implements the Fujisaki-Okamoto transform, Cayrel et al's variant on the Fujisaki-Okamoto transform, and Kobara-Imai alpha transform.
Cayrel et al use Srivastava codes in their proposal but I use Goppa codes in my implementation for stronger security guarantees.
The other CCA conversions require PRNGs and functions to convert binary strings to error vectors; these are implemented in other files.
This file implements the hash functions/PRNGs using cshake in pycryptodome, as well as other helper functions.
This file implements Sendrier's protocol for converting binary strings into error vectors for given parameters of n, t.
This file implements Barenghi and Pelosi's protocol for converting binary strings into error vectors for given parameters of n, t.
(In case the above links break)
Classic McEliece: Robert J. McEliece. “A Public-Key Cryptosystem Based On Algebraic Coding Theory”. In: Deep Space Network Progress Report 44 (Jan. 1978), pp. 114–116. url: https://ipnpr.jpl.nasa.gov/progress_report2/42-44/44N.PDF
The Fujisaki-Okamoto generic transform: Eiichiro Fujisaki and Tatsuaki Okamoto. “Secure integration of asymmetric and symmetric encryption schemes”. In: Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings. Springer. 1999, pp. 537–554.
Cayrel et al's variant of the Fujisaki-Okamoto transform: Pierre-Louis Cayrel, Gerhard Hoffmann, and Edoardo Persichetti. “Efficient Implementation of a CCA2-Secure Variant of McEliece Using Generalized Srivastava Codes”. In: International Conference on Theory and Practice of Public Key Cryptography. 2012.
Kobara-Imai: Kazukuni Kobara and Hideki Imai. “Semantically Secure McEliece Public-Key Cryptosystems - Conversions for McEliece PKC”. In: International Conference on Theory and Practice of Public Key Cryptography. 2001
Bernstein's paper on Goppa decoding: Daniel J. Bernstein. Understanding binary-Goppa decoding. Cryptology ePrint Archive,Paper 2022/473. url: https://eprint.iacr.org/2022/473. 2022.
Sendrier's conversion: Nicolas Sendrier. “Encoding information into constant weight words”. In: Proceedings. International Symposium on Information Theory, 2005. ISIT 2005. 2005, pp. 435–438. doi: 10.1109/ISIT.2005.1523371
Barenghi and Pelosi's conversion: Alessandro Barenghi and Gerardo Pelosi. “Constant weight strings in constant time: a building block for code-based post-quantum cryptosystems”. In: Proceedings of the 17th ACM International Conference on Computing Frontiers (2020)
See also: D. Engelbert, R. Overbeck, and A. Schmidt. A Summary of McEliece-Type Cryptosystems and their Security. Cryptology ePrint Archive, Paper 2006/162. url: https://eprint.iacr.org/2006/162.