Thomas Jerkovits

Georg Maringer, Marvin Xhemrishi, Sven Puchinger et al.

Cryptographic algorithms rely on the secrecy of their corresponding keys. On embedded systems with standard CMOS chips, where secure permanent memory such as flash is not available as a key storage, the secret key can be derived from Physical Unclonable Functions (PUFs) that make use of minuscule manufacturing variations of, for instance, SRAM cells. Since PUFs are affected by environmental changes, the reliable reproduction of the PUF key requires error correction. For silicon PUFs with binary output, errors occur in the form of bitflips within the PUFs response. Modelling the channel as a Binary Symmetric Channel (BSC) with fixed crossover probability $p$ is only a first-order approximation of the real behavior of the PUF response. We propose a more realistic channel model, refered to as the Varying Binary Symmetric Channel (VBSC), which takes into account that the reliability of different PUF response bits may not be equal. We investigate its channel capacity for various scenarios which differ in the channel state information (CSI) present at encoder and decoder. We compare the capacity results for the VBSC for the different CSI cases with reference to the distribution of the bitflip probability according a work by Maes et al.

Thomas Jerkovits, Onur Günlü, Vladimir Sidorenko et al.

A key agreement problem is considered that has a biometric or physical identifier, a terminal for key enrollment, and a terminal for reconstruction. A nested convolutional code design is proposed that performs vector quantization during enrollment and error control during reconstruction. Physical identifiers with small bit error probability illustrate the gains of the design. One variant of the nested convolutional codes improves on the best known key vs. storage rate ratio but it has high complexity. A second variant with lower complexity performs similar to nested polar codes. The results suggest that the choice of code for key agreement with identifiers depends primarily on the complexity constraint.

Julian Renner, Thomas Jerkovits, Hannes Bartz et al.

We address the problem of decoding Gabidulin codes beyond their unique error-correction radius. The complexity of this problem is of importance to assess the security of some rank-metric code-based cryptosystems. We propose an approach that introduces row or column erasures to decrease the rank of the error in order to use any proper polynomial-time Gabidulin code error-erasure decoding algorithm. This approach improves on generic rank-metric decoders by an exponential factor.

Julian Renner, Thomas Jerkovits, Hannes Bartz

An efficient decoding algorithm for horizontally u-interleaved LRPC codes is proposed and analyzed. Upper bounds on the decoding failure rate and the computational complexity of the algorithm are derived. It is shown that interleaving reduces the decoding failure rate exponentially in the interleaving order u whereas the computational complexity grows linearly.